· 6 years ago · Dec 15, 2019, 12:12 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.fundacionpap.cl ISP HOSTING.
4Continent South America Flag
5CL
6Country Chile Country Code CL
7Region Santiago Metropolitan Local time 14 Dec 2019 19:19 -03
8City Santiago Postal Code Unknown
9IP Address 201.148.104.123 Latitude -33.451
10 Longitude -70.665
11=======================================================================================================================================
12#######################################################################################################################################
13> www.fundacionpap.cl
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18www.fundacionpap.cl canonical name = fundacionpap.cl.
19Name: fundacionpap.cl
20Address: 201.148.104.123
21>
22#######################################################################################################################################
23Domain name: fundacionpap.cl
24Registrant name: FUNDACIÓN PRESIDENTE PINOCHET
25Registrant organisation:
26Registrar name: NIC Chile
27Registrar URL: https://www.nic.cl
28Creation date: 2014-03-14 12:04:01 CLST
29Expiration date: 2020-03-14 12:04:01 CLST
30Name server: dns1.planetahosting.cl
31Name server: dns2.planetahosting.cl
32Name server: dns3.planetahosting.cl
33Name server: dns4.planetahosting.cl
34#######################################################################################################################################
35[+] Target : www.fundacionpap.cl
36
37[+] IP Address : 201.148.104.123
38
39[+] Headers :
40
41[+] Date : Sat, 14 Dec 2019 22:24:11 GMT
42[+] Server : Apache
43[+] Last-Modified : Thu, 08 Aug 2019 17:39:04 GMT
44[+] Accept-Ranges : bytes
45[+] Content-Length : 35813
46[+] Keep-Alive : timeout=5, max=100
47[+] Connection : Keep-Alive
48[+] Content-Type : text/html
49
50[+] SSL Certificate Information :
51
52[+] commonName : julgab104123.dedicados.cl
53[+] emailAddress : ssl@julgab104123.dedicados.cl
54[+] commonName : julgab104123.dedicados.cl
55[+] emailAddress : ssl@julgab104123.dedicados.cl
56[+] Version : 3
57[+] Serial Number : 3AB4D257
58[+] Not Before : Jun 29 22:30:45 2018 GMT
59[+] Not After : Jun 29 22:30:45 2019 GMT
60
61[+] Whois Lookup :
62
63[+] NIR : None
64[+] ASN Registry : lacnic
65[+] ASN : 265839
66[+] ASN CIDR : 201.148.104.0/24
67[+] ASN Country Code : CL
68[+] ASN Date : 2014-07-10
69[+] ASN Description : HOSTING., CL
70[+] cidr : 201.148.104.0/22
71[+] name : None
72[+] handle : ALA126
73[+] range : 201.148.104/22
74[+] description : HOSTING.CL
75[+] country : CL
76[+] state : None
77[+] city : None
78[+] address : None
79[+] postal_code : None
80[+] emails : ['alcadio@HOSTING.CL', 'lacnic@HOSTING.CL']
81[+] created : 20140710
82[+] updated : 20180426
83
84[+] Crawling Target...
85
86[+] Looking for robots.txt........[ Not Found ]
87[+] Looking for sitemap.xml.......[ Found ]
88[+] Extracting sitemap Links......[ 591 ]
89[+] Extracting CSS Links..........[ 3 ]
90[+] Extracting Javascript Links...[ 1 ]
91[+] Extracting Internal Links.....[ 0 ]
92[+] Extracting External Links.....[ 4 ]
93[+] Extracting Images.............[ 29 ]
94
95[+] Total Links Extracted : 628
96
97[+] Dumping Links in /opt/FinalRecon/dumps/www.fundacionpap.cl.dump
98[+] Completed!
99######################################################################################################################################
100[i] Scanning Site: http://www.fundacionpap.cl
101
102
103
104B A S I C I N F O
105====================
106
107
108[+] Site Title: Fundación Presidente PinochetInicio
109[+] IP address: 201.148.104.123
110[+] Web Server: Apache
111[+] CMS: Could Not Detect
112[+] Cloudflare: Not Detected
113[+] Robots File: Could NOT Find robots.txt!
114
115
116
117
118W H O I S L O O K U P
119========================
120
121 %%
122%% This is the NIC Chile Whois server (whois.nic.cl).
123%%
124%% Rights restricted by copyright.
125%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
126%%
127
128Domain name: fundacionpap.cl
129Registrant name: FUNDACIÃN PRESIDENTE PINOCHET
130Registrant organisation:
131Registrar name: NIC Chile
132Registrar URL: https://www.nic.cl
133Creation date: 2014-03-14 12:04:01 CLST
134Expiration date: 2020-03-14 12:04:01 CLST
135Name server: dns1.planetahosting.cl
136Name server: dns2.planetahosting.cl
137Name server: dns3.planetahosting.cl
138Name server: dns4.planetahosting.cl
139
140%%
141%% For communication with domain contacts please use website.
142%% See https://www.nic.cl/registry/Whois.do?d=fundacionpap.cl
143%%
144
145
146
147
148G E O I P L O O K U P
149=========================
150
151[i] IP Address: 201.148.104.123
152[i] Country: Chile
153[i] State:
154[i] City:
155[i] Latitude: -33.4378
156[i] Longitude: -70.6503
157
158
159
160
161H T T P H E A D E R S
162=======================
163
164
165[i] HTTP/1.1 200 OK
166[i] Date: Sat, 14 Dec 2019 22:24:29 GMT
167[i] Server: Apache
168[i] Last-Modified: Thu, 08 Aug 2019 17:39:04 GMT
169[i] Accept-Ranges: bytes
170[i] Content-Length: 35813
171[i] Connection: close
172[i] Content-Type: text/html
173
174
175
176
177D N S L O O K U P
178===================
179
180fundacionpap.cl. 14399 IN MX 0 fundacionpap.cl.
181fundacionpap.cl. 21599 IN SOA dns1.planetahosting.cl. postmaster.dedicados.cl. 2019081300 3600 7200 1209600 86400
182fundacionpap.cl. 21599 IN NS dns2.planetahosting.cl.
183fundacionpap.cl. 21599 IN NS dns1.planetahosting.cl.
184fundacionpap.cl. 21599 IN NS dns3.planetahosting.cl.
185fundacionpap.cl. 21599 IN NS dns4.planetahosting.cl.
186fundacionpap.cl. 14399 IN A 201.148.104.123
187
188
189
190
191S U B N E T C A L C U L A T I O N
192====================================
193
194Address = 201.148.104.123
195Network = 201.148.104.123 / 32
196Netmask = 255.255.255.255
197Broadcast = not needed on Point-to-Point links
198Wildcard Mask = 0.0.0.0
199Hosts Bits = 0
200Max. Hosts = 1 (2^0 - 0)
201Host Range = { 201.148.104.123 - 201.148.104.123 }
202
203
204
205N M A P P O R T S C A N
206============================
207
208Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-14 22:24 UTC
209Nmap scan report for fundacionpap.cl (201.148.104.123)
210Host is up (0.15s latency).
211rDNS record for 201.148.104.123: phis104123.dedicados.cl
212
213PORT STATE SERVICE
21421/tcp open ftp
21522/tcp closed ssh
21623/tcp filtered telnet
21780/tcp open http
218110/tcp open pop3
219143/tcp open imap
220443/tcp open https
2213389/tcp filtered ms-wbt-server
222
223Nmap done: 1 IP address (1 host up) scanned in 3.98 seconds
224
225#######################################################################################################################################
226[INFO] ------TARGET info------
227[*] TARGET: http://www.fundacionpap.cl/
228[*] TARGET IP: 201.148.104.123
229[INFO] NO load balancer detected for www.fundacionpap.cl...
230[*] DNS servers: fundacionpap.cl.
231[*] TARGET server: Apache
232[*] CC: CL
233[*] Country: Chile
234[*] RegionCode: RM
235[*] RegionName: Santiago Metropolitan
236[*] City: Santiago
237[*] ASN: AS265839
238[*] BGP_PREFIX: 201.148.104.0/24
239[*] ISP: HOSTING., CL
240[INFO] DNS enumeration:
241[*] ftp.fundacionpap.cl 201.148.104.123
242[*] mail.fundacionpap.cl fundacionpap.cl. 201.148.104.123
243[INFO] Possible abuse mails are:
244[*] abuse@fundacionpap.cl
245[*] abuse@www.fundacionpap.cl
246[*] lacnic@hosting.cl
247[INFO] NO PAC (Proxy Auto Configuration) file FOUND
248[INFO] Starting FUZZing in http://www.fundacionpap.cl/FUzZzZzZzZz...
249[INFO] Status code Folders
250[ALERT] Look in the source code. It may contain passwords
251[INFO] Links found from http://www.fundacionpap.cl/ http://201.148.104.123/:
252[*] http://201.148.104.123/cgi-sys/defaultwebpage.cgi
253[*] http://get.adobe.com/es/reader/
254[*] https://www.facebook.com/pages/Fundaci%C3%B3n-Presidente-Pinochet/467484440095558
255[*] https://www.facebook.com/profile.php?id=100010221543651
256[*] http://www.fundacionpap.cl/assets/art%c3%adculos-fundaci%c3%b3n.pdf
257[*] http://www.fundacionpap.cl/assets/formulario-postulación.pdf
258[*] http://www.fundacionpap.cl/assets/formulario-renovación.pdf
259[*] http://www.fundacionpap.cl/assets/pilas.pdf
260[*] http://www.fundacionpap.cl/assets/reglamento2016.pdf
261[*] http://www.fundacionpap.cl/biblioteca.html
262[*] http://www.fundacionpap.cl/centenario.html
263[*] http://www.fundacionpap.cl/contacto.html
264[*] http://www.fundacionpap.cl/educacional.html
265[*] http://www.fundacionpap.cl/fundacion.html
266[*] http://www.fundacionpap.cl/index.html
267[*] http://www.fundacionpap.cl/museo.html
268[*] http://www.fundacionpap.cl/noticias-2018.html
269[*] http://www.fundacionpap.cl/presidente-pinochet.html
270[*] http://www.fundacionpap.cl/tienda.html
271[*] http://www.fundacionpap.cl/youtube.html
272[*] http://www.hersis.cl/
273cut: intervalle de champ incorrecte
274Saisissez « cut --help » pour plus d'informations.
275[INFO] BING shows 201.148.104.123 is shared with 23,600 hosts/vhosts
276[INFO] Shodan detected the following opened ports on 201.148.104.123:
277[*] 2
278[*] 2095
279[*] 3
280[*] 443
281[*] 6
282[*] 80
283[*] 8889
284[INFO] ------VirusTotal SECTION------
285[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
286[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
287[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
288[INFO] ------Alexa Rank SECTION------
289[INFO] Percent of Visitors Rank in Country:
290[INFO] Percent of Search Traffic:
291[INFO] Percent of Unique Visits:
292[INFO] Total Sites Linking In:
293[*] Total Sites
294[INFO] Useful links related to www.fundacionpap.cl - 201.148.104.123:
295[*] https://www.virustotal.com/pt/ip-address/201.148.104.123/information/
296[*] https://www.hybrid-analysis.com/search?host=201.148.104.123
297[*] https://www.shodan.io/host/201.148.104.123
298[*] https://www.senderbase.org/lookup/?search_string=201.148.104.123
299[*] https://www.alienvault.com/open-threat-exchange/ip/201.148.104.123
300[*] http://pastebin.com/search?q=201.148.104.123
301[*] http://urlquery.net/search.php?q=201.148.104.123
302[*] http://www.alexa.com/siteinfo/www.fundacionpap.cl
303[*] http://www.google.com/safebrowsing/diagnostic?site=www.fundacionpap.cl
304[*] https://censys.io/ipv4/201.148.104.123
305[*] https://www.abuseipdb.com/check/201.148.104.123
306[*] https://urlscan.io/search/#201.148.104.123
307[*] https://github.com/search?q=201.148.104.123&type=Code
308[INFO] Useful links related to AS265839 - 201.148.104.0/24:
309[*] http://www.google.com/safebrowsing/diagnostic?site=AS:265839
310[*] https://www.senderbase.org/lookup/?search_string=201.148.104.0/24
311[*] http://bgp.he.net/AS265839
312[*] https://stat.ripe.net/AS265839
313[INFO] Date: 14/12/19 | Time: 17:26:31
314[INFO] Total time: 1 minute(s) and 43 second(s)
315#######################################################################################################################################
316[+] Starting At 2019-12-14 17:24:44.316406
317[+] Collecting Information On: http://www.fundacionpap.cl/
318[#] Status: 200
319--------------------------------------------------
320[#] Web Server Detected: Apache
321[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
322- Date: Sat, 14 Dec 2019 22:24:43 GMT
323- Server: Apache
324- Last-Modified: Thu, 08 Aug 2019 17:39:04 GMT
325- Accept-Ranges: bytes
326- Content-Length: 35813
327- Keep-Alive: timeout=5, max=100
328- Connection: Keep-Alive
329- Content-Type: text/html
330--------------------------------------------------
331[#] Finding Location..!
332[#] status: success
333[#] country: Chile
334[#] countryCode: CL
335[#] region: RM
336[#] regionName: Santiago Metropolitan
337[#] city: Santiago
338[#] zip: 34033
339[#] lat: -33.4513
340[#] lon: -70.6653
341[#] timezone: America/Santiago
342[#] isp: HOSTING.CL
343[#] org: HOSTING.CL
344[#] as: AS265839 HOSTING.CL
345[#] query: 201.148.104.123
346--------------------------------------------------
347[x] Didn't Detect WAF Presence on: http://www.fundacionpap.cl/
348--------------------------------------------------
349[#] Starting Reverse DNS
350[-] Failed ! Fail
351--------------------------------------------------
352[!] Scanning Open Port
353[#] 21/tcp open ftp
354[#] 26/tcp open rsftp
355[#] 80/tcp open http
356[#] 110/tcp open pop3
357[#] 143/tcp open imap
358[#] 443/tcp open https
359[#] 465/tcp open smtps
360[#] 587/tcp open submission
361[#] 993/tcp open imaps
362[#] 995/tcp open pop3s
363[#] 3306/tcp open mysql
364[#] 8888/tcp open sun-answerbook
365--------------------------------------------------
366[+] Collecting Information Disclosure!
367[#] Detecting sitemap.xml file
368[!] sitemap.xml File Found: http://www.fundacionpap.cl//sitemap.xml
369[#] Detecting robots.txt file
370[-] robots.txt file not Found!?
371[#] Detecting GNU Mailman
372[!] GNU Mailman App Detected: http://www.fundacionpap.cl//mailman/admin
373[!] version: 2.1.29
374--------------------------------------------------
375[+] Crawling Url Parameter On: http://www.fundacionpap.cl/
376--------------------------------------------------
377[#] Searching Html Form !
378[-] No Html Form Found!?
379--------------------------------------------------
380[-] No DOM Paramter Found!?
381--------------------------------------------------
382[!] 3 Internal Dynamic Parameter Discovered
383[+] http://www.fundacionpap.cl//css/site_global.css?crc=443350757
384[+] http://www.fundacionpap.cl//css/master_a-p_g_-maestra.css?crc=485961401
385[+] http://www.fundacionpap.cl//css/index.css?crc=3875414903
386--------------------------------------------------
387[!] 1 External Dynamic Parameter Discovered
388[#] https://www.facebook.com/profile.php?id=100010221543651
389--------------------------------------------------
390[!] 28 Internal links Discovered
391[+] http://www.fundacionpap.cl/index.html
392[+] http://www.fundacionpap.cl//tienda.html
393[+] http://www.fundacionpap.cl//centenario.html
394[+] http://www.fundacionpap.cl//assets/art%c3%adculos-fundaci%c3%b3n.pdf
395[+] http://www.fundacionpap.cl//index.html
396[+] http://www.fundacionpap.cl//index.html
397[+] http://www.fundacionpap.cl//index.html
398[+] http://www.fundacionpap.cl//presidente-pinochet.html
399[+] http://www.fundacionpap.cl//presidente-pinochet.html
400[+] http://www.fundacionpap.cl//fundacion.html
401[+] http://www.fundacionpap.cl//educacional.html
402[+] http://www.fundacionpap.cl//youtube.html
403[+] http://www.fundacionpap.cl//youtube.html
404[+] http://www.fundacionpap.cl//contacto.html
405[+] http://www.fundacionpap.cl//contacto.html
406[+] http://www.fundacionpap.cl//contacto.html
407[+] http://www.fundacionpap.cl//noticias-2018.html
408[+] http://www.fundacionpap.cl//mailto:gerencia@fundacionpap.cl
409[+] http://www.fundacionpap.cl//mailto:becados@fundacionpap.cl
410[+] http://www.fundacionpap.cl//mailto:becados@fundacionpap.cl
411[+] http://www.fundacionpap.cl//assets/formulario-postulaci%c3%b3n.pdf
412[+] http://www.fundacionpap.cl//assets/reglamento2016.pdf
413[+] http://www.fundacionpap.cl//assets/formulario-postulaci%c3%b3n.pdf
414[+] http://www.fundacionpap.cl//assets/formulario-renovaci%c3%b3n.pdf
415[+] http://www.fundacionpap.cl//museo.html
416[+] http://www.fundacionpap.cl//biblioteca.html
417[+] http://www.fundacionpap.cl//noticias-2018.html
418[+] http://www.fundacionpap.cl//assets/pilas.pdf
419--------------------------------------------------
420[!] 6 External links Discovered
421[#] https://www.facebook.com/pages/Fundaci%C3%B3n-Presidente-Pinochet/467484440095558
422[#] http://get.adobe.com/es/reader/
423[#] http://get.adobe.com/es/reader/
424[#] http://get.adobe.com/es/reader/
425[#] http://get.adobe.com/es/reader/
426[#] http://www.hersis.cl/
427--------------------------------------------------
428[#] Mapping Subdomain..
429[!] Found 1 Subdomain
430- fundacionpap.cl
431--------------------------------------------------
432[!] Done At 2019-12-14 17:25:26.293466
433#######################################################################################################################################
434Trying "fundacionpap.cl"
435;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32242
436;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 4
437
438;; QUESTION SECTION:
439;fundacionpap.cl. IN ANY
440
441;; ANSWER SECTION:
442fundacionpap.cl. 0 IN A 201.148.104.123
443fundacionpap.cl. 0 IN SOA dns1.planetahosting.cl. postmaster.dedicados.cl. 2019081300 3600 7200 1209600 86400
444fundacionpap.cl. 0 IN MX 0 fundacionpap.cl.
445fundacionpap.cl. 0 IN NS dns1.planetahosting.cl.
446fundacionpap.cl. 0 IN NS dns2.planetahosting.cl.
447fundacionpap.cl. 0 IN NS dns3.planetahosting.cl.
448fundacionpap.cl. 0 IN NS dns4.planetahosting.cl.
449
450;; AUTHORITY SECTION:
451fundacionpap.cl. 3600 IN NS dns3.planetahosting.cl.
452fundacionpap.cl. 3600 IN NS dns4.planetahosting.cl.
453fundacionpap.cl. 3600 IN NS dns2.planetahosting.cl.
454fundacionpap.cl. 3600 IN NS dns1.planetahosting.cl.
455
456;; ADDITIONAL SECTION:
457dns1.planetahosting.cl. 3600 IN A 190.96.85.41
458dns4.planetahosting.cl. 3600 IN A 201.148.104.74
459dns3.planetahosting.cl. 3600 IN A 201.148.104.118
460dns2.planetahosting.cl. 3600 IN A 190.96.85.40
461
462Received 333 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 186 ms
463#######################################################################################################################################
464; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace fundacionpap.cl any
465;; global options: +cmd
466. 86155 IN NS j.root-servers.net.
467. 86155 IN NS a.root-servers.net.
468. 86155 IN NS k.root-servers.net.
469. 86155 IN NS h.root-servers.net.
470. 86155 IN NS m.root-servers.net.
471. 86155 IN NS i.root-servers.net.
472. 86155 IN NS l.root-servers.net.
473. 86155 IN NS e.root-servers.net.
474. 86155 IN NS g.root-servers.net.
475. 86155 IN NS b.root-servers.net.
476. 86155 IN NS f.root-servers.net.
477. 86155 IN NS d.root-servers.net.
478. 86155 IN NS c.root-servers.net.
479. 86155 IN RRSIG NS 8 0 518400 20191227170000 20191214160000 22545 . mEgrdtZ4jE5PD7+9AG06H+JBjgKw08o2LHkXSp7hGC86n89MkhE8d+sa AH7woK86RcD7aqFPZ6qFB+3bBHQq2GVXkMZPRl+JeqMXhhUjnglniEd8 OYv9nBR0/gxRDkInfrMyUHIEkBXnfVxRBa7fj0g/ON7lJD+d632HKHPK 6SfSo69uxqT0+6Q2IwMV+ei9LIuBWQZ3kpdHx0/5lAQOTnpm7wyzdHat 9egKHwgmTS3FXK7uGC8oqcMFUXJsC8srfPnLtwHOBSkIKiajyYJyMNGM mPrg5hFad2hLl7yrUjC04R3Dsaygv2Tmds8SggYUEBt2VWnj7WQc9eKg 3iqa9w==
480;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 182 ms
481
482cl. 172800 IN NS a.nic.cl.
483cl. 172800 IN NS b.nic.cl.
484cl. 172800 IN NS c.nic.cl.
485cl. 172800 IN NS cl1.dnsnode.net.
486cl. 172800 IN NS cl-ns.anycast.pch.net.
487cl. 172800 IN NS cl1-tld.d-zone.ca.
488cl. 172800 IN NS cl2-tld.d-zone.ca.
489cl. 86400 IN DS 21199 8 2 7D756DFFAB6D3CD9C786FF5C659954C22944FAEF9433EEE26F1D84EB 5370B394
490cl. 86400 IN RRSIG DS 8 1 86400 20191227170000 20191214160000 22545 . PuSJ5SFGNCpORCAdq9gsqjk4lpxNqHRRSPtoWYOgBeLcu2hCdLBB/ibl 6Meb3I5G24TWt+dXRFqqHq7JVb6R1CFP/GqU8sFKKW81otI5b2TptaT/ F6ne4XV59mX13jSP5DXA0qfjghmhP56YeGTrdt13ptTPs0p+hPEVla5m nGhOm8VcW0+TnWwmeXHmF9rrClFPlanTaE8WyNf6SevQ2qpYEmY6QpOG 3ygP/vcEFn4qBUA5DiNisKFvVKsrV26HHIL60dEHqzXfygPAcvM9f/m7 aInhUfNnISZAtlmjtVmglbRM81Fw6RER8rZPWXT20z2COPlo9O9btcOl Jvo8Kg==
491;; Received 825 bytes from 2001:500:2d::d#53(d.root-servers.net) in 30 ms
492
493fundacionpap.cl. 3600 IN NS dns1.planetahosting.cl.
494fundacionpap.cl. 3600 IN NS dns2.planetahosting.cl.
495fundacionpap.cl. 3600 IN NS dns3.planetahosting.cl.
496fundacionpap.cl. 3600 IN NS dns4.planetahosting.cl.
49761ctjm3nffqgibf2hmrml35evf6va99v.cl. 900 IN NSEC3 1 1 2 89874CE66FD71B59072D24A039849785 64OEENF4244K12GFLUO0K11LODRSU71R NS SOA TXT RRSIG DNSKEY NSEC3PARAM
49861ctjm3nffqgibf2hmrml35evf6va99v.cl. 900 IN RRSIG NSEC3 8 2 900 20200125203413 20191214210024 12363 cl. UHqJQPN8766+BQKDEUMNZobTaw3BtlzpFiJaMsYvZcBeVevh92QnHUwX ZeE0XGp98kaK+/bt1hnVlAQXyiYxij3g3e3nGMOpkleX0EPS0E5W2eG/ O7ea9MGIhoeEiKg4kPqZtvivznGAROpnN1PRTb6FlHrMQ/+zi3lKCWnS oBE=
4996df8bfc1ibpgngjju0lgus9ieh1cjght.cl. 900 IN NSEC3 1 1 2 89874CE66FD71B59072D24A039849785 6OI0H30MSH5VHR0EI4E94H8SJNQB2Q89 NS DS RRSIG
5006df8bfc1ibpgngjju0lgus9ieh1cjght.cl. 900 IN RRSIG NSEC3 8 2 900 20200125224734 20191214210024 12363 cl. JK1/H66tSXK35sFEZvyiRuj3oF5MAaZtP1+MvbYg7QXSZhuMffSAuv4q fqb+iT5uI0Aj52lvugeXMftlSVjdQYObqD4m5jEtfbmka4BqBcdZSEPO W32cCuE4Hvc563sO1kL3A60+PlGUkui/OaRoD3P+A7XxLpgssZPfbuHq HCM=
501;; Received 714 bytes from 200.7.4.7#53(b.nic.cl) in 179 ms
502
503fundacionpap.cl. 14400 IN MX 0 fundacionpap.cl.
504fundacionpap.cl. 86400 IN SOA dns1.planetahosting.cl. postmaster.dedicados.cl. 2019081300 3600 7200 1209600 86400
505fundacionpap.cl. 86400 IN NS dns1.planetahosting.cl.
506fundacionpap.cl. 86400 IN NS dns4.planetahosting.cl.
507fundacionpap.cl. 86400 IN NS dns2.planetahosting.cl.
508fundacionpap.cl. 86400 IN NS dns3.planetahosting.cl.
509fundacionpap.cl. 14400 IN A 201.148.104.123
510;; Received 304 bytes from 201.148.104.118#53(dns3.planetahosting.cl) in 420 ms
511#######################################################################################################################################
512[*] Performing General Enumeration of Domain: fundacionpap.cl
513[-] DNSSEC is not configured for fundacionpap.cl
514[*] SOA dns1.planetahosting.cl 190.96.85.41
515[*] NS dns1.planetahosting.cl 190.96.85.41
516[*] Bind Version for 190.96.85.41 9.11.4-P2-RedHat-9.11.4-9.P2.el7
517[*] NS dns2.planetahosting.cl 190.96.85.40
518[*] Bind Version for 190.96.85.40 9.11.4-P2-RedHat-9.11.4-9.P2.el7
519[*] NS dns3.planetahosting.cl 201.148.104.118
520[*] Bind Version for 201.148.104.118 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
521[*] NS dns4.planetahosting.cl 201.148.104.74
522[*] Bind Version for 201.148.104.74 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
523[*] MX fundacionpap.cl 201.148.104.123
524[*] A fundacionpap.cl 201.148.104.123
525[*] Enumerating SRV Records
526[-] No SRV Records Found for fundacionpap.cl
527[+] 0 Records Found
528#######################################################################################################################################
529[*] Processing domain fundacionpap.cl
530[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
531[+] Getting nameservers
532190.96.85.41 - dns1.planetahosting.cl
533190.96.85.40 - dns2.planetahosting.cl
534201.148.104.118 - dns3.planetahosting.cl
535201.148.104.74 - dns4.planetahosting.cl
536[-] Zone transfer failed
537
538[+] MX records found, added to target list
5390 fundacionpap.cl.
540
541[*] Scanning fundacionpap.cl for A records
542201.148.104.123 - fundacionpap.cl
543201.148.104.123 - ftp.fundacionpap.cl
544127.0.0.1 - localhost.fundacionpap.cl
545201.148.104.123 - mail.fundacionpap.cl
546201.148.104.123 - www.fundacionpap.cl
547#######################################################################################################################################
548 AVAILABLE PLUGINS
549 -----------------
550
551 CertificateInfoPlugin
552 SessionRenegotiationPlugin
553 SessionResumptionPlugin
554 CompressionPlugin
555 HeartbleedPlugin
556 EarlyDataPlugin
557 OpenSslCipherSuitesPlugin
558 RobotPlugin
559 HttpHeadersPlugin
560 OpenSslCcsInjectionPlugin
561 FallbackScsvPlugin
562
563
564
565 CHECKING HOST(S) AVAILABILITY
566 -----------------------------
567
568 201.148.104.123:443 => 201.148.104.123
569
570
571
572
573 SCAN RESULTS FOR 201.148.104.123:443 - 201.148.104.123
574 ------------------------------------------------------
575
576 * Downgrade Attacks:
577 TLS_FALLBACK_SCSV: OK - Supported
578
579 * SSLV2 Cipher Suites:
580 Server rejected all cipher suites.
581
582 * OpenSSL CCS Injection:
583 OK - Not vulnerable to OpenSSL CCS injection
584
585 * ROBOT Attack:
586 OK - Not vulnerable, RSA cipher suites not supported
587
588 * TLSV1_3 Cipher Suites:
589 Server rejected all cipher suites.
590
591 * Session Renegotiation:
592 Client-initiated Renegotiation: OK - Rejected
593 Secure Renegotiation: OK - Supported
594
595 * Deflate Compression:
596 OK - Compression disabled
597
598 * TLS 1.2 Session Resumption Support:
599 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
600 With TLS Tickets: OK - Supported
601
602 * OpenSSL Heartbleed:
603 OK - Not vulnerable to Heartbleed
604
605 * TLSV1_1 Cipher Suites:
606 Server rejected all cipher suites.
607
608 * Certificate Information:
609 Content
610 SHA1 Fingerprint: 572df623ed0b7a4719567be9d946984c9d34971c
611 Common Name: julgab104123.dedicados.cl
612 Issuer: julgab104123.dedicados.cl
613 Serial Number: 984928855
614 Not Before: 2018-06-29 22:30:45
615 Not After: 2019-06-29 22:30:45
616 Signature Algorithm: sha256
617 Public Key Algorithm: RSA
618 Key Size: 2048
619 Exponent: 65537 (0x10001)
620 DNS Subject Alternative Names: []
621
622 Trust
623 Hostname Validation: FAILED - Certificate does NOT match 201.148.104.123
624 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
625 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
626 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
627 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
628 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
629 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
630 Received Chain: julgab104123.dedicados.cl
631 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
632 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
633 Received Chain Order: OK - Order is valid
634 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
635
636 Extensions
637 OCSP Must-Staple: NOT SUPPORTED - Extension not found
638 Certificate Transparency: NOT SUPPORTED - Extension not found
639
640 OCSP Stapling
641 NOT SUPPORTED - Server did not send back an OCSP response
642
643 * TLSV1 Cipher Suites:
644 Server rejected all cipher suites.
645
646 * TLSV1_2 Cipher Suites:
647 Forward Secrecy OK - Supported
648 RC4 OK - Not Supported
649
650 Preferred:
651 None - Server followed client cipher suite preference.
652 Accepted:
653 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
654 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
655 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
656 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
657
658 * SSLV3 Cipher Suites:
659 Server rejected all cipher suites.
660
661
662 SCAN COMPLETED IN 29.36 S
663 -------------------------
664#######################################################################################################################################
665Domains still to check: 1
666 Checking if the hostname fundacionpap.cl. given is in fact a domain...
667
668Analyzing domain: fundacionpap.cl.
669 Checking NameServers using system default resolver...
670 IP: 190.96.85.41 (Chile)
671 HostName: dns1.planetahosting.cl Type: NS
672 HostName: hades41.planetahosting.cl Type: PTR
673 IP: 190.96.85.40 (Chile)
674 HostName: dns2.planetahosting.cl Type: NS
675 HostName: zeus40.planetahosting.cl Type: PTR
676 IP: 201.148.104.118 (Chile)
677 HostName: dns3.planetahosting.cl Type: NS
678 HostName: wordplanet118.planetahosting.cl Type: PTR
679 IP: 201.148.104.74 (Chile)
680 HostName: dns4.planetahosting.cl Type: NS
681
682 Checking MailServers using system default resolver...
683 IP: 201.148.104.123 (Chile)
684 HostName: fundacionpap.cl Type: MX
685 HostName: phis104123.dedicados.cl Type: PTR
686
687 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
688 No zone transfer found on nameserver 201.148.104.74
689 No zone transfer found on nameserver 201.148.104.118
690 No zone transfer found on nameserver 190.96.85.40
691 No zone transfer found on nameserver 190.96.85.41
692
693 Checking SPF record...
694 No SPF record
695
696 Checking 192 most common hostnames using system default resolver...
697 IP: 201.148.104.123 (Chile)
698 HostName: fundacionpap.cl Type: MX
699 HostName: phis104123.dedicados.cl Type: PTR
700 HostName: www.fundacionpap.cl. Type: A
701 IP: 201.148.104.123 (Chile)
702 HostName: fundacionpap.cl Type: MX
703 HostName: phis104123.dedicados.cl Type: PTR
704 HostName: www.fundacionpap.cl. Type: A
705 HostName: ftp.fundacionpap.cl. Type: A
706 IP: 201.148.104.123 (Chile)
707 HostName: fundacionpap.cl Type: MX
708 HostName: phis104123.dedicados.cl Type: PTR
709 HostName: www.fundacionpap.cl. Type: A
710 HostName: ftp.fundacionpap.cl. Type: A
711 HostName: mail.fundacionpap.cl. Type: A
712
713 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
714 Checking netblock 201.148.104.0
715 Checking netblock 190.96.85.0
716
717 Searching for fundacionpap.cl. emails in Google
718 gerencia@fundacionpap.cl
719 becados@fundacionpap.cl
720 becados@fundacionpap.cl.
721
722 Checking 5 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
723 Host 201.148.104.74 is up (reset ttl 64)
724 Host 201.148.104.123 is up (reset ttl 64)
725 Host 201.148.104.118 is up (reset ttl 64)
726 Host 190.96.85.40 is up (reset ttl 64)
727 Host 190.96.85.41 is up (reset ttl 64)
728
729 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
730 Scanning ip 201.148.104.74 (dns4.planetahosting.cl):
731 21/tcp open ftp syn-ack ttl 42 ProFTPD
732 | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
733 | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
734 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
735 | Public Key type: rsa
736 | Public Key bits: 2048
737 | Signature Algorithm: sha256WithRSAEncryption
738 | Not valid before: 2019-01-28T00:00:00
739 | Not valid after: 2020-01-28T23:59:59
740 | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
741 |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
742 |_ssl-date: 2019-12-14T22:37:56+00:00; 0s from scanner time.
743 | tls-nextprotoneg:
744 |_ ftp
745 26/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
746 | smtp-commands: wordplanet118.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
747 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
748 | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
749 | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
750 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
751 | Public Key type: rsa
752 | Public Key bits: 2048
753 | Signature Algorithm: sha256WithRSAEncryption
754 | Not valid before: 2019-01-28T00:00:00
755 | Not valid after: 2020-01-28T23:59:59
756 | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
757 |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
758 |_ssl-date: 2019-12-14T22:37:56+00:00; -1s from scanner time.
759 53/tcp open domain syn-ack ttl 42 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
760 | dns-nsid:
761 |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
762 80/tcp open http syn-ack ttl 42 Apache httpd
763 | http-methods:
764 |_ Supported Methods: GET POST OPTIONS HEAD
765 | http-robots.txt: 1 disallowed entry
766 |_/
767 |_http-server-header: Apache
768 |_http-title: Site doesn't have a title (text/html).
769 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
770 |_pop3-capabilities: RESP-CODES CAPA STLS UIDL USER AUTH-RESP-CODE SASL(PLAIN LOGIN) TOP PIPELINING
771 |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
772 143/tcp open imap syn-ack ttl 42 Dovecot imapd
773 |_imap-capabilities: have Pre-login capabilities post-login LITERAL+ listed STARTTLS ID more IMAP4rev1 AUTH=PLAIN SASL-IR LOGIN-REFERRALS IDLE OK NAMESPACE ENABLE AUTH=LOGINA0001
774 |_ssl-date: 2019-12-14T22:37:57+00:00; -1s from scanner time.
775 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
776 | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
777 | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
778 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
779 | Public Key type: rsa
780 | Public Key bits: 2048
781 | Signature Algorithm: sha256WithRSAEncryption
782 | Not valid before: 2019-01-28T00:00:00
783 | Not valid after: 2020-01-28T23:59:59
784 | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
785 |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
786 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
787 |_smtp-commands: Couldn't establish connection on port 465
788 | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
789 | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
790 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
791 | Public Key type: rsa
792 | Public Key bits: 2048
793 | Signature Algorithm: sha256WithRSAEncryption
794 | Not valid before: 2019-01-28T00:00:00
795 | Not valid after: 2020-01-28T23:59:59
796 | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
797 |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
798 |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
799 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
800 | smtp-commands: wordplanet118.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
801 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
802 | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
803 | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
804 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
805 | Public Key type: rsa
806 | Public Key bits: 2048
807 | Signature Algorithm: sha256WithRSAEncryption
808 | Not valid before: 2019-01-28T00:00:00
809 | Not valid after: 2020-01-28T23:59:59
810 | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
811 |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
812 |_ssl-date: 2019-12-14T22:37:57+00:00; -1s from scanner time.
813 993/tcp open ssl/imaps? syn-ack ttl 42
814 |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
815 995/tcp open ssl/pop3s? syn-ack ttl 42
816 |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
817 3306/tcp open mysql syn-ack ttl 42 MySQL 5.6.45
818 | mysql-info:
819 | Protocol: 10
820 | Version: 5.6.45
821 | Thread ID: 1161604
822 | Capabilities flags: 63487
823 | Some Capabilities: IgnoreSigpipes, ODBCClient, FoundRows, Support41Auth, Speaks41ProtocolOld, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, LongColumnFlag, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, InteractiveClient, Speaks41ProtocolNew, SupportsCompression, SupportsTransactions, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
824 | Status: Autocommit
825 | Salt: [wg|[4/.8pKgBVh)1XLP
826 |_ Auth Plugin Name: mysql_native_password
827 8888/tcp open sun-answerbook? syn-ack ttl 42
828 | fingerprint-strings:
829 | GetRequest, HTTPOptions:
830 | HTTP/1.1 403 OK
831 | Content-type: text/html
832 | <!-- Bloqueo IP Planeta 23/05/2018 -->
833 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
834 | <html xmlns="http://www.w3.org/1999/xhtml">
835 | <head>
836 | <title>IP Bloqueada</title>
837 | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
838 | <meta name="robots" content="noindex">
839 | <meta name="googlebot" content="noindex" />
840 | <link href="http://fonts.googleapis.com/css?family=Open+Sans:300,600,700" rel="stylesheet" type="text/css"/>
841 | <style type="text/css">
842 | body {background-color: #0e1f28;}
843 | .content{height: auto;width: 980px;margin: auto;}
844 | .columnas, .columnas2, .ip, .pdf-boton, .columnas_tit {font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, "sans-serif"; height: auto; float: left;font-weight:300;}
845 |_ .ip{width: 100%;font-weight: 400;font-size: 20px;line-heig
846 OS Info: Service Info: Host: wordplanet118.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
847 Scanning ip 201.148.104.123 (mail.fundacionpap.cl.):
848 Scanning ip 201.148.104.118 (wordplanet118.planetahosting.cl (PTR)):
849 Scanning ip 190.96.85.40 (zeus40.planetahosting.cl (PTR)):
850 21/tcp open ftp syn-ack ttl 42 Pure-FTPd
851 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
852 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
853 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
854 | Public Key type: rsa
855 | Public Key bits: 2048
856 | Signature Algorithm: sha256WithRSAEncryption
857 | Not valid before: 2019-11-25T00:00:00
858 | Not valid after: 2020-11-24T23:59:59
859 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
860 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
861 |_ssl-date: TLS randomness does not represent time
862 53/tcp open domain syn-ack ttl 42 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
863 | dns-nsid:
864 |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
865 80/tcp open http syn-ack ttl 42 Apache httpd
866 | http-methods:
867 |_ Supported Methods: GET POST OPTIONS HEAD
868 |_http-server-header: Apache
869 |_http-title: Site doesn't have a title (text/html).
870 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
871 |_pop3-capabilities: CAPA TOP USER AUTH-RESP-CODE RESP-CODES SASL(PLAIN LOGIN) UIDL STLS PIPELINING
872 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
873 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
874 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
875 | Public Key type: rsa
876 | Public Key bits: 2048
877 | Signature Algorithm: sha256WithRSAEncryption
878 | Not valid before: 2019-11-25T00:00:00
879 | Not valid after: 2020-11-24T23:59:59
880 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
881 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
882 143/tcp open imap syn-ack ttl 42 Dovecot imapd
883 |_imap-capabilities: post-login ENABLE IDLE Pre-login NAMESPACE LOGIN-REFERRALS SASL-IR IMAP4rev1 capabilities AUTH=LOGINA0001 OK STARTTLS more AUTH=PLAIN have ID LITERAL+ listed
884 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
885 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
886 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
887 | Public Key type: rsa
888 | Public Key bits: 2048
889 | Signature Algorithm: sha256WithRSAEncryption
890 | Not valid before: 2019-11-25T00:00:00
891 | Not valid after: 2020-11-24T23:59:59
892 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
893 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
894 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
895 | http-methods:
896 |_ Supported Methods: GET POST OPTIONS HEAD
897 |_http-server-header: Apache
898 |_http-title: Site doesn't have a title (text/html).
899 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
900 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
901 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
902 | Public Key type: rsa
903 | Public Key bits: 2048
904 | Signature Algorithm: sha256WithRSAEncryption
905 | Not valid before: 2019-11-25T00:00:00
906 | Not valid after: 2020-11-24T23:59:59
907 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
908 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
909 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
910 | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
911 |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
912 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
913 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
914 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
915 | Public Key type: rsa
916 | Public Key bits: 2048
917 | Signature Algorithm: sha256WithRSAEncryption
918 | Not valid before: 2019-11-25T00:00:00
919 | Not valid after: 2020-11-24T23:59:59
920 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
921 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
922 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
923 | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
924 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
925 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
926 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
927 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
928 | Public Key type: rsa
929 | Public Key bits: 2048
930 | Signature Algorithm: sha256WithRSAEncryption
931 | Not valid before: 2019-11-25T00:00:00
932 | Not valid after: 2020-11-24T23:59:59
933 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
934 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
935 993/tcp open imaps? syn-ack ttl 42
936 |_imap-capabilities: post-login ENABLE IDLE Pre-login NAMESPACE LOGIN-REFERRALS SASL-IR IMAP4rev1 capabilities AUTH=LOGINA0001 OK more AUTH=PLAIN LITERAL+ ID have listed
937 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
938 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
939 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
940 | Public Key type: rsa
941 | Public Key bits: 2048
942 | Signature Algorithm: sha256WithRSAEncryption
943 | Not valid before: 2019-11-25T00:00:00
944 | Not valid after: 2020-11-24T23:59:59
945 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
946 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
947 995/tcp open pop3s? syn-ack ttl 42
948 |_pop3-capabilities: UIDL USER AUTH-RESP-CODE RESP-CODES SASL(PLAIN LOGIN) PIPELINING TOP CAPA
949 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
950 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
951 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
952 | Public Key type: rsa
953 | Public Key bits: 2048
954 | Signature Algorithm: sha256WithRSAEncryption
955 | Not valid before: 2019-11-25T00:00:00
956 | Not valid after: 2020-11-24T23:59:59
957 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
958 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
959 Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
960 OS Info: Service Info: Host: dns1.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
961 Scanning ip 190.96.85.41 (hades41.planetahosting.cl (PTR)):
962 21/tcp open ftp syn-ack ttl 42 Pure-FTPd
963 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
964 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
965 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
966 | Public Key type: rsa
967 | Public Key bits: 2048
968 | Signature Algorithm: sha256WithRSAEncryption
969 | Not valid before: 2019-11-25T00:00:00
970 | Not valid after: 2020-11-24T23:59:59
971 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
972 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
973 |_ssl-date: TLS randomness does not represent time
974 53/tcp open domain syn-ack ttl 42 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
975 | dns-nsid:
976 |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
977 80/tcp open http syn-ack ttl 42 Apache httpd
978 | http-methods:
979 |_ Supported Methods: GET POST OPTIONS HEAD
980 |_http-server-header: Apache
981 |_http-title: Site doesn't have a title (text/html).
982 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
983 |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN) PIPELINING AUTH-RESP-CODE TOP CAPA STLS USER UIDL
984 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
985 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
986 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
987 | Public Key type: rsa
988 | Public Key bits: 2048
989 | Signature Algorithm: sha256WithRSAEncryption
990 | Not valid before: 2019-11-25T00:00:00
991 | Not valid after: 2020-11-24T23:59:59
992 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
993 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
994 143/tcp open imap syn-ack ttl 42 Dovecot imapd
995 |_imap-capabilities: have ID more IDLE ENABLE capabilities post-login Pre-login SASL-IR IMAP4rev1 STARTTLS AUTH=LOGINA0001 listed LOGIN-REFERRALS NAMESPACE OK AUTH=PLAIN LITERAL+
996 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
997 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
998 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
999 | Public Key type: rsa
1000 | Public Key bits: 2048
1001 | Signature Algorithm: sha256WithRSAEncryption
1002 | Not valid before: 2019-11-25T00:00:00
1003 | Not valid after: 2020-11-24T23:59:59
1004 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1005 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1006 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
1007 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1008 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1009 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1010 | Public Key type: rsa
1011 | Public Key bits: 2048
1012 | Signature Algorithm: sha256WithRSAEncryption
1013 | Not valid before: 2019-11-25T00:00:00
1014 | Not valid after: 2020-11-24T23:59:59
1015 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1016 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1017 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
1018 |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1019 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1020 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1021 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1022 | Public Key type: rsa
1023 | Public Key bits: 2048
1024 | Signature Algorithm: sha256WithRSAEncryption
1025 | Not valid before: 2019-11-25T00:00:00
1026 | Not valid after: 2020-11-24T23:59:59
1027 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1028 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1029 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
1030 | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1031 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1032 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1033 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1034 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1035 | Public Key type: rsa
1036 | Public Key bits: 2048
1037 | Signature Algorithm: sha256WithRSAEncryption
1038 | Not valid before: 2019-11-25T00:00:00
1039 | Not valid after: 2020-11-24T23:59:59
1040 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1041 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1042 993/tcp open imaps? syn-ack ttl 42
1043 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1044 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1045 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1046 | Public Key type: rsa
1047 | Public Key bits: 2048
1048 | Signature Algorithm: sha256WithRSAEncryption
1049 | Not valid before: 2019-11-25T00:00:00
1050 | Not valid after: 2020-11-24T23:59:59
1051 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1052 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1053 995/tcp open pop3s? syn-ack ttl 42
1054 | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1055 | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1056 | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1057 | Public Key type: rsa
1058 | Public Key bits: 2048
1059 | Signature Algorithm: sha256WithRSAEncryption
1060 | Not valid before: 2019-11-25T00:00:00
1061 | Not valid after: 2020-11-24T23:59:59
1062 | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1063 |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1064 OS Info: Service Info: Host: dns1.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1065 WebCrawling domain's web servers... up to 50 max links.
1066
1067 + URL to crawl: http://dns4.planetahosting.cl
1068 + Date: 2019-12-14
1069
1070 + Crawling URL: http://dns4.planetahosting.cl:
1071 + Links:
1072 + Crawling http://dns4.planetahosting.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1073 + Searching for directories...
1074 + Searching open folders...
1075
1076
1077 + URL to crawl: https://dns4.planetahosting.cl
1078 + Date: 2019-12-14
1079
1080 + Crawling URL: https://dns4.planetahosting.cl:
1081 + Links:
1082 + Crawling https://dns4.planetahosting.cl
1083 + Searching for directories...
1084 + Searching open folders...
1085
1086
1087 + URL to crawl: http://dns2.planetahosting.cl
1088 + Date: 2019-12-14
1089
1090 + Crawling URL: http://dns2.planetahosting.cl:
1091 + Links:
1092 + Crawling http://dns2.planetahosting.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1093 + Searching for directories...
1094 + Searching open folders...
1095
1096
1097 + URL to crawl: https://dns2.planetahosting.cl
1098 + Date: 2019-12-14
1099
1100 + Crawling URL: https://dns2.planetahosting.cl:
1101 + Links:
1102 + Crawling https://dns2.planetahosting.cl
1103 + Searching for directories...
1104 + Searching open folders...
1105
1106
1107 + URL to crawl: http://dns1.planetahosting.cl
1108 + Date: 2019-12-14
1109
1110 + Crawling URL: http://dns1.planetahosting.cl:
1111 + Links:
1112 + Crawling http://dns1.planetahosting.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1113 + Searching for directories...
1114 + Searching open folders...
1115
1116
1117 + URL to crawl: https://dns1.planetahosting.cl
1118 + Date: 2019-12-14
1119
1120 + Crawling URL: https://dns1.planetahosting.cl:
1121 + Links:
1122 + Crawling https://dns1.planetahosting.cl (REDIRECTING TO: /cgi-sys/defaultwebpage.cgi)
1123 + Searching for directories...
1124 + Searching open folders...
1125
1126--Finished--
1127Summary information for domain fundacionpap.cl.
1128-----------------------------------------
1129 Domain Specific Information:
1130 Email: gerencia@fundacionpap.cl
1131 Email: becados@fundacionpap.cl
1132 Email: becados@fundacionpap.cl.
1133
1134 Domain Ips Information:
1135 IP: 201.148.104.74
1136 HostName: dns4.planetahosting.cl Type: NS
1137 Country: Chile
1138 Is Active: True (reset ttl 64)
1139 Port: 21/tcp open ftp syn-ack ttl 42 ProFTPD
1140 Script Info: | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
1141 Script Info: | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
1142 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1143 Script Info: | Public Key type: rsa
1144 Script Info: | Public Key bits: 2048
1145 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1146 Script Info: | Not valid before: 2019-01-28T00:00:00
1147 Script Info: | Not valid after: 2020-01-28T23:59:59
1148 Script Info: | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
1149 Script Info: |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
1150 Script Info: |_ssl-date: 2019-12-14T22:37:56+00:00; 0s from scanner time.
1151 Script Info: | tls-nextprotoneg:
1152 Script Info: |_ ftp
1153 Port: 26/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
1154 Script Info: | smtp-commands: wordplanet118.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1155 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1156 Script Info: | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
1157 Script Info: | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
1158 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1159 Script Info: | Public Key type: rsa
1160 Script Info: | Public Key bits: 2048
1161 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1162 Script Info: | Not valid before: 2019-01-28T00:00:00
1163 Script Info: | Not valid after: 2020-01-28T23:59:59
1164 Script Info: | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
1165 Script Info: |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
1166 Script Info: |_ssl-date: 2019-12-14T22:37:56+00:00; -1s from scanner time.
1167 Port: 53/tcp open domain syn-ack ttl 42 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1168 Script Info: | dns-nsid:
1169 Script Info: |_ bind.version: 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.3
1170 Port: 80/tcp open http syn-ack ttl 42 Apache httpd
1171 Script Info: | http-methods:
1172 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1173 Script Info: | http-robots.txt: 1 disallowed entry
1174 Script Info: |_/
1175 Script Info: |_http-server-header: Apache
1176 Script Info: |_http-title: Site doesn't have a title (text/html).
1177 Port: 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
1178 Script Info: |_pop3-capabilities: RESP-CODES CAPA STLS UIDL USER AUTH-RESP-CODE SASL(PLAIN LOGIN) TOP PIPELINING
1179 Script Info: |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
1180 Port: 143/tcp open imap syn-ack ttl 42 Dovecot imapd
1181 Script Info: |_imap-capabilities: have Pre-login capabilities post-login LITERAL+ listed STARTTLS ID more IMAP4rev1 AUTH=PLAIN SASL-IR LOGIN-REFERRALS IDLE OK NAMESPACE ENABLE AUTH=LOGINA0001
1182 Script Info: |_ssl-date: 2019-12-14T22:37:57+00:00; -1s from scanner time.
1183 Port: 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
1184 Script Info: | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
1185 Script Info: | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
1186 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1187 Script Info: | Public Key type: rsa
1188 Script Info: | Public Key bits: 2048
1189 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1190 Script Info: | Not valid before: 2019-01-28T00:00:00
1191 Script Info: | Not valid after: 2020-01-28T23:59:59
1192 Script Info: | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
1193 Script Info: |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
1194 Port: 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
1195 Script Info: |_smtp-commands: Couldn't establish connection on port 465
1196 Script Info: | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
1197 Script Info: | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
1198 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1199 Script Info: | Public Key type: rsa
1200 Script Info: | Public Key bits: 2048
1201 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1202 Script Info: | Not valid before: 2019-01-28T00:00:00
1203 Script Info: | Not valid after: 2020-01-28T23:59:59
1204 Script Info: | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
1205 Script Info: |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
1206 Script Info: |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
1207 Port: 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
1208 Script Info: | smtp-commands: wordplanet118.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, STARTTLS, HELP,
1209 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1210 Script Info: | ssl-cert: Subject: commonName=wordplanet118.planetahosting.cl
1211 Script Info: | Subject Alternative Name: DNS:wordplanet118.planetahosting.cl, DNS:www.wordplanet118.planetahosting.cl
1212 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1213 Script Info: | Public Key type: rsa
1214 Script Info: | Public Key bits: 2048
1215 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1216 Script Info: | Not valid before: 2019-01-28T00:00:00
1217 Script Info: | Not valid after: 2020-01-28T23:59:59
1218 Script Info: | MD5: 3536 bd69 5969 c4d6 5ad8 359b 137a 38c1
1219 Script Info: |_SHA-1: 3005 d0e6 f362 a53d a7c8 14f1 f353 fe0d efa1 fbeb
1220 Script Info: |_ssl-date: 2019-12-14T22:37:57+00:00; -1s from scanner time.
1221 Port: 993/tcp open ssl/imaps? syn-ack ttl 42
1222 Script Info: |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
1223 Port: 995/tcp open ssl/pop3s? syn-ack ttl 42
1224 Script Info: |_ssl-date: 2019-12-14T22:37:55+00:00; -1s from scanner time.
1225 Port: 3306/tcp open mysql syn-ack ttl 42 MySQL 5.6.45
1226 Script Info: | mysql-info:
1227 Script Info: | Protocol: 10
1228 Script Info: | Version: 5.6.45
1229 Script Info: | Thread ID: 1161604
1230 Script Info: | Capabilities flags: 63487
1231 Script Info: | Some Capabilities: IgnoreSigpipes, ODBCClient, FoundRows, Support41Auth, Speaks41ProtocolOld, SupportsLoadDataLocal, DontAllowDatabaseTableColumn, LongColumnFlag, ConnectWithDatabase, LongPassword, IgnoreSpaceBeforeParenthesis, InteractiveClient, Speaks41ProtocolNew, SupportsCompression, SupportsTransactions, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
1232 Script Info: | Status: Autocommit
1233 Script Info: | Salt: [wg|[4/.8pKgBVh)1XLP
1234 Script Info: |_ Auth Plugin Name: mysql_native_password
1235 Port: 8888/tcp open sun-answerbook? syn-ack ttl 42
1236 Script Info: | fingerprint-strings:
1237 Script Info: | GetRequest, HTTPOptions:
1238 Script Info: | HTTP/1.1 403 OK
1239 Script Info: | Content-type: text/html
1240 Script Info: | <!-- Bloqueo IP Planeta 23/05/2018 -->
1241 Script Info: | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
1242 Script Info: | <html xmlns="http://www.w3.org/1999/xhtml">
1243 Script Info: | <head>
1244 Script Info: | <title>IP Bloqueada</title>
1245 Script Info: | <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
1246 Script Info: | <meta name="robots" content="noindex">
1247 Script Info: | <meta name="googlebot" content="noindex" />
1248 Script Info: | <link href="http://fonts.googleapis.com/css?family=Open+Sans:300,600,700" rel="stylesheet" type="text/css"/>
1249 Script Info: | <style type="text/css">
1250 Script Info: | body {background-color: #0e1f28;}
1251 Script Info: | .content{height: auto;width: 980px;margin: auto;}
1252 Script Info: | .columnas, .columnas2, .ip, .pdf-boton, .columnas_tit {font-family: "Open Sans", "Helvetica Neue", Helvetica, Arial, "sans-serif"; height: auto; float: left;font-weight:300;}
1253 Script Info: |_ .ip{width: 100%;font-weight: 400;font-size: 20px;line-heig
1254 Os Info: Host: wordplanet118.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
1255 IP: 201.148.104.123
1256 HostName: fundacionpap.cl Type: MX
1257 HostName: phis104123.dedicados.cl Type: PTR
1258 HostName: www.fundacionpap.cl. Type: A
1259 HostName: ftp.fundacionpap.cl. Type: A
1260 HostName: mail.fundacionpap.cl. Type: A
1261 Country: Chile
1262 Is Active: True (reset ttl 64)
1263 IP: 201.148.104.118
1264 HostName: dns3.planetahosting.cl Type: NS
1265 HostName: wordplanet118.planetahosting.cl Type: PTR
1266 Country: Chile
1267 Is Active: True (reset ttl 64)
1268 IP: 190.96.85.40
1269 HostName: dns2.planetahosting.cl Type: NS
1270 HostName: zeus40.planetahosting.cl Type: PTR
1271 Country: Chile
1272 Is Active: True (reset ttl 64)
1273 Port: 21/tcp open ftp syn-ack ttl 42 Pure-FTPd
1274 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1275 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1276 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1277 Script Info: | Public Key type: rsa
1278 Script Info: | Public Key bits: 2048
1279 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1280 Script Info: | Not valid before: 2019-11-25T00:00:00
1281 Script Info: | Not valid after: 2020-11-24T23:59:59
1282 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1283 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1284 Script Info: |_ssl-date: TLS randomness does not represent time
1285 Port: 53/tcp open domain syn-ack ttl 42 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1286 Script Info: | dns-nsid:
1287 Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1288 Port: 80/tcp open http syn-ack ttl 42 Apache httpd
1289 Script Info: | http-methods:
1290 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1291 Script Info: |_http-server-header: Apache
1292 Script Info: |_http-title: Site doesn't have a title (text/html).
1293 Port: 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
1294 Script Info: |_pop3-capabilities: CAPA TOP USER AUTH-RESP-CODE RESP-CODES SASL(PLAIN LOGIN) UIDL STLS PIPELINING
1295 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1296 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1297 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1298 Script Info: | Public Key type: rsa
1299 Script Info: | Public Key bits: 2048
1300 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1301 Script Info: | Not valid before: 2019-11-25T00:00:00
1302 Script Info: | Not valid after: 2020-11-24T23:59:59
1303 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1304 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1305 Port: 143/tcp open imap syn-ack ttl 42 Dovecot imapd
1306 Script Info: |_imap-capabilities: post-login ENABLE IDLE Pre-login NAMESPACE LOGIN-REFERRALS SASL-IR IMAP4rev1 capabilities AUTH=LOGINA0001 OK STARTTLS more AUTH=PLAIN have ID LITERAL+ listed
1307 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1308 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1309 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1310 Script Info: | Public Key type: rsa
1311 Script Info: | Public Key bits: 2048
1312 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1313 Script Info: | Not valid before: 2019-11-25T00:00:00
1314 Script Info: | Not valid after: 2020-11-24T23:59:59
1315 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1316 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1317 Port: 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
1318 Script Info: | http-methods:
1319 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1320 Script Info: |_http-server-header: Apache
1321 Script Info: |_http-title: Site doesn't have a title (text/html).
1322 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1323 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1324 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1325 Script Info: | Public Key type: rsa
1326 Script Info: | Public Key bits: 2048
1327 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1328 Script Info: | Not valid before: 2019-11-25T00:00:00
1329 Script Info: | Not valid after: 2020-11-24T23:59:59
1330 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1331 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1332 Port: 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
1333 Script Info: | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1334 Script Info: |_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1335 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1336 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1337 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1338 Script Info: | Public Key type: rsa
1339 Script Info: | Public Key bits: 2048
1340 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1341 Script Info: | Not valid before: 2019-11-25T00:00:00
1342 Script Info: | Not valid after: 2020-11-24T23:59:59
1343 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1344 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1345 Port: 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
1346 Script Info: | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1347 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1348 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1349 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1350 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1351 Script Info: | Public Key type: rsa
1352 Script Info: | Public Key bits: 2048
1353 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1354 Script Info: | Not valid before: 2019-11-25T00:00:00
1355 Script Info: | Not valid after: 2020-11-24T23:59:59
1356 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1357 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1358 Port: 993/tcp open imaps? syn-ack ttl 42
1359 Script Info: |_imap-capabilities: post-login ENABLE IDLE Pre-login NAMESPACE LOGIN-REFERRALS SASL-IR IMAP4rev1 capabilities AUTH=LOGINA0001 OK more AUTH=PLAIN LITERAL+ ID have listed
1360 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1361 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1362 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1363 Script Info: | Public Key type: rsa
1364 Script Info: | Public Key bits: 2048
1365 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1366 Script Info: | Not valid before: 2019-11-25T00:00:00
1367 Script Info: | Not valid after: 2020-11-24T23:59:59
1368 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1369 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1370 Port: 995/tcp open pop3s? syn-ack ttl 42
1371 Script Info: |_pop3-capabilities: UIDL USER AUTH-RESP-CODE RESP-CODES SASL(PLAIN LOGIN) PIPELINING TOP CAPA
1372 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1373 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1374 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1375 Script Info: | Public Key type: rsa
1376 Script Info: | Public Key bits: 2048
1377 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1378 Script Info: | Not valid before: 2019-11-25T00:00:00
1379 Script Info: | Not valid after: 2020-11-24T23:59:59
1380 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1381 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1382 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%)
1383 Os Info: Host: dns1.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1384 IP: 190.96.85.41
1385 HostName: dns1.planetahosting.cl Type: NS
1386 HostName: hades41.planetahosting.cl Type: PTR
1387 Country: Chile
1388 Is Active: True (reset ttl 64)
1389 Port: 21/tcp open ftp syn-ack ttl 42 Pure-FTPd
1390 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1391 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1392 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1393 Script Info: | Public Key type: rsa
1394 Script Info: | Public Key bits: 2048
1395 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1396 Script Info: | Not valid before: 2019-11-25T00:00:00
1397 Script Info: | Not valid after: 2020-11-24T23:59:59
1398 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1399 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1400 Script Info: |_ssl-date: TLS randomness does not represent time
1401 Port: 53/tcp open domain syn-ack ttl 42 ISC BIND 9.11.4-P2 (RedHat Enterprise Linux 7)
1402 Script Info: | dns-nsid:
1403 Script Info: |_ bind.version: 9.11.4-P2-RedHat-9.11.4-9.P2.el7
1404 Port: 80/tcp open http syn-ack ttl 42 Apache httpd
1405 Script Info: | http-methods:
1406 Script Info: |_ Supported Methods: GET POST OPTIONS HEAD
1407 Script Info: |_http-server-header: Apache
1408 Script Info: |_http-title: Site doesn't have a title (text/html).
1409 Port: 110/tcp open pop3 syn-ack ttl 42 Dovecot pop3d
1410 Script Info: |_pop3-capabilities: RESP-CODES SASL(PLAIN LOGIN) PIPELINING AUTH-RESP-CODE TOP CAPA STLS USER UIDL
1411 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1412 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1413 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1414 Script Info: | Public Key type: rsa
1415 Script Info: | Public Key bits: 2048
1416 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1417 Script Info: | Not valid before: 2019-11-25T00:00:00
1418 Script Info: | Not valid after: 2020-11-24T23:59:59
1419 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1420 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1421 Port: 143/tcp open imap syn-ack ttl 42 Dovecot imapd
1422 Script Info: |_imap-capabilities: have ID more IDLE ENABLE capabilities post-login Pre-login SASL-IR IMAP4rev1 STARTTLS AUTH=LOGINA0001 listed LOGIN-REFERRALS NAMESPACE OK AUTH=PLAIN LITERAL+
1423 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1424 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1425 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1426 Script Info: | Public Key type: rsa
1427 Script Info: | Public Key bits: 2048
1428 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1429 Script Info: | Not valid before: 2019-11-25T00:00:00
1430 Script Info: | Not valid after: 2020-11-24T23:59:59
1431 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1432 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1433 Port: 443/tcp open ssl/http syn-ack ttl 42 Apache httpd
1434 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1435 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1436 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1437 Script Info: | Public Key type: rsa
1438 Script Info: | Public Key bits: 2048
1439 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1440 Script Info: | Not valid before: 2019-11-25T00:00:00
1441 Script Info: | Not valid after: 2020-11-24T23:59:59
1442 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1443 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1444 Port: 465/tcp open ssl/smtp syn-ack ttl 42 Exim smtpd 4.92
1445 Script Info: |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1446 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1447 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1448 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1449 Script Info: | Public Key type: rsa
1450 Script Info: | Public Key bits: 2048
1451 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1452 Script Info: | Not valid before: 2019-11-25T00:00:00
1453 Script Info: | Not valid after: 2020-11-24T23:59:59
1454 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1455 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1456 Port: 587/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
1457 Script Info: | smtp-commands: dns1.planetahosting.cl Hello nmap.scanme.org [45.132.192.37], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1458 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1459 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1460 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1461 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1462 Script Info: | Public Key type: rsa
1463 Script Info: | Public Key bits: 2048
1464 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1465 Script Info: | Not valid before: 2019-11-25T00:00:00
1466 Script Info: | Not valid after: 2020-11-24T23:59:59
1467 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1468 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1469 Port: 993/tcp open imaps? syn-ack ttl 42
1470 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1471 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1472 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1473 Script Info: | Public Key type: rsa
1474 Script Info: | Public Key bits: 2048
1475 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1476 Script Info: | Not valid before: 2019-11-25T00:00:00
1477 Script Info: | Not valid after: 2020-11-24T23:59:59
1478 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1479 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1480 Port: 995/tcp open pop3s? syn-ack ttl 42
1481 Script Info: | ssl-cert: Subject: commonName=dns1.planetahosting.cl
1482 Script Info: | Subject Alternative Name: DNS:dns1.planetahosting.cl, DNS:www.dns1.planetahosting.cl
1483 Script Info: | Issuer: commonName=cPanel, Inc. Certification Authority/organizationName=cPanel, Inc./stateOrProvinceName=TX/countryName=US
1484 Script Info: | Public Key type: rsa
1485 Script Info: | Public Key bits: 2048
1486 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1487 Script Info: | Not valid before: 2019-11-25T00:00:00
1488 Script Info: | Not valid after: 2020-11-24T23:59:59
1489 Script Info: | MD5: 860c 9204 7a7d 8985 8067 22ec 67f1 e21c
1490 Script Info: |_SHA-1: a830 a922 9bc5 2d8d ec3f 7883 ce8b 2bf6 7d0a 483e
1491 Os Info: Host: dns1.planetahosting.cl; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:7
1492
1493--------------End Summary --------------
1494-----------------------------------------
1495#######################################################################################################################################
1496traceroute to www.fundacionpap.cl (201.148.104.123), 30 hops max, 60 byte packets
1497 1 10.218.200.1 (10.218.200.1) 145.138 ms 145.113 ms 145.096 ms
1498 2 * * *
1499 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 150.338 ms 150.322 ms 150.308 ms
1500 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 150.140 ms 150.143 ms 150.124 ms
1501 5 be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 155.443 ms 155.181 ms 155.181 ms
1502 6 be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226) 155.524 ms 153.174 ms be3377.ccr21.sto01.atlas.cogentco.com (154.54.36.90) 153.189 ms
1503 7 ae-11.edge4.Stockholm2.Level3.net (4.68.106.129) 153.420 ms ae-10.edge4.Stockholm2.Level3.net (4.68.106.125) 156.368 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129) 156.926 ms
1504 8 * * *
1505 9 GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162) 297.028 ms 297.559 ms 297.822 ms
150610 scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131) 389.630 ms 389.646 ms 470.673 ms
1507#######################################################################################################################################
1508----- fundacionpap.cl -----
1509
1510
1511Host's addresses:
1512__________________
1513
1514fundacionpap.cl. 13100 IN A 201.148.104.123
1515
1516
1517Name Servers:
1518______________
1519
1520dns1.planetahosting.cl. 2767 IN A 190.96.85.41
1521dns2.planetahosting.cl. 2957 IN A 190.96.85.40
1522dns3.planetahosting.cl. 2957 IN A 201.148.104.118
1523dns4.planetahosting.cl. 2957 IN A 201.148.104.74
1524
1525
1526Mail (MX) Servers:
1527___________________
1528
1529fundacionpap.cl. 13099 IN A 201.148.104.123
1530
1531
1532
1533Scraping fundacionpap.cl subdomains from Google:
1534_________________________________________________
1535
1536
1537 ---- Google search page: 1 ----
1538
1539
1540 ---- Google search page: 2 ----
1541
1542
1543
1544Google Results:
1545________________
1546
1547 perhaps Google is blocking our queries.
1548 Check manually.
1549
1550
1551Brute forcing with /usr/share/dnsenum/dns.txt:
1552_______________________________________________
1553
1554ftp.fundacionpap.cl. 13425 IN A 201.148.104.123
1555mail.fundacionpap.cl. 13410 IN CNAME fundacionpap.cl.
1556fundacionpap.cl. 13410 IN A 201.148.104.123
1557www.fundacionpap.cl. 12977 IN CNAME fundacionpap.cl.
1558fundacionpap.cl. 12977 IN A 201.148.104.123
1559
1560
1561Launching Whois Queries:
1562_________________________
1563
1564 whois ip result: 201.148.104.0 -> 201.148.104.0/22
1565
1566
1567fundacionpap.cl_______________
1568
1569 201.148.104.0/22
1570
1571#######################################################################################################################################
1572WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1573Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 17:44 EST
1574Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
1575Host is up (0.40s latency).
1576Not shown: 479 filtered ports, 5 closed ports
1577Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1578PORT STATE SERVICE
157921/tcp open ftp
158080/tcp open http
1581110/tcp open pop3
1582143/tcp open imap
1583443/tcp open https
1584465/tcp open smtps
1585587/tcp open submission
1586993/tcp open imaps
1587995/tcp open pop3s
15883306/tcp open mysql
15898888/tcp open sun-answerbook
15908889/tcp open ddi-tcp-2
1591
1592Nmap done: 1 IP address (1 host up) scanned in 12.45 seconds
1593#######################################################################################################################################
1594Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 17:44 EST
1595Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
1596Host is up (0.36s latency).
1597Not shown: 2 filtered ports, 1 closed port
1598PORT STATE SERVICE
159967/udp open|filtered dhcps
160068/udp open|filtered dhcpc
160169/udp open|filtered tftp
160288/udp open|filtered kerberos-sec
1603123/udp open|filtered ntp
1604139/udp open|filtered netbios-ssn
1605161/udp open|filtered snmp
1606162/udp open|filtered snmptrap
1607389/udp open|filtered ldap
1608500/udp open|filtered isakmp
1609520/udp open|filtered route
16102049/udp open|filtered nfs
1611
1612Nmap done: 1 IP address (1 host up) scanned in 4.91 seconds
1613#######################################################################################################################################
1614Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 17:44 EST
1615NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
1616NSE: [ftp-brute] usernames: Time limit 10m00s exceeded.
1617NSE: [ftp-brute] passwords: Time limit 10m00s exceeded.
1618Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
1619Host is up (0.41s latency).
1620
1621PORT STATE SERVICE VERSION
162221/tcp open ftp Pure-FTPd
1623| ftp-brute:
1624| Accounts: No valid accounts found
1625|_ Statistics: Performed 6035 guesses in 610 seconds, average tps: 9.7
1626| vulscan: VulDB - https://vuldb.com:
1627| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
1628| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
1629| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
1630|
1631| MITRE CVE - https://cve.mitre.org:
1632| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
1633|
1634| SecurityFocus - https://www.securityfocus.com/bid/:
1635| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
1636|
1637| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1638| No findings
1639|
1640| Exploit-DB - https://www.exploit-db.com:
1641| No findings
1642|
1643| OpenVAS (Nessus) - http://www.openvas.org:
1644| No findings
1645|
1646| SecurityTracker - https://www.securitytracker.com:
1647| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
1648| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
1649| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
1650| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
1651|
1652| OSVDB - http://www.osvdb.org:
1653| No findings
1654|_
1655Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1656Device type: general purpose
1657Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
1658OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
1659Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (89%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 - 3.16 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
1660No exact OS matches for host (test conditions non-ideal).
1661Network Distance: 16 hops
1662
1663TRACEROUTE (using port 21/tcp)
1664HOP RTT ADDRESS
16651 149.86 ms 10.218.200.1
16662 ...
16673 151.07 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
16684 151.04 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
16695 155.95 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
16706 156.35 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
16717 159.53 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
16728 ...
16739 291.78 ms GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162)
167410 384.74 ms scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131)
167511 ... 15
167616 440.67 ms phis104123.dedicados.cl (201.148.104.123)
1677######################################################################################################################################
1678HTTP/1.1 200 OK
1679Date: Sat, 14 Dec 2019 22:56:27 GMT
1680Server: Apache
1681Last-Modified: Tue, 07 Aug 2018 09:12:42 GMT
1682Accept-Ranges: bytes
1683Content-Length: 163
1684Content-Type: text/html
1685
1686Allow: GET,POST,OPTIONS,HEAD
1687#######################################################################################################################################
1688http://201.148.104.123 [200 OK] Apache, Country[CHILE][CL], HTTPServer[Apache], IP[201.148.104.123], Meta-Refresh-Redirect[/cgi-sys/defaultwebpage.cgi]
1689http://201.148.104.123/cgi-sys/defaultwebpage.cgi [200 OK] Apache, Country[CHILE][CL], HTTPServer[Apache], IP[201.148.104.123], Title[Suspendido]
1690#######################################################################################################################################
1691
1692wig - WebApp Information Gatherer
1693
1694
1695Scanning http://201.148.104.123...
1696_____________________ SITE INFO _____________________
1697IP Title
1698201.148.104.123
1699
1700______________________ VERSION ______________________
1701Name Versions Type
1702Apache Platform
1703
1704____________________ INTERESTING ____________________
1705URL Note Type
1706/robots.txt robots.txt index Interesting
1707
1708_____________________________________________________
1709Time: 68.0 sec Urls: 601 Fingerprints: 40401
1710#######################################################################################################################################
1711Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 17:58 EST
1712NSE: Loaded 163 scripts for scanning.
1713NSE: Script Pre-scanning.
1714Initiating NSE at 17:58
1715Completed NSE at 17:58, 0.00s elapsed
1716Initiating NSE at 17:58
1717Completed NSE at 17:58, 0.00s elapsed
1718Initiating Parallel DNS resolution of 1 host. at 17:58
1719Completed Parallel DNS resolution of 1 host. at 17:58, 0.02s elapsed
1720Initiating SYN Stealth Scan at 17:58
1721Scanning phis104123.dedicados.cl (201.148.104.123) [1 port]
1722Discovered open port 80/tcp on 201.148.104.123
1723Completed SYN Stealth Scan at 17:58, 0.48s elapsed (1 total ports)
1724Initiating Service scan at 17:58
1725Scanning 1 service on phis104123.dedicados.cl (201.148.104.123)
1726Completed Service scan at 17:58, 6.96s elapsed (1 service on 1 host)
1727Initiating OS detection (try #1) against phis104123.dedicados.cl (201.148.104.123)
1728Retrying OS detection (try #2) against phis104123.dedicados.cl (201.148.104.123)
1729Initiating Traceroute at 17:58
1730Completed Traceroute at 17:58, 3.17s elapsed
1731Initiating Parallel DNS resolution of 9 hosts. at 17:58
1732Completed Parallel DNS resolution of 9 hosts. at 17:58, 0.44s elapsed
1733NSE: Script scanning 201.148.104.123.
1734Initiating NSE at 17:58
1735Completed NSE at 18:00, 128.95s elapsed
1736Initiating NSE at 18:00
1737Completed NSE at 18:00, 1.96s elapsed
1738Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
1739Host is up (0.41s latency).
1740
1741PORT STATE SERVICE VERSION
174280/tcp open http Apache httpd
1743| http-brute:
1744|_ Path "/" does not require authentication
1745|_http-chrono: Request times for /; avg: 1167.38ms; min: 1107.21ms; max: 1202.36ms
1746|_http-csrf: Couldn't find any CSRF vulnerabilities.
1747|_http-date: Sat, 14 Dec 2019 22:58:30 GMT; -2s from local time.
1748|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1749|_http-dombased-xss: Couldn't find any DOM based XSS.
1750|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1751|_http-errors: Couldn't find any error pages.
1752|_http-feed: Couldn't find any feeds.
1753|_http-fetch: Please enter the complete path of the directory to save data in.
1754| http-headers:
1755| Date: Sat, 14 Dec 2019 22:58:41 GMT
1756| Server: Apache
1757| Last-Modified: Tue, 07 Aug 2018 09:12:42 GMT
1758| Accept-Ranges: bytes
1759| Content-Length: 163
1760| Connection: close
1761| Content-Type: text/html
1762|
1763|_ (Request type: HEAD)
1764|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1765| http-methods:
1766|_ Supported Methods: GET POST OPTIONS HEAD
1767|_http-mobileversion-checker: No mobile version detected.
1768| http-php-version: Logo query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
1769|_Credits query returned unknown hash f1fb042c62910c34be16ad91cbbd71fa
1770| http-robots.txt: 1 disallowed entry
1771|_/
1772|_http-security-headers:
1773|_http-server-header: Apache
1774| http-sitemap-generator:
1775| Directory structure:
1776| /
1777| Other: 1
1778| Longest directory structure:
1779| Depth: 0
1780| Dir: /
1781| Total files found (by extension):
1782|_ Other: 1
1783|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1784|_http-title: Site doesn't have a title (text/html).
1785| http-vhosts:
1786|_127 names had status 200
1787|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1788|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1789|_http-xssed: No previously reported XSS vuln.
1790| vulscan: VulDB - https://vuldb.com:
1791| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1792| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1793| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1794| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1795| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1796| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1797| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1798| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1799| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1800| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1801| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1802| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1803| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1804| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1805| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1806| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1807| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1808| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1809| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1810| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1811| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1812| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1813| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1814| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1815| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1816| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1817| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1818| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1819| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1820| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1821| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1822| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1823| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1824| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1825| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1826| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1827| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1828| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1829| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1830| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1831| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1832| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1833| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1834| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1835| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1836| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1837| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1838| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1839| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1840| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1841| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1842| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1843| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1844| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1845| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1846| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1847| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1848| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1849| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1850| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1851| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1852| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1853| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1854| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1855| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1856| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1857| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1858| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1859| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1860| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1861| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1862| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1863| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1864| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1865| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1866| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1867| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1868| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1869| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1870| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1871| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1872| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1873| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1874| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1875| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1876| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1877| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1878| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1879| [136370] Apache Fineract up to 1.2.x sql injection
1880| [136369] Apache Fineract up to 1.2.x sql injection
1881| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1882| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1883| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1884| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1885| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1886| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1887| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1888| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1889| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1890| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1891| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1892| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1893| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1894| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1895| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1896| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1897| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1898| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1899| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1900| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1901| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1902| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1903| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1904| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1905| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1906| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1907| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1908| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1909| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1910| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1911| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1912| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1913| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1914| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1915| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1916| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1917| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1918| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1919| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1920| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1921| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1922| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1923| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1924| [130629] Apache Guacamole Cookie Flag weak encryption
1925| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1926| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1927| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1928| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1929| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1930| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1931| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1932| [130123] Apache Airflow up to 1.8.2 information disclosure
1933| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1934| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1935| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1936| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1937| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1938| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1939| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1940| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1941| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1942| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1943| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1944| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1945| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1946| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1947| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1948| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1949| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1950| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1951| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1952| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1953| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1954| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1955| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1956| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1957| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1958| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1959| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1960| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1961| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1962| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1963| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1964| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1965| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1966| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1967| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1968| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1969| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1970| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1971| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1972| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1973| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1974| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1975| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1976| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1977| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1978| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1979| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1980| [127007] Apache Spark Request Code Execution
1981| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1982| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1983| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1984| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1985| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1986| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1987| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1988| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1989| [126346] Apache Tomcat Path privilege escalation
1990| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1991| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1992| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1993| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1994| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1995| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1996| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1997| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1998| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1999| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2000| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2001| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2002| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2003| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2004| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2005| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2006| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2007| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2008| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2009| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2010| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2011| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2012| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2013| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2014| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2015| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2016| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2017| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2018| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2019| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2020| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2021| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2022| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2023| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2024| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2025| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2026| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2027| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2028| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2029| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2030| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2031| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2032| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2033| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2034| [123197] Apache Sentry up to 2.0.0 privilege escalation
2035| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2036| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2037| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2038| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2039| [122800] Apache Spark 1.3.0 REST API weak authentication
2040| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2041| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2042| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2043| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2044| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2045| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2046| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2047| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2048| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2049| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2050| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2051| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2052| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2053| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2054| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2055| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2056| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2057| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2058| [121354] Apache CouchDB HTTP API Code Execution
2059| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2060| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2061| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2062| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2063| [120168] Apache CXF weak authentication
2064| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2065| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2066| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2067| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2068| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2069| [119306] Apache MXNet Network Interface privilege escalation
2070| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2071| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2072| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2073| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2074| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2075| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2076| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2077| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2078| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2079| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2080| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2081| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2082| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2083| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2084| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2085| [117115] Apache Tika up to 1.17 tika-server command injection
2086| [116929] Apache Fineract getReportType Parameter privilege escalation
2087| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2088| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2089| [116926] Apache Fineract REST Parameter privilege escalation
2090| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2091| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2092| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2093| [115883] Apache Hive up to 2.3.2 privilege escalation
2094| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2095| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2096| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2097| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2098| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2099| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2100| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2101| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2102| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2103| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2104| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2105| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2106| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2107| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2108| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2109| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2110| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2111| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2112| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2113| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2114| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2115| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2116| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2117| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2118| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2119| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2120| [113895] Apache Geode up to 1.3.x Code Execution
2121| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2122| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2123| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2124| [113747] Apache Tomcat Servlets privilege escalation
2125| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2126| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2127| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2128| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2129| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2130| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2131| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2132| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2133| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2134| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2135| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2136| [112885] Apache Allura up to 1.8.0 File information disclosure
2137| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2138| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2139| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2140| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2141| [112625] Apache POI up to 3.16 Loop denial of service
2142| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2143| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2144| [112339] Apache NiFi 1.5.0 Header privilege escalation
2145| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2146| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2147| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2148| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2149| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2150| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2151| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2152| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2153| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2154| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2155| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2156| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2157| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2158| [112114] Oracle 9.1 Apache Log4j privilege escalation
2159| [112113] Oracle 9.1 Apache Log4j privilege escalation
2160| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2161| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2162| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2163| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2164| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2165| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2166| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2167| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2168| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2169| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2170| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2171| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2172| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2173| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2174| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2175| [110701] Apache Fineract Query Parameter sql injection
2176| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2177| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2178| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2179| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2180| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2181| [110106] Apache CXF Fediz Spring cross site request forgery
2182| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2183| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2184| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2185| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2186| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2187| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2188| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2189| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2190| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2191| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2192| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2193| [108938] Apple macOS up to 10.13.1 apache denial of service
2194| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2195| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2196| [108935] Apple macOS up to 10.13.1 apache denial of service
2197| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2198| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2199| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2200| [108931] Apple macOS up to 10.13.1 apache denial of service
2201| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2202| [108929] Apple macOS up to 10.13.1 apache denial of service
2203| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2204| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2205| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2206| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2207| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2208| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2209| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2210| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
2211| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2212| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2213| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2214| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2215| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2216| [108782] Apache Xerces2 XML Service denial of service
2217| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2218| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2219| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2220| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2221| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2222| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2223| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2224| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2225| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2226| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2227| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2228| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2229| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2230| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2231| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2232| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2233| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2234| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2235| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2236| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2237| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2238| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2239| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2240| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2241| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2242| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2243| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2244| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2245| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2246| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2247| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2248| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2249| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2250| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2251| [107639] Apache NiFi 1.4.0 XML External Entity
2252| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2253| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2254| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2255| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2256| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2257| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2258| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2259| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2260| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2261| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2262| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2263| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2264| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2265| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2266| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2267| [107084] Apache Struts up to 2.3.19 cross site scripting
2268| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2269| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2270| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2271| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2272| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2273| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2274| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2275| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2276| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2277| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2278| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2279| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2280| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2281| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2282| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2283| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2284| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2285| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2286| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2287| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2288| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2289| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2290| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2291| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2292| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2293| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2294| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2295| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2296| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2297| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2298| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2299| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2300| [105643] Apache Pony Mail up to 0.8b weak authentication
2301| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2302| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2303| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2304| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2305| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2306| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2307| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2308| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2309| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2310| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2311| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2312| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2313| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2314| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2315| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2316| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2317| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2318| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2319| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2320| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2321| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2322| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2323| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2324| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2325| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2326| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2327| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2328| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2329| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2330| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2331| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2332| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2333| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2334| [103690] Apache OpenMeetings 1.0.0 sql injection
2335| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2336| [103688] Apache OpenMeetings 1.0.0 weak encryption
2337| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2338| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2339| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2340| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2341| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2342| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2343| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2344| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2345| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2346| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2347| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2348| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2349| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2350| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2351| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2352| [103352] Apache Solr Node weak authentication
2353| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2354| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2355| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2356| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
2357| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2358| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2359| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2360| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2361| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2362| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2363| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2364| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2365| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2366| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2367| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2368| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2369| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2370| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2371| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2372| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
2373| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2374| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2375| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2376| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2377| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2378| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2379| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2380| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2381| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2382| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2383| [99937] Apache Batik up to 1.8 privilege escalation
2384| [99936] Apache FOP up to 2.1 privilege escalation
2385| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2386| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2387| [99930] Apache Traffic Server up to 6.2.0 denial of service
2388| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2389| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2390| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2391| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2392| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2393| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2394| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2395| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2396| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2397| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2398| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2399| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2400| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2401| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2402| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2403| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2404| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2405| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2406| [98605] Apple macOS up to 10.12.3 Apache denial of service
2407| [98604] Apple macOS up to 10.12.3 Apache denial of service
2408| [98603] Apple macOS up to 10.12.3 Apache denial of service
2409| [98602] Apple macOS up to 10.12.3 Apache denial of service
2410| [98601] Apple macOS up to 10.12.3 Apache denial of service
2411| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2412| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2413| [98199] Apache Camel Validation XML External Entity
2414| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2415| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2416| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2417| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2418| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2419| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2420| [97081] Apache Tomcat HTTPS Request denial of service
2421| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2422| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2423| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2424| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2425| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2426| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2427| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2428| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2429| [95311] Apache Storm UI Daemon privilege escalation
2430| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2431| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2432| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2433| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2434| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2435| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2436| [94540] Apache Tika 1.9 tika-server File information disclosure
2437| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2438| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2439| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2440| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2441| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2442| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2443| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2444| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2445| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2446| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2447| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2448| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2449| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2450| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2451| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2452| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2453| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2454| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2455| [93532] Apache Commons Collections Library Java privilege escalation
2456| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2457| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2458| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2459| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2460| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2461| [93098] Apache Commons FileUpload privilege escalation
2462| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2463| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2464| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2465| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2466| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2467| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2468| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2469| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2470| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2471| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2472| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2473| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2474| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2475| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2476| [92549] Apache Tomcat on Red Hat privilege escalation
2477| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2478| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2479| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2480| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2481| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2482| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2483| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2484| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2485| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2486| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2487| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2488| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2489| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2490| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2491| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2492| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2493| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2494| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2495| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2496| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2497| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2498| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2499| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2500| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2501| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2502| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2503| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2504| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2505| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2506| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2507| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2508| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2509| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2510| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2511| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2512| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2513| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2514| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2515| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2516| [90263] Apache Archiva Header denial of service
2517| [90262] Apache Archiva Deserialize privilege escalation
2518| [90261] Apache Archiva XML DTD Connection privilege escalation
2519| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2520| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2521| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2522| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2523| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2524| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2525| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2526| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2527| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2528| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2529| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2530| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2531| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2532| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2533| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2534| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2535| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2536| [87765] Apache James Server 2.3.2 Command privilege escalation
2537| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2538| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2539| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2540| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2541| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2542| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2543| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2544| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2545| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2546| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2547| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2548| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2549| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2550| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2551| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2552| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2553| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2554| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2555| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2556| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2557| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2558| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2559| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2560| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2561| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2562| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2563| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2564| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2565| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2566| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2567| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2568| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2569| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2570| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2571| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2572| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2573| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2574| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2575| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2576| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2577| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2578| [82076] Apache Ranger up to 0.5.1 privilege escalation
2579| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2580| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2581| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2582| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2583| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2584| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2585| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2586| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2587| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2588| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2589| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2590| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2591| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2592| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2593| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2594| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2595| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2596| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2597| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2598| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2599| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2600| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2601| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2602| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2603| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2604| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2605| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2606| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2607| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2608| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2609| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2610| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2611| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2612| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2613| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2614| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2615| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2616| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2617| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2618| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2619| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2620| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2621| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2622| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2623| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2624| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2625| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2626| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2627| [78989] Apache Ambari up to 2.1.1 Open Redirect
2628| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2629| [78987] Apache Ambari up to 2.0.x cross site scripting
2630| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2631| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2632| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2633| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2634| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2635| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2636| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2637| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2638| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2639| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2640| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2641| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2642| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2643| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2644| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2645| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2646| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2647| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2648| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2649| [76567] Apache Struts 2.3.20 unknown vulnerability
2650| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2651| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2652| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2653| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2654| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2655| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2656| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2657| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2658| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2659| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2660| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2661| [74793] Apache Tomcat File Upload denial of service
2662| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2663| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2664| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2665| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2666| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2667| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2668| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2669| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2670| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2671| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2672| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2673| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2674| [74468] Apache Batik up to 1.6 denial of service
2675| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2676| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2677| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2678| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2679| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2680| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2681| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2682| [73731] Apache XML Security unknown vulnerability
2683| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2684| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2685| [73593] Apache Traffic Server up to 5.1.0 denial of service
2686| [73511] Apache POI up to 3.10 Deadlock denial of service
2687| [73510] Apache Solr up to 4.3.0 cross site scripting
2688| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2689| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2690| [73173] Apache CloudStack Stack-Based unknown vulnerability
2691| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2692| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2693| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2694| [72890] Apache Qpid 0.30 unknown vulnerability
2695| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2696| [72878] Apache Cordova 3.5.0 cross site request forgery
2697| [72877] Apache Cordova 3.5.0 cross site request forgery
2698| [72876] Apache Cordova 3.5.0 cross site request forgery
2699| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2700| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2701| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2702| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2703| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2704| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2705| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2706| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2707| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2708| [71629] Apache Axis2/C spoofing
2709| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2710| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2711| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2712| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2713| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2714| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2715| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2716| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2717| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2718| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2719| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2720| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2721| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2722| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2723| [70809] Apache POI up to 3.11 Crash denial of service
2724| [70808] Apache POI up to 3.10 unknown vulnerability
2725| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2726| [70749] Apache Axis up to 1.4 getCN spoofing
2727| [70701] Apache Traffic Server up to 3.3.5 denial of service
2728| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2729| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2730| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2731| [70661] Apache Subversion up to 1.6.17 denial of service
2732| [70660] Apache Subversion up to 1.6.17 spoofing
2733| [70659] Apache Subversion up to 1.6.17 spoofing
2734| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2735| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2736| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2737| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2738| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2739| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2740| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2741| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2742| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2743| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2744| [69846] Apache HBase up to 0.94.8 information disclosure
2745| [69783] Apache CouchDB up to 1.2.0 memory corruption
2746| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2747| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2748| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2749| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2750| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2751| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2752| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2753| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2754| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2755| [69431] Apache Archiva up to 1.3.6 cross site scripting
2756| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2757| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2758| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2759| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2760| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2761| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2762| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2763| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2764| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2765| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2766| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2767| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2768| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2769| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2770| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2771| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2772| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2773| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2774| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2775| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2776| [66356] Apache Wicket up to 6.8.0 information disclosure
2777| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2778| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2779| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2780| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2781| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2782| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2783| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2784| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2785| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2786| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2787| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2788| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2789| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2790| [65668] Apache Solr 4.0.0 Updater denial of service
2791| [65665] Apache Solr up to 4.3.0 denial of service
2792| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2793| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2794| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2795| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2796| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2797| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2798| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2799| [65410] Apache Struts 2.3.15.3 cross site scripting
2800| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2801| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2802| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2803| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2804| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2805| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2806| [65340] Apache Shindig 2.5.0 information disclosure
2807| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2808| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2809| [10826] Apache Struts 2 File privilege escalation
2810| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2811| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2812| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2813| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2814| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2815| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2816| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2817| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2818| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2819| [64722] Apache XML Security for C++ Heap-based memory corruption
2820| [64719] Apache XML Security for C++ Heap-based memory corruption
2821| [64718] Apache XML Security for C++ verify denial of service
2822| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2823| [64716] Apache XML Security for C++ spoofing
2824| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2825| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2826| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2827| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2828| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2829| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2830| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2831| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2832| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2833| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2834| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2835| [64467] Apache Geronimo 3.0 memory corruption
2836| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2837| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2838| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2839| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2840| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2841| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2842| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2843| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2844| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2845| [8873] Apache Struts 2.3.14 privilege escalation
2846| [8872] Apache Struts 2.3.14 privilege escalation
2847| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2848| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2849| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2850| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2851| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2852| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2853| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2854| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2855| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2856| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2857| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2858| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2859| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2860| [8427] Apache Tomcat Session Transaction weak authentication
2861| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2862| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2863| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2864| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2865| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2866| [63747] Apache Rave up to 0.20 User Account information disclosure
2867| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2868| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2869| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2870| [7687] Apache CXF up to 2.7.2 Token weak authentication
2871| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2872| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2873| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2874| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2875| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2876| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2877| [63090] Apache Tomcat up to 4.1.24 denial of service
2878| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2879| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2880| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2881| [62833] Apache CXF -/2.6.0 spoofing
2882| [62832] Apache Axis2 up to 1.6.2 spoofing
2883| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2884| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2885| [62826] Apache Libcloud up to 0.11.0 spoofing
2886| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2887| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2888| [62661] Apache Axis2 unknown vulnerability
2889| [62658] Apache Axis2 unknown vulnerability
2890| [62467] Apache Qpid up to 0.17 denial of service
2891| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2892| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2893| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2894| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2895| [62035] Apache Struts up to 2.3.4 denial of service
2896| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2897| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2898| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2899| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2900| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2901| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2902| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2903| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2904| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2905| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2906| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2907| [61229] Apache Sling up to 2.1.1 denial of service
2908| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2909| [61094] Apache Roller up to 5.0 cross site scripting
2910| [61093] Apache Roller up to 5.0 cross site request forgery
2911| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2912| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2913| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2914| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2915| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2916| [60708] Apache Qpid 0.12 unknown vulnerability
2917| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2918| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2919| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2920| [4882] Apache Wicket up to 1.5.4 directory traversal
2921| [4881] Apache Wicket up to 1.4.19 cross site scripting
2922| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2923| [60352] Apache Struts up to 2.2.3 memory corruption
2924| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2925| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2926| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2927| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2928| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2929| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2930| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2931| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2932| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2933| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2934| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2935| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2936| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2937| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2938| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2939| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2940| [59888] Apache Tomcat up to 6.0.6 denial of service
2941| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2942| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2943| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2944| [59850] Apache Geronimo up to 2.2.1 denial of service
2945| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2946| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2947| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2948| [58413] Apache Tomcat up to 6.0.10 spoofing
2949| [58381] Apache Wicket up to 1.4.17 cross site scripting
2950| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2951| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2952| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2953| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2954| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2955| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2956| [57568] Apache Archiva up to 1.3.4 cross site scripting
2957| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2958| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2959| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2960| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2961| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2962| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2963| [57025] Apache Tomcat up to 7.0.11 information disclosure
2964| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2965| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2966| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2967| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2968| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2969| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2970| [56512] Apache Continuum up to 1.4.0 cross site scripting
2971| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2972| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2973| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2974| [56441] Apache Tomcat up to 7.0.6 denial of service
2975| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2976| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2977| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2978| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2979| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2980| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2981| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2982| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2983| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2984| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2985| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2986| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2987| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2988| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2989| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2990| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2991| [54012] Apache Tomcat up to 6.0.10 denial of service
2992| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2993| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2994| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2995| [52894] Apache Tomcat up to 6.0.7 information disclosure
2996| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2997| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2998| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2999| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3000| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3001| [52584] Apache CouchDB up to 0.10.1 information disclosure
3002| [51757] Apache HTTP Server 2.0.44 cross site scripting
3003| [51756] Apache HTTP Server 2.0.44 spoofing
3004| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3005| [51690] Apache Tomcat up to 6.0 directory traversal
3006| [51689] Apache Tomcat up to 6.0 information disclosure
3007| [51688] Apache Tomcat up to 6.0 directory traversal
3008| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3009| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3010| [50626] Apache Solr 1.0.0 cross site scripting
3011| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3012| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3013| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3014| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3015| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3016| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3017| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3018| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3019| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3020| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3021| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3022| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3023| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3024| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
3025| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3026| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3027| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3028| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3029| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3030| [47214] Apachefriends xampp 1.6.8 spoofing
3031| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3032| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3033| [47065] Apache Tomcat 4.1.23 cross site scripting
3034| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3035| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3036| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3037| [86625] Apache Struts directory traversal
3038| [44461] Apache Tomcat up to 5.5.0 information disclosure
3039| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3040| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3041| [43663] Apache Tomcat up to 6.0.16 directory traversal
3042| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3043| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3044| [43516] Apache Tomcat up to 4.1.20 directory traversal
3045| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3046| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3047| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3048| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3049| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3050| [40924] Apache Tomcat up to 6.0.15 information disclosure
3051| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3052| [40922] Apache Tomcat up to 6.0 information disclosure
3053| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3054| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3055| [40656] Apache Tomcat 5.5.20 information disclosure
3056| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3057| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3058| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3059| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3060| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3061| [40234] Apache Tomcat up to 6.0.15 directory traversal
3062| [40221] Apache HTTP Server 2.2.6 information disclosure
3063| [40027] David Castro Apache Authcas 0.4 sql injection
3064| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
3065| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3066| [3414] Apache Tomcat WebDAV Stored privilege escalation
3067| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3068| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3069| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3070| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3071| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3072| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3073| [38524] Apache Geronimo 2.0 unknown vulnerability
3074| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3075| [38331] Apache Tomcat 4.1.24 information disclosure
3076| [38330] Apache Tomcat 4.1.24 information disclosure
3077| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3078| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3079| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3080| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3081| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3082| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3083| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3084| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3085| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3086| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3087| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3088| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3089| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3090| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3091| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3092| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3093| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3094| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3095| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3096| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3097| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3098| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3099| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3100| [34252] Apache HTTP Server denial of service
3101| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3102| [33877] Apache Opentaps 0.9.3 cross site scripting
3103| [33876] Apache Open For Business Project unknown vulnerability
3104| [33875] Apache Open For Business Project cross site scripting
3105| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
3106| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3107|
3108| MITRE CVE - https://cve.mitre.org:
3109| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3110| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3111| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3112| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3113| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3114| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3115| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3116| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3117| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3118| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3119| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3120| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3121| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3122| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3123| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3124| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3125| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3126| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3127| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3128| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3129| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3130| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3131| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3132| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3133| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3134| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3135| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3136| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3137| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3138| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3139| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3140| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3141| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3142| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3143| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3144| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3145| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3146| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3147| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3148| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3149| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3150| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3151| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3152| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3153| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3154| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3155| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3156| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3157| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3158| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3159| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3160| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3161| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3162| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3163| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3164| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3165| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3166| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3167| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3168| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3169| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3170| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3171| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3172| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3173| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3174| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3175| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3176| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3177| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3178| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3179| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3180| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3181| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3182| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3183| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3184| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3185| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3186| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3187| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3188| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3189| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3190| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3191| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3192| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3193| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3194| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3195| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3196| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3197| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3198| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3199| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3200| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3201| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3202| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3203| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3204| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3205| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3206| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3207| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3208| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3209| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3210| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3211| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3212| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3213| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3214| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3215| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3216| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3217| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3218| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3219| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3220| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3221| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3222| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3223| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3224| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3225| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3226| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3227| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3228| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3229| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3230| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3231| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3232| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3233| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3234| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3235| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3236| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3237| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3238| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3239| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3240| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3241| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3242| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3243| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3244| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3245| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3246| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3247| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3248| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3249| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3250| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3251| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3252| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3253| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3254| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3255| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3256| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3257| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3258| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3259| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3260| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3261| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3262| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3263| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3264| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3265| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3266| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3267| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3268| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3269| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3270| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3271| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3272| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3273| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3274| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3275| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3276| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3277| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3278| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3279| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3280| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3281| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3282| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3283| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3284| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3285| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3286| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3287| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3288| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3289| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3290| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3291| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3292| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3293| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3294| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3295| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3296| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3297| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3298| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3299| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3300| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3301| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3302| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3303| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3304| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3305| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3306| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3307| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3308| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3309| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3310| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3311| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3312| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3313| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3314| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3315| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3316| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3317| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3318| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3319| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3320| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3321| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3322| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3323| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3324| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3325| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3326| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3327| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3328| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3329| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3330| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3331| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3332| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3333| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3334| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3335| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3336| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3337| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3338| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3339| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3340| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3341| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3342| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3343| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3344| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3345| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3346| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3347| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3348| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3349| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3350| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3351| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3352| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3353| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3354| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3355| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3356| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3357| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3358| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3359| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3360| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3361| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3362| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3363| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3364| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3365| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3366| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3367| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3368| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3369| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3370| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3371| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3372| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3373| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3374| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3375| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3376| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3377| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3378| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3379| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3380| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3381| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3382| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3383| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3384| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3385| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3386| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3387| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3388| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3389| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3390| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3391| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3392| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3393| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3394| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3395| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3396| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3397| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3398| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3399| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3400| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3401| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3402| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3403| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3404| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3405| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3406| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3407| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3408| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3409| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3410| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3411| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3412| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3413| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3414| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3415| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3416| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3417| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3418| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3419| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3420| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3421| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3422| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3423| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3424| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3425| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3426| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3427| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3428| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3429| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3430| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3431| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3432| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3433| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3434| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3435| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3436| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3437| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3438| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3439| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3440| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3441| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3442| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3443| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3444| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3445| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3446| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3447| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3448| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3449| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3450| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3451| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3452| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3453| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3454| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3455| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3456| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3457| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3458| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3459| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3460| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3461| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3462| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3463| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3464| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3465| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3466| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3467| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3468| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3469| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3470| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3471| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3472| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3473| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3474| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3475| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3476| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3477| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3478| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3479| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3480| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3481| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3482| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3483| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3484| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3485| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3486| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3487| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3488| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3489| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3490| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3491| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3492| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3493| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3494| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3495| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3496| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3497| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3498| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3499| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3500| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3501| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3502| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3503| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3504| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3505| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3506| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3507| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3508| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3509| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3510| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3511| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3512| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3513| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3514| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3515| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3516| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3517| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3518| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3519| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3520| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3521| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3522| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3523| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3524| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3525| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3526| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3527| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3528| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3529| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3530| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3531| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3532| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3533| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3534| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3535| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3536| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3537| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3538| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3539| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3540| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3541| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3542| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3543| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3544| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3545| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3546| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3547| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3548| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3549| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3550| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3551| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3552| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3553| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3554| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3555| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3556| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3557| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3558| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3559| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3560| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3561| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3562| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3563| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3564| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3565| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3566| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3567| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3568| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3569| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3570| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3571| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3572| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3573| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3574| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3575| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3576| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3577| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3578| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3579| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3580| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3581| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3582| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3583| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3584| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3585| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3586| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3587| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3588| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3589| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3590| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3591| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3592| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3593| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3594| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3595| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3596| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3597| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3598| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3599| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3600| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3601| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3602| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3603| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3604| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3605| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3606| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3607| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3608| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3609| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3610| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3611| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3612| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3613| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3614| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3615| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3616| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3617| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3618| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3619| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3620| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3621| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3622| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3623| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3624| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3625| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3626| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3627| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3628| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3629| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3630| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3631| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3632| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3633| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3634| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3635| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3636| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3637| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3638| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3639| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3640| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3641| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3642| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3643| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3644| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3645| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3646| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3647| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3648| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3649| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3650| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3651| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3652| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3653| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3654| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3655| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3656| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3657| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3658| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3659| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3660| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3661| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3662| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3663| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3664| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3665| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3666| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3667| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3668| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3669| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3670| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3671| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3672| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3673| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3674| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3675| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3676| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3677| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3678| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3679| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3680| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3681| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3682| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3683| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3684| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3685| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3686| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3687| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3688| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3689| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3690| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3691| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3692| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3693| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3694| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3695| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3696| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3697| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3698| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3699| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3700| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3701| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3702| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3703| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3704| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3705| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3706| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3707| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3708| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3709| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3710| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3711| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3712| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3713| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3714| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3715| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3716| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3717| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3718|
3719| SecurityFocus - https://www.securityfocus.com/bid/:
3720| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3721| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3722| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3723| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3724| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3725| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3726| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3727| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3728| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3729| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3730| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3731| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3732| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3733| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3734| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3735| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3736| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3737| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3738| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3739| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3740| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3741| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3742| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3743| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3744| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3745| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3746| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3747| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3748| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3749| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3750| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3751| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3752| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3753| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3754| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3755| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3756| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3757| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3758| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3759| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3760| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3761| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3762| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3763| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3764| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3765| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3766| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3767| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3768| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3769| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3770| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3771| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3772| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3773| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3774| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3775| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3776| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3777| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3778| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3779| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3780| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3781| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3782| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3783| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3784| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3785| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3786| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3787| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3788| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3789| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3790| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3791| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3792| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3793| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3794| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3795| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3796| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3797| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3798| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3799| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3800| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3801| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3802| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3803| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3804| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3805| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3806| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3807| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3808| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3809| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3810| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3811| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3812| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3813| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3814| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3815| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3816| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3817| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3818| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3819| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3820| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3821| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3822| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3823| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3824| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3825| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3826| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3827| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3828| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3829| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3830| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3831| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3832| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3833| [100447] Apache2Triad Multiple Security Vulnerabilities
3834| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3835| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3836| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3837| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3838| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3839| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3840| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3841| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3842| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3843| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3844| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3845| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3846| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3847| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3848| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3849| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3850| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3851| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3852| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3853| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3854| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3855| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3856| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3857| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3858| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3859| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3860| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3861| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3862| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3863| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3864| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3865| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3866| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3867| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3868| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3869| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3870| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3871| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3872| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3873| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3874| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3875| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3876| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3877| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3878| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3879| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3880| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3881| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3882| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3883| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3884| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3885| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3886| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3887| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3888| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3889| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3890| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3891| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3892| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3893| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3894| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3895| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3896| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3897| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3898| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3899| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3900| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3901| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3902| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3903| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3904| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3905| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3906| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3907| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3908| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3909| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3910| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3911| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3912| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3913| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3914| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3915| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3916| [95675] Apache Struts Remote Code Execution Vulnerability
3917| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3918| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3919| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3920| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3921| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3922| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3923| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3924| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3925| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3926| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3927| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3928| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3929| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3930| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3931| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3932| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3933| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3934| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3935| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3936| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3937| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3938| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3939| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3940| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3941| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3942| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3943| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3944| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3945| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3946| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3947| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3948| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3949| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3950| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3951| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3952| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3953| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3954| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3955| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3956| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3957| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3958| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3959| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3960| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3961| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3962| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3963| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3964| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3965| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3966| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3967| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3968| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3969| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3970| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3971| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3972| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3973| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3974| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3975| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3976| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3977| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3978| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3979| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3980| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3981| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3982| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3983| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3984| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3985| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3986| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3987| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3988| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3989| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3990| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3991| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3992| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3993| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3994| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3995| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3996| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3997| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3998| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3999| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4000| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4001| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4002| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4003| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4004| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4005| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4006| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4007| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4008| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4009| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4010| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4011| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4012| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4013| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4014| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4015| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4016| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4017| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4018| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4019| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4020| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4021| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4022| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4023| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4024| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4025| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4026| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4027| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4028| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4029| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4030| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4031| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4032| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4033| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4034| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4035| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4036| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4037| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4038| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4039| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4040| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4041| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4042| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4043| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4044| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4045| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4046| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4047| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4048| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4049| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4050| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4051| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4052| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4053| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4054| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4055| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4056| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4057| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4058| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4059| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4060| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4061| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4062| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4063| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4064| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4065| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4066| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4067| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4068| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4069| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4070| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4071| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4072| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4073| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4074| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4075| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4076| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4077| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4078| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4079| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4080| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4081| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4082| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4083| [76933] Apache James Server Unspecified Command Execution Vulnerability
4084| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4085| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4086| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4087| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4088| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4089| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4090| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4091| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4092| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4093| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4094| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4095| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4096| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4097| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4098| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4099| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4100| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4101| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4102| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4103| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4104| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4105| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4106| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4107| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4108| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4109| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4110| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4111| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4112| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4113| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4114| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4115| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4116| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4117| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4118| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4119| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4120| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4121| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4122| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4123| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4124| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4125| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4126| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4127| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4128| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4129| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4130| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4131| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4132| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4133| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4134| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4135| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4136| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4137| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4138| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4139| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4140| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4141| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4142| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4143| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4144| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4145| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4146| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4147| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4148| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4149| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4150| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4151| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4152| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4153| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4154| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4155| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4156| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4157| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4158| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4159| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4160| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4161| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4162| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4163| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4164| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4165| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4166| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4167| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4168| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4169| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4170| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4171| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4172| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4173| [68229] Apache Harmony PRNG Entropy Weakness
4174| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4175| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4176| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4177| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4178| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4179| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4180| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4181| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4182| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4183| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4184| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4185| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4186| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4187| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4188| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4189| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4190| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4191| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4192| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4193| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4194| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4195| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4196| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4197| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4198| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4199| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4200| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4201| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4202| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4203| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4204| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4205| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4206| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4207| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4208| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4209| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4210| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4211| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4212| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4213| [64780] Apache CloudStack Unauthorized Access Vulnerability
4214| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4215| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4216| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4217| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4218| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4219| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4220| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4221| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4222| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4223| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4224| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4225| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4226| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4227| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4228| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4229| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4230| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4231| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4232| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4233| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4234| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4235| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4236| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4237| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4238| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4239| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4240| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4241| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4242| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4243| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4244| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4245| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4246| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4247| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4248| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4249| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4250| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4251| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4252| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4253| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4254| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4255| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4256| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4257| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4258| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4259| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4260| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4261| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4262| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4263| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4264| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4265| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4266| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4267| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4268| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4269| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4270| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4271| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4272| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4273| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4274| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4275| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4276| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4277| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4278| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4279| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4280| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4281| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4282| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4283| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4284| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4285| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4286| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4287| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4288| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4289| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4290| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4291| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4292| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4293| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4294| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4295| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4296| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4297| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4298| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4299| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4300| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4301| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4302| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4303| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4304| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4305| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4306| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4307| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4308| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4309| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4310| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4311| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4312| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4313| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4314| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4315| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4316| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4317| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4318| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4319| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4320| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4321| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4322| [54798] Apache Libcloud Man In The Middle Vulnerability
4323| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4324| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4325| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4326| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4327| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4328| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4329| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4330| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4331| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4332| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4333| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4334| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4335| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4336| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4337| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4338| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4339| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4340| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4341| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4342| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4343| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4344| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4345| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4346| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4347| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4348| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4349| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4350| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4351| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4352| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4353| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4354| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4355| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4356| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4357| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4358| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4359| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4360| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4361| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4362| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4363| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4364| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4365| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4366| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4367| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4368| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4369| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4370| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4371| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4372| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4373| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4374| [49290] Apache Wicket Cross Site Scripting Vulnerability
4375| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4376| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4377| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4378| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4379| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4380| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4381| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4382| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4383| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4384| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4385| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4386| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4387| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4388| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4389| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4390| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4391| [46953] Apache MPM-ITK Module Security Weakness
4392| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4393| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4394| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4395| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4396| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4397| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4398| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4399| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4400| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4401| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4402| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4403| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4404| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4405| [44616] Apache Shiro Directory Traversal Vulnerability
4406| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4407| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4408| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4409| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4410| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4411| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4412| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4413| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4414| [42492] Apache CXF XML DTD Processing Security Vulnerability
4415| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4416| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4417| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4418| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4419| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4420| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4421| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4422| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4423| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4424| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4425| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4426| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4427| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4428| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4429| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4430| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4431| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4432| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4433| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4434| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4435| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4436| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4437| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4438| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4439| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4440| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4441| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4442| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4443| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4444| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4445| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4446| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4447| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4448| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4449| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4450| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4451| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4452| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4453| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4454| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4455| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4456| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4457| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4458| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4459| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4460| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4461| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4462| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4463| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4464| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4465| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4466| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4467| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4468| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4469| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4470| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4471| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4472| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4473| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4474| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4475| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4476| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4477| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4478| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4479| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4480| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4481| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4482| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4483| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4484| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4485| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4486| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4487| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4488| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4489| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4490| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4491| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4492| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4493| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4494| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4495| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4496| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4497| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4498| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4499| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4500| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4501| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4502| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4503| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4504| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4505| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4506| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4507| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4508| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4509| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4510| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4511| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4512| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4513| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4514| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4515| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4516| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4517| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4518| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4519| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4520| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4521| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4522| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4523| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4524| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4525| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4526| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4527| [20527] Apache Mod_TCL Remote Format String Vulnerability
4528| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4529| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4530| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4531| [19106] Apache Tomcat Information Disclosure Vulnerability
4532| [18138] Apache James SMTP Denial Of Service Vulnerability
4533| [17342] Apache Struts Multiple Remote Vulnerabilities
4534| [17095] Apache Log4Net Denial Of Service Vulnerability
4535| [16916] Apache mod_python FileSession Code Execution Vulnerability
4536| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4537| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4538| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4539| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4540| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4541| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4542| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4543| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4544| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4545| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4546| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4547| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4548| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4549| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4550| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4551| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4552| [14106] Apache HTTP Request Smuggling Vulnerability
4553| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4554| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4555| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4556| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4557| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4558| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4559| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4560| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4561| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4562| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4563| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4564| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4565| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4566| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4567| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4568| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4569| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4570| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4571| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4572| [11094] Apache mod_ssl Denial Of Service Vulnerability
4573| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4574| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4575| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4576| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4577| [10478] ClueCentral Apache Suexec Patch Security Weakness
4578| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4579| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4580| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4581| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4582| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4583| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4584| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4585| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4586| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4587| [9733] Apache Cygwin Directory Traversal Vulnerability
4588| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4589| [9590] Apache-SSL Client Certificate Forging Vulnerability
4590| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4591| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4592| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4593| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4594| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4595| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4596| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4597| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4598| [8898] Red Hat Apache Directory Index Default Configuration Error
4599| [8883] Apache Cocoon Directory Traversal Vulnerability
4600| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4601| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4602| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4603| [8707] Apache htpasswd Password Entropy Weakness
4604| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4605| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4606| [8226] Apache HTTP Server Multiple Vulnerabilities
4607| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4608| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4609| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4610| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4611| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4612| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4613| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4614| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4615| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4616| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4617| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4618| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4619| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4620| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4621| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4622| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4623| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4624| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4625| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4626| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4627| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4628| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4629| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4630| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4631| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4632| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4633| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4634| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4635| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4636| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4637| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4638| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4639| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4640| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4641| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4642| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4643| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4644| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4645| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4646| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4647| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4648| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4649| [5485] Apache 2.0 Path Disclosure Vulnerability
4650| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4651| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4652| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4653| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4654| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4655| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4656| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4657| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4658| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4659| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4660| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4661| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4662| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4663| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4664| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4665| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4666| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4667| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4668| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4669| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4670| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4671| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4672| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4673| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4674| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4675| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4676| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4677| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4678| [3596] Apache Split-Logfile File Append Vulnerability
4679| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4680| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4681| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4682| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4683| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4684| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4685| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4686| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4687| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4688| [3169] Apache Server Address Disclosure Vulnerability
4689| [3009] Apache Possible Directory Index Disclosure Vulnerability
4690| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4691| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4692| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4693| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4694| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4695| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4696| [2216] Apache Web Server DoS Vulnerability
4697| [2182] Apache /tmp File Race Vulnerability
4698| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4699| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4700| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4701| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4702| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4703| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4704| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4705| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4706| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4707| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4708| [1457] Apache::ASP source.asp Example Script Vulnerability
4709| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4710| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4711|
4712| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4713| [86258] Apache CloudStack text fields cross-site scripting
4714| [85983] Apache Subversion mod_dav_svn module denial of service
4715| [85875] Apache OFBiz UEL code execution
4716| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4717| [85871] Apache HTTP Server mod_session_dbd unspecified
4718| [85756] Apache Struts OGNL expression command execution
4719| [85755] Apache Struts DefaultActionMapper class open redirect
4720| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4721| [85574] Apache HTTP Server mod_dav denial of service
4722| [85573] Apache Struts Showcase App OGNL code execution
4723| [85496] Apache CXF denial of service
4724| [85423] Apache Geronimo RMI classloader code execution
4725| [85326] Apache Santuario XML Security for C++ buffer overflow
4726| [85323] Apache Santuario XML Security for Java spoofing
4727| [85319] Apache Qpid Python client SSL spoofing
4728| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4729| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4730| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4731| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4732| [84952] Apache Tomcat CVE-2012-3544 denial of service
4733| [84763] Apache Struts CVE-2013-2135 security bypass
4734| [84762] Apache Struts CVE-2013-2134 security bypass
4735| [84719] Apache Subversion CVE-2013-2088 command execution
4736| [84718] Apache Subversion CVE-2013-2112 denial of service
4737| [84717] Apache Subversion CVE-2013-1968 denial of service
4738| [84577] Apache Tomcat security bypass
4739| [84576] Apache Tomcat symlink
4740| [84543] Apache Struts CVE-2013-2115 security bypass
4741| [84542] Apache Struts CVE-2013-1966 security bypass
4742| [84154] Apache Tomcat session hijacking
4743| [84144] Apache Tomcat denial of service
4744| [84143] Apache Tomcat information disclosure
4745| [84111] Apache HTTP Server command execution
4746| [84043] Apache Virtual Computing Lab cross-site scripting
4747| [84042] Apache Virtual Computing Lab cross-site scripting
4748| [83782] Apache CloudStack information disclosure
4749| [83781] Apache CloudStack security bypass
4750| [83720] Apache ActiveMQ cross-site scripting
4751| [83719] Apache ActiveMQ denial of service
4752| [83718] Apache ActiveMQ denial of service
4753| [83263] Apache Subversion denial of service
4754| [83262] Apache Subversion denial of service
4755| [83261] Apache Subversion denial of service
4756| [83259] Apache Subversion denial of service
4757| [83035] Apache mod_ruid2 security bypass
4758| [82852] Apache Qpid federation_tag security bypass
4759| [82851] Apache Qpid qpid::framing::Buffer denial of service
4760| [82758] Apache Rave User RPC API information disclosure
4761| [82663] Apache Subversion svn_fs_file_length() denial of service
4762| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4763| [82641] Apache Qpid AMQP denial of service
4764| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4765| [82618] Apache Commons FileUpload symlink
4766| [82360] Apache HTTP Server manager interface cross-site scripting
4767| [82359] Apache HTTP Server hostnames cross-site scripting
4768| [82338] Apache Tomcat log/logdir information disclosure
4769| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4770| [82268] Apache OpenJPA deserialization command execution
4771| [81981] Apache CXF UsernameTokens security bypass
4772| [81980] Apache CXF WS-Security security bypass
4773| [81398] Apache OFBiz cross-site scripting
4774| [81240] Apache CouchDB directory traversal
4775| [81226] Apache CouchDB JSONP code execution
4776| [81225] Apache CouchDB Futon user interface cross-site scripting
4777| [81211] Apache Axis2/C SSL spoofing
4778| [81167] Apache CloudStack DeployVM information disclosure
4779| [81166] Apache CloudStack AddHost API information disclosure
4780| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4781| [80518] Apache Tomcat cross-site request forgery security bypass
4782| [80517] Apache Tomcat FormAuthenticator security bypass
4783| [80516] Apache Tomcat NIO denial of service
4784| [80408] Apache Tomcat replay-countermeasure security bypass
4785| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4786| [80317] Apache Tomcat slowloris denial of service
4787| [79984] Apache Commons HttpClient SSL spoofing
4788| [79983] Apache CXF SSL spoofing
4789| [79830] Apache Axis2/Java SSL spoofing
4790| [79829] Apache Axis SSL spoofing
4791| [79809] Apache Tomcat DIGEST security bypass
4792| [79806] Apache Tomcat parseHeaders() denial of service
4793| [79540] Apache OFBiz unspecified
4794| [79487] Apache Axis2 SAML security bypass
4795| [79212] Apache Cloudstack code execution
4796| [78734] Apache CXF SOAP Action security bypass
4797| [78730] Apache Qpid broker denial of service
4798| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4799| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4800| [78562] Apache mod_pagespeed module security bypass
4801| [78454] Apache Axis2 security bypass
4802| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4803| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4804| [78321] Apache Wicket unspecified cross-site scripting
4805| [78183] Apache Struts parameters denial of service
4806| [78182] Apache Struts cross-site request forgery
4807| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4808| [77987] mod_rpaf module for Apache denial of service
4809| [77958] Apache Struts skill name code execution
4810| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4811| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4812| [77568] Apache Qpid broker security bypass
4813| [77421] Apache Libcloud spoofing
4814| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4815| [77046] Oracle Solaris Apache HTTP Server information disclosure
4816| [76837] Apache Hadoop information disclosure
4817| [76802] Apache Sling CopyFrom denial of service
4818| [76692] Apache Hadoop symlink
4819| [76535] Apache Roller console cross-site request forgery
4820| [76534] Apache Roller weblog cross-site scripting
4821| [76152] Apache CXF elements security bypass
4822| [76151] Apache CXF child policies security bypass
4823| [75983] MapServer for Windows Apache file include
4824| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4825| [75558] Apache POI denial of service
4826| [75545] PHP apache_request_headers() buffer overflow
4827| [75302] Apache Qpid SASL security bypass
4828| [75211] Debian GNU/Linux apache 2 cross-site scripting
4829| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4830| [74871] Apache OFBiz FlexibleStringExpander code execution
4831| [74870] Apache OFBiz multiple cross-site scripting
4832| [74750] Apache Hadoop unspecified spoofing
4833| [74319] Apache Struts XSLTResult.java file upload
4834| [74313] Apache Traffic Server header buffer overflow
4835| [74276] Apache Wicket directory traversal
4836| [74273] Apache Wicket unspecified cross-site scripting
4837| [74181] Apache HTTP Server mod_fcgid module denial of service
4838| [73690] Apache Struts OGNL code execution
4839| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4840| [73100] Apache MyFaces in directory traversal
4841| [73096] Apache APR hash denial of service
4842| [73052] Apache Struts name cross-site scripting
4843| [73030] Apache CXF UsernameToken security bypass
4844| [72888] Apache Struts lastName cross-site scripting
4845| [72758] Apache HTTP Server httpOnly information disclosure
4846| [72757] Apache HTTP Server MPM denial of service
4847| [72585] Apache Struts ParameterInterceptor security bypass
4848| [72438] Apache Tomcat Digest security bypass
4849| [72437] Apache Tomcat Digest security bypass
4850| [72436] Apache Tomcat DIGEST security bypass
4851| [72425] Apache Tomcat parameter denial of service
4852| [72422] Apache Tomcat request object information disclosure
4853| [72377] Apache HTTP Server scoreboard security bypass
4854| [72345] Apache HTTP Server HTTP request denial of service
4855| [72229] Apache Struts ExceptionDelegator command execution
4856| [72089] Apache Struts ParameterInterceptor directory traversal
4857| [72088] Apache Struts CookieInterceptor command execution
4858| [72047] Apache Geronimo hash denial of service
4859| [72016] Apache Tomcat hash denial of service
4860| [71711] Apache Struts OGNL expression code execution
4861| [71654] Apache Struts interfaces security bypass
4862| [71620] Apache ActiveMQ failover denial of service
4863| [71617] Apache HTTP Server mod_proxy module information disclosure
4864| [71508] Apache MyFaces EL security bypass
4865| [71445] Apache HTTP Server mod_proxy security bypass
4866| [71203] Apache Tomcat servlets privilege escalation
4867| [71181] Apache HTTP Server ap_pregsub() denial of service
4868| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4869| [70336] Apache HTTP Server mod_proxy information disclosure
4870| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4871| [69472] Apache Tomcat AJP security bypass
4872| [69396] Apache HTTP Server ByteRange filter denial of service
4873| [69394] Apache Wicket multi window support cross-site scripting
4874| [69176] Apache Tomcat XML information disclosure
4875| [69161] Apache Tomcat jsvc information disclosure
4876| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4877| [68541] Apache Tomcat sendfile information disclosure
4878| [68420] Apache XML Security denial of service
4879| [68238] Apache Tomcat JMX information disclosure
4880| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4881| [67804] Apache Subversion control rules information disclosure
4882| [67803] Apache Subversion control rules denial of service
4883| [67802] Apache Subversion baselined denial of service
4884| [67672] Apache Archiva multiple cross-site scripting
4885| [67671] Apache Archiva multiple cross-site request forgery
4886| [67564] Apache APR apr_fnmatch() denial of service
4887| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4888| [67515] Apache Tomcat annotations security bypass
4889| [67480] Apache Struts s:submit information disclosure
4890| [67414] Apache APR apr_fnmatch() denial of service
4891| [67356] Apache Struts javatemplates cross-site scripting
4892| [67354] Apache Struts Xwork cross-site scripting
4893| [66676] Apache Tomcat HTTP BIO information disclosure
4894| [66675] Apache Tomcat web.xml security bypass
4895| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4896| [66241] Apache HttpComponents information disclosure
4897| [66154] Apache Tomcat ServletSecurity security bypass
4898| [65971] Apache Tomcat ServletSecurity security bypass
4899| [65876] Apache Subversion mod_dav_svn denial of service
4900| [65343] Apache Continuum unspecified cross-site scripting
4901| [65162] Apache Tomcat NIO connector denial of service
4902| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4903| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4904| [65159] Apache Tomcat ServletContect security bypass
4905| [65050] Apache CouchDB web-based administration UI cross-site scripting
4906| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4907| [64473] Apache Subversion blame -g denial of service
4908| [64472] Apache Subversion walk() denial of service
4909| [64407] Apache Axis2 CVE-2010-0219 code execution
4910| [63926] Apache Archiva password privilege escalation
4911| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4912| [63493] Apache Archiva credentials cross-site request forgery
4913| [63477] Apache Tomcat HttpOnly session hijacking
4914| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4915| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4916| [62959] Apache Shiro filters security bypass
4917| [62790] Apache Perl cgi module denial of service
4918| [62576] Apache Qpid exchange denial of service
4919| [62575] Apache Qpid AMQP denial of service
4920| [62354] Apache Qpid SSL denial of service
4921| [62235] Apache APR-util apr_brigade_split_line() denial of service
4922| [62181] Apache XML-RPC SAX Parser information disclosure
4923| [61721] Apache Traffic Server cache poisoning
4924| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4925| [61186] Apache CouchDB Futon cross-site request forgery
4926| [61169] Apache CXF DTD denial of service
4927| [61070] Apache Jackrabbit search.jsp SQL injection
4928| [61006] Apache SLMS Quoting cross-site request forgery
4929| [60962] Apache Tomcat time cross-site scripting
4930| [60883] Apache mod_proxy_http information disclosure
4931| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4932| [60264] Apache Tomcat Transfer-Encoding denial of service
4933| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4934| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4935| [59413] Apache mod_proxy_http timeout information disclosure
4936| [59058] Apache MyFaces unencrypted view state cross-site scripting
4937| [58827] Apache Axis2 xsd file include
4938| [58790] Apache Axis2 modules cross-site scripting
4939| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4940| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4941| [58056] Apache ActiveMQ .jsp source code disclosure
4942| [58055] Apache Tomcat realm name information disclosure
4943| [58046] Apache HTTP Server mod_auth_shadow security bypass
4944| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4945| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4946| [57429] Apache CouchDB algorithms information disclosure
4947| [57398] Apache ActiveMQ Web console cross-site request forgery
4948| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4949| [56653] Apache HTTP Server DNS spoofing
4950| [56652] Apache HTTP Server DNS cross-site scripting
4951| [56625] Apache HTTP Server request header information disclosure
4952| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4953| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4954| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4955| [55857] Apache Tomcat WAR files directory traversal
4956| [55856] Apache Tomcat autoDeploy attribute security bypass
4957| [55855] Apache Tomcat WAR directory traversal
4958| [55210] Intuit component for Joomla! Apache information disclosure
4959| [54533] Apache Tomcat 404 error page cross-site scripting
4960| [54182] Apache Tomcat admin default password
4961| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4962| [53666] Apache HTTP Server Solaris pollset support denial of service
4963| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4964| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4965| [53041] mod_proxy_ftp module for Apache denial of service
4966| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4967| [51953] Apache Tomcat Path Disclosure
4968| [51952] Apache Tomcat Path Traversal
4969| [51951] Apache stronghold-status Information Disclosure
4970| [51950] Apache stronghold-info Information Disclosure
4971| [51949] Apache PHP Source Code Disclosure
4972| [51948] Apache Multiviews Attack
4973| [51946] Apache JServ Environment Status Information Disclosure
4974| [51945] Apache error_log Information Disclosure
4975| [51944] Apache Default Installation Page Pattern Found
4976| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4977| [51942] Apache AXIS XML External Entity File Retrieval
4978| [51941] Apache AXIS Sample Servlet Information Leak
4979| [51940] Apache access_log Information Disclosure
4980| [51626] Apache mod_deflate denial of service
4981| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4982| [51365] Apache Tomcat RequestDispatcher security bypass
4983| [51273] Apache HTTP Server Incomplete Request denial of service
4984| [51195] Apache Tomcat XML information disclosure
4985| [50994] Apache APR-util xml/apr_xml.c denial of service
4986| [50993] Apache APR-util apr_brigade_vprintf denial of service
4987| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4988| [50930] Apache Tomcat j_security_check information disclosure
4989| [50928] Apache Tomcat AJP denial of service
4990| [50884] Apache HTTP Server XML ENTITY denial of service
4991| [50808] Apache HTTP Server AllowOverride privilege escalation
4992| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4993| [50059] Apache mod_proxy_ajp information disclosure
4994| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4995| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4996| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4997| [49921] Apache ActiveMQ Web interface cross-site scripting
4998| [49898] Apache Geronimo Services/Repository directory traversal
4999| [49725] Apache Tomcat mod_jk module information disclosure
5000| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5001| [49712] Apache Struts unspecified cross-site scripting
5002| [49213] Apache Tomcat cal2.jsp cross-site scripting
5003| [48934] Apache Tomcat POST doRead method information disclosure
5004| [48211] Apache Tomcat header HTTP request smuggling
5005| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5006| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5007| [47709] Apache Roller "
5008| [47104] Novell Netware ApacheAdmin console security bypass
5009| [47086] Apache HTTP Server OS fingerprinting unspecified
5010| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5011| [45791] Apache Tomcat RemoteFilterValve security bypass
5012| [44435] Oracle WebLogic Apache Connector buffer overflow
5013| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5014| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5015| [44156] Apache Tomcat RequestDispatcher directory traversal
5016| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5017| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5018| [42987] Apache HTTP Server mod_proxy module denial of service
5019| [42915] Apache Tomcat JSP files path disclosure
5020| [42914] Apache Tomcat MS-DOS path disclosure
5021| [42892] Apache Tomcat unspecified unauthorized access
5022| [42816] Apache Tomcat Host Manager cross-site scripting
5023| [42303] Apache 403 error cross-site scripting
5024| [41618] Apache-SSL ExpandCert() authentication bypass
5025| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5026| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5027| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5028| [40562] Apache Geronimo init information disclosure
5029| [40478] Novell Web Manager webadmin-apache.conf security bypass
5030| [40411] Apache Tomcat exception handling information disclosure
5031| [40409] Apache Tomcat native (APR based) connector weak security
5032| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5033| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5034| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5035| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5036| [39804] Apache Tomcat SingleSignOn information disclosure
5037| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5038| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5039| [39608] Apache HTTP Server balancer manager cross-site request forgery
5040| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5041| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5042| [39472] Apache HTTP Server mod_status cross-site scripting
5043| [39201] Apache Tomcat JULI logging weak security
5044| [39158] Apache HTTP Server Windows SMB shares information disclosure
5045| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5046| [38951] Apache::AuthCAS Perl module cookie SQL injection
5047| [38800] Apache HTTP Server 413 error page cross-site scripting
5048| [38211] Apache Geronimo SQLLoginModule authentication bypass
5049| [37243] Apache Tomcat WebDAV directory traversal
5050| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5051| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5052| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5053| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5054| [36782] Apache Geronimo MEJB unauthorized access
5055| [36586] Apache HTTP Server UTF-7 cross-site scripting
5056| [36468] Apache Geronimo LoginModule security bypass
5057| [36467] Apache Tomcat functions.jsp cross-site scripting
5058| [36402] Apache Tomcat calendar cross-site request forgery
5059| [36354] Apache HTTP Server mod_proxy module denial of service
5060| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5061| [36336] Apache Derby lock table privilege escalation
5062| [36335] Apache Derby schema privilege escalation
5063| [36006] Apache Tomcat "
5064| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5065| [35999] Apache Tomcat \"
5066| [35795] Apache Tomcat CookieExample cross-site scripting
5067| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5068| [35384] Apache HTTP Server mod_cache module denial of service
5069| [35097] Apache HTTP Server mod_status module cross-site scripting
5070| [35095] Apache HTTP Server Prefork MPM module denial of service
5071| [34984] Apache HTTP Server recall_headers information disclosure
5072| [34966] Apache HTTP Server MPM content spoofing
5073| [34965] Apache HTTP Server MPM information disclosure
5074| [34963] Apache HTTP Server MPM multiple denial of service
5075| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5076| [34869] Apache Tomcat JSP example Web application cross-site scripting
5077| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5078| [34496] Apache Tomcat JK Connector security bypass
5079| [34377] Apache Tomcat hello.jsp cross-site scripting
5080| [34212] Apache Tomcat SSL configuration security bypass
5081| [34210] Apache Tomcat Accept-Language cross-site scripting
5082| [34209] Apache Tomcat calendar application cross-site scripting
5083| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5084| [34167] Apache Axis WSDL file path disclosure
5085| [34068] Apache Tomcat AJP connector information disclosure
5086| [33584] Apache HTTP Server suEXEC privilege escalation
5087| [32988] Apache Tomcat proxy module directory traversal
5088| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5089| [32708] Debian Apache tty privilege escalation
5090| [32441] ApacheStats extract() PHP call unspecified
5091| [32128] Apache Tomcat default account
5092| [31680] Apache Tomcat RequestParamExample cross-site scripting
5093| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5094| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5095| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5096| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5097| [29550] Apache mod_tcl set_var() format string
5098| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5099| [28357] Apache HTTP Server mod_alias script source information disclosure
5100| [28063] Apache mod_rewrite off-by-one buffer overflow
5101| [27902] Apache Tomcat URL information disclosure
5102| [26786] Apache James SMTP server denial of service
5103| [25680] libapache2 /tmp/svn file upload
5104| [25614] Apache Struts lookupMap cross-site scripting
5105| [25613] Apache Struts ActionForm denial of service
5106| [25612] Apache Struts isCancelled() security bypass
5107| [24965] Apache mod_python FileSession command execution
5108| [24716] Apache James spooler memory leak denial of service
5109| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5110| [24158] Apache Geronimo jsp-examples cross-site scripting
5111| [24030] Apache auth_ldap module multiple format strings
5112| [24008] Apache mod_ssl custom error message denial of service
5113| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5114| [23612] Apache mod_imap referer field cross-site scripting
5115| [23173] Apache Struts error message cross-site scripting
5116| [22942] Apache Tomcat directory listing denial of service
5117| [22858] Apache Multi-Processing Module code allows denial of service
5118| [22602] RHSA-2005:582 updates for Apache httpd not installed
5119| [22520] Apache mod-auth-shadow "
5120| [22466] ApacheTop symlink
5121| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5122| [22006] Apache HTTP Server byte-range filter denial of service
5123| [21567] Apache mod_ssl off-by-one buffer overflow
5124| [21195] Apache HTTP Server header HTTP request smuggling
5125| [20383] Apache HTTP Server htdigest buffer overflow
5126| [19681] Apache Tomcat AJP12 request denial of service
5127| [18993] Apache HTTP server check_forensic symlink attack
5128| [18790] Apache Tomcat Manager cross-site scripting
5129| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5130| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5131| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5132| [17961] Apache Web server ServerTokens has not been set
5133| [17930] Apache HTTP Server HTTP GET request denial of service
5134| [17785] Apache mod_include module buffer overflow
5135| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5136| [17473] Apache HTTP Server Satisfy directive allows access to resources
5137| [17413] Apache htpasswd buffer overflow
5138| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5139| [17382] Apache HTTP Server IPv6 apr_util denial of service
5140| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5141| [17273] Apache HTTP Server speculative mode denial of service
5142| [17200] Apache HTTP Server mod_ssl denial of service
5143| [16890] Apache HTTP Server server-info request has been detected
5144| [16889] Apache HTTP Server server-status request has been detected
5145| [16705] Apache mod_ssl format string attack
5146| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5147| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5148| [16230] Apache HTTP Server PHP denial of service
5149| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5150| [15958] Apache HTTP Server authentication modules memory corruption
5151| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5152| [15540] Apache HTTP Server socket starvation denial of service
5153| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5154| [15422] Apache HTTP Server mod_access information disclosure
5155| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5156| [15293] Apache for Cygwin "
5157| [15065] Apache-SSL has a default password
5158| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5159| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5160| [14751] Apache Mod_python output filter information disclosure
5161| [14125] Apache HTTP Server mod_userdir module information disclosure
5162| [14075] Apache HTTP Server mod_php file descriptor leak
5163| [13703] Apache HTTP Server account
5164| [13689] Apache HTTP Server configuration allows symlinks
5165| [13688] Apache HTTP Server configuration allows SSI
5166| [13687] Apache HTTP Server Server: header value
5167| [13685] Apache HTTP Server ServerTokens value
5168| [13684] Apache HTTP Server ServerSignature value
5169| [13672] Apache HTTP Server config allows directory autoindexing
5170| [13671] Apache HTTP Server default content
5171| [13670] Apache HTTP Server config file directive references outside content root
5172| [13668] Apache HTTP Server httpd not running in chroot environment
5173| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5174| [13664] Apache HTTP Server config file contains ScriptAlias entry
5175| [13663] Apache HTTP Server CGI support modules loaded
5176| [13661] Apache HTTP Server config file contains AddHandler entry
5177| [13660] Apache HTTP Server 500 error page not CGI script
5178| [13659] Apache HTTP Server 413 error page not CGI script
5179| [13658] Apache HTTP Server 403 error page not CGI script
5180| [13657] Apache HTTP Server 401 error page not CGI script
5181| [13552] Apache HTTP Server mod_cgid module information disclosure
5182| [13550] Apache GET request directory traversal
5183| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5184| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5185| [13429] Apache Tomcat non-HTTP request denial of service
5186| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5187| [13295] Apache weak password encryption
5188| [13254] Apache Tomcat .jsp cross-site scripting
5189| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5190| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5191| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5192| [12662] Apache HTTP Server rotatelogs denial of service
5193| [12554] Apache Tomcat stores password in plain text
5194| [12553] Apache HTTP Server redirects and subrequests denial of service
5195| [12552] Apache HTTP Server FTP proxy server denial of service
5196| [12551] Apache HTTP Server prefork MPM denial of service
5197| [12550] Apache HTTP Server weaker than expected encryption
5198| [12549] Apache HTTP Server type-map file denial of service
5199| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5200| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5201| [12091] Apache HTTP Server apr_password_validate denial of service
5202| [12090] Apache HTTP Server apr_psprintf code execution
5203| [11804] Apache HTTP Server mod_access_referer denial of service
5204| [11750] Apache HTTP Server could leak sensitive file descriptors
5205| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5206| [11703] Apache long slash path allows directory listing
5207| [11695] Apache HTTP Server LF (Line Feed) denial of service
5208| [11694] Apache HTTP Server filestat.c denial of service
5209| [11438] Apache HTTP Server MIME message boundaries information disclosure
5210| [11412] Apache HTTP Server error log terminal escape sequence injection
5211| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5212| [11195] Apache Tomcat web.xml could be used to read files
5213| [11194] Apache Tomcat URL appended with a null character could list directories
5214| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5215| [11126] Apache HTTP Server illegal character file disclosure
5216| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5217| [11124] Apache HTTP Server DOS device name denial of service
5218| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5219| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5220| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5221| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5222| [10499] Apache HTTP Server WebDAV HTTP POST view source
5223| [10457] Apache HTTP Server mod_ssl "
5224| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5225| [10414] Apache HTTP Server htdigest multiple buffer overflows
5226| [10413] Apache HTTP Server htdigest temporary file race condition
5227| [10412] Apache HTTP Server htpasswd temporary file race condition
5228| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5229| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5230| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5231| [10280] Apache HTTP Server shared memory scorecard overwrite
5232| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5233| [10241] Apache HTTP Server Host: header cross-site scripting
5234| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5235| [10208] Apache HTTP Server mod_dav denial of service
5236| [10206] HP VVOS Apache mod_ssl denial of service
5237| [10200] Apache HTTP Server stderr denial of service
5238| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5239| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5240| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5241| [10098] Slapper worm targets OpenSSL/Apache systems
5242| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5243| [9875] Apache HTTP Server .var file request could disclose installation path
5244| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5245| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5246| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5247| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5248| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5249| [9396] Apache Tomcat null character to threads denial of service
5250| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5251| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5252| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5253| [8932] Apache Tomcat example class information disclosure
5254| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5255| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5256| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5257| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5258| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5259| [8400] Apache HTTP Server mod_frontpage buffer overflows
5260| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5261| [8308] Apache "
5262| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5263| [8119] Apache and PHP OPTIONS request reveals "
5264| [8054] Apache is running on the system
5265| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5266| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5267| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5268| [7836] Apache HTTP Server log directory denial of service
5269| [7815] Apache for Windows "
5270| [7810] Apache HTTP request could result in unexpected behavior
5271| [7599] Apache Tomcat reveals installation path
5272| [7494] Apache "
5273| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5274| [7363] Apache Web Server hidden HTTP requests
5275| [7249] Apache mod_proxy denial of service
5276| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5277| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5278| [7059] Apache "
5279| [7057] Apache "
5280| [7056] Apache "
5281| [7055] Apache "
5282| [7054] Apache "
5283| [6997] Apache Jakarta Tomcat error message may reveal information
5284| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5285| [6970] Apache crafted HTTP request could reveal the internal IP address
5286| [6921] Apache long slash path allows directory listing
5287| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5288| [6527] Apache Web Server for Windows and OS2 denial of service
5289| [6316] Apache Jakarta Tomcat may reveal JSP source code
5290| [6305] Apache Jakarta Tomcat directory traversal
5291| [5926] Linux Apache symbolic link
5292| [5659] Apache Web server discloses files when used with php script
5293| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5294| [5204] Apache WebDAV directory listings
5295| [5197] Apache Web server reveals CGI script source code
5296| [5160] Apache Jakarta Tomcat default installation
5297| [5099] Trustix Secure Linux installs Apache with world writable access
5298| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5299| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5300| [4931] Apache source.asp example file allows users to write to files
5301| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5302| [4205] Apache Jakarta Tomcat delivers file contents
5303| [2084] Apache on Debian by default serves the /usr/doc directory
5304| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5305| [697] Apache HTTP server beck exploit
5306| [331] Apache cookies buffer overflow
5307|
5308| Exploit-DB - https://www.exploit-db.com:
5309| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5310| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5311| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5312| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5313| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5314| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5315| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5316| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5317| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5318| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5319| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5320| [29859] Apache Roller OGNL Injection
5321| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5322| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5323| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5324| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5325| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5326| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5327| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5328| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5329| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5330| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5331| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5332| [27096] Apache Geronimo 1.0 Error Page XSS
5333| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5334| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5335| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5336| [25986] Plesk Apache Zeroday Remote Exploit
5337| [25980] Apache Struts includeParams Remote Code Execution
5338| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5339| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5340| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5341| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5342| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5343| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5344| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5345| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5346| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5347| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5348| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5349| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5350| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5351| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5352| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5353| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5354| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5355| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5356| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5357| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5358| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5359| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5360| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5361| [21719] Apache 2.0 Path Disclosure Vulnerability
5362| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5363| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5364| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5365| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5366| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5367| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5368| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5369| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5370| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5371| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5372| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5373| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5374| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5375| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5376| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5377| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5378| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5379| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5380| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5381| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5382| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5383| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5384| [20558] Apache 1.2 Web Server DoS Vulnerability
5385| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5386| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5387| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5388| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5389| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5390| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5391| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5392| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5393| [19231] PHP apache_request_headers Function Buffer Overflow
5394| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5395| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5396| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5397| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5398| [18442] Apache httpOnly Cookie Disclosure
5399| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5400| [18221] Apache HTTP Server Denial of Service
5401| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5402| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5403| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5404| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5405| [16782] Apache Win32 Chunked Encoding
5406| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5407| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5408| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5409| [15319] Apache 2.2 (Windows) Local Denial of Service
5410| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5411| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5412| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5413| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5414| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5415| [12330] Apache OFBiz - Multiple XSS
5416| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5417| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5418| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5419| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5420| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5421| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5422| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5423| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5424| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5425| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5426| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5427| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5428| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5429| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5430| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5431| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5432| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5433| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5434| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5435| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5436| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5437| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5438| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5439| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5440| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5441| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5442| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5443| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5444| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5445| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5446| [466] htpasswd Apache 1.3.31 - Local Exploit
5447| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5448| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5449| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5450| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5451| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5452| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5453| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5454| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5455| [9] Apache HTTP Server 2.x Memory Leak Exploit
5456|
5457| OpenVAS (Nessus) - http://www.openvas.org:
5458| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5459| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5460| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5461| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5462| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5463| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5464| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5465| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5466| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5467| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5468| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5469| [900571] Apache APR-Utils Version Detection
5470| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5471| [900496] Apache Tiles Multiple XSS Vulnerability
5472| [900493] Apache Tiles Version Detection
5473| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5474| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5475| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5476| [870175] RedHat Update for apache RHSA-2008:0004-01
5477| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5478| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5479| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5480| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5481| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5482| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5483| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5484| [855821] Solaris Update for Apache 1.3 122912-19
5485| [855812] Solaris Update for Apache 1.3 122911-19
5486| [855737] Solaris Update for Apache 1.3 122911-17
5487| [855731] Solaris Update for Apache 1.3 122912-17
5488| [855695] Solaris Update for Apache 1.3 122911-16
5489| [855645] Solaris Update for Apache 1.3 122912-16
5490| [855587] Solaris Update for kernel update and Apache 108529-29
5491| [855566] Solaris Update for Apache 116973-07
5492| [855531] Solaris Update for Apache 116974-07
5493| [855524] Solaris Update for Apache 2 120544-14
5494| [855494] Solaris Update for Apache 1.3 122911-15
5495| [855478] Solaris Update for Apache Security 114145-11
5496| [855472] Solaris Update for Apache Security 113146-12
5497| [855179] Solaris Update for Apache 1.3 122912-15
5498| [855147] Solaris Update for kernel update and Apache 108528-29
5499| [855077] Solaris Update for Apache 2 120543-14
5500| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5501| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5502| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5503| [841209] Ubuntu Update for apache2 USN-1627-1
5504| [840900] Ubuntu Update for apache2 USN-1368-1
5505| [840798] Ubuntu Update for apache2 USN-1259-1
5506| [840734] Ubuntu Update for apache2 USN-1199-1
5507| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5508| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5509| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5510| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5511| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5512| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5513| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5514| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5515| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5516| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5517| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5518| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5519| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5520| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5521| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5522| [835188] HP-UX Update for Apache HPSBUX02308
5523| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5524| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5525| [835172] HP-UX Update for Apache HPSBUX02365
5526| [835168] HP-UX Update for Apache HPSBUX02313
5527| [835148] HP-UX Update for Apache HPSBUX01064
5528| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5529| [835131] HP-UX Update for Apache HPSBUX00256
5530| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5531| [835104] HP-UX Update for Apache HPSBUX00224
5532| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5533| [835101] HP-UX Update for Apache HPSBUX01232
5534| [835080] HP-UX Update for Apache HPSBUX02273
5535| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5536| [835044] HP-UX Update for Apache HPSBUX01019
5537| [835040] HP-UX Update for Apache PHP HPSBUX00207
5538| [835025] HP-UX Update for Apache HPSBUX00197
5539| [835023] HP-UX Update for Apache HPSBUX01022
5540| [835022] HP-UX Update for Apache HPSBUX02292
5541| [835005] HP-UX Update for Apache HPSBUX02262
5542| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5543| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5544| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5545| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5546| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5547| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5548| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5549| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5550| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5551| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5552| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5553| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5554| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5555| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5556| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5557| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5558| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5559| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5560| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5561| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5562| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5563| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5564| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5565| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5566| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5567| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5568| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5569| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5570| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5571| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5572| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5573| [801942] Apache Archiva Multiple Vulnerabilities
5574| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5575| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5576| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5577| [801284] Apache Derby Information Disclosure Vulnerability
5578| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5579| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5580| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5581| [800680] Apache APR Version Detection
5582| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5583| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5584| [800677] Apache Roller Version Detection
5585| [800279] Apache mod_jk Module Version Detection
5586| [800278] Apache Struts Cross Site Scripting Vulnerability
5587| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5588| [800276] Apache Struts Version Detection
5589| [800271] Apache Struts Directory Traversal Vulnerability
5590| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5591| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5592| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5593| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5594| [103074] Apache Continuum Cross Site Scripting Vulnerability
5595| [103073] Apache Continuum Detection
5596| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5597| [101023] Apache Open For Business Weak Password security check
5598| [101020] Apache Open For Business HTML injection vulnerability
5599| [101019] Apache Open For Business service detection
5600| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5601| [100923] Apache Archiva Detection
5602| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5603| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5604| [100813] Apache Axis2 Detection
5605| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5606| [100795] Apache Derby Detection
5607| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5608| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5609| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5610| [100514] Apache Multiple Security Vulnerabilities
5611| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5612| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5613| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5614| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5615| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5616| [72612] FreeBSD Ports: apache22
5617| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5618| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5619| [71512] FreeBSD Ports: apache
5620| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5621| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5622| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5623| [70737] FreeBSD Ports: apache
5624| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5625| [70600] FreeBSD Ports: apache
5626| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5627| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5628| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5629| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5630| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5631| [67868] FreeBSD Ports: apache
5632| [66816] FreeBSD Ports: apache
5633| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5634| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5635| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5636| [66081] SLES11: Security update for Apache 2
5637| [66074] SLES10: Security update for Apache 2
5638| [66070] SLES9: Security update for Apache 2
5639| [65998] SLES10: Security update for apache2-mod_python
5640| [65893] SLES10: Security update for Apache 2
5641| [65888] SLES10: Security update for Apache 2
5642| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5643| [65510] SLES9: Security update for Apache 2
5644| [65472] SLES9: Security update for Apache
5645| [65467] SLES9: Security update for Apache
5646| [65450] SLES9: Security update for apache2
5647| [65390] SLES9: Security update for Apache2
5648| [65363] SLES9: Security update for Apache2
5649| [65309] SLES9: Security update for Apache and mod_ssl
5650| [65296] SLES9: Security update for webdav apache module
5651| [65283] SLES9: Security update for Apache2
5652| [65249] SLES9: Security update for Apache 2
5653| [65230] SLES9: Security update for Apache 2
5654| [65228] SLES9: Security update for Apache 2
5655| [65212] SLES9: Security update for apache2-mod_python
5656| [65209] SLES9: Security update for apache2-worker
5657| [65207] SLES9: Security update for Apache 2
5658| [65168] SLES9: Security update for apache2-mod_python
5659| [65142] SLES9: Security update for Apache2
5660| [65136] SLES9: Security update for Apache 2
5661| [65132] SLES9: Security update for apache
5662| [65131] SLES9: Security update for Apache 2 oes/CORE
5663| [65113] SLES9: Security update for apache2
5664| [65072] SLES9: Security update for apache and mod_ssl
5665| [65017] SLES9: Security update for Apache 2
5666| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5667| [64783] FreeBSD Ports: apache
5668| [64774] Ubuntu USN-802-2 (apache2)
5669| [64653] Ubuntu USN-813-2 (apache2)
5670| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5671| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5672| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5673| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5674| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5675| [64443] Ubuntu USN-802-1 (apache2)
5676| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5677| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5678| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5679| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5680| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5681| [64201] Ubuntu USN-787-1 (apache2)
5682| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5683| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5684| [63565] FreeBSD Ports: apache
5685| [63562] Ubuntu USN-731-1 (apache2)
5686| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5687| [61185] FreeBSD Ports: apache
5688| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5689| [60387] Slackware Advisory SSA:2008-045-02 apache
5690| [58826] FreeBSD Ports: apache-tomcat
5691| [58825] FreeBSD Ports: apache-tomcat
5692| [58804] FreeBSD Ports: apache
5693| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5694| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5695| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5696| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5697| [57335] Debian Security Advisory DSA 1167-1 (apache)
5698| [57201] Debian Security Advisory DSA 1131-1 (apache)
5699| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5700| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5701| [57145] FreeBSD Ports: apache
5702| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5703| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5704| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5705| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5706| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5707| [56067] FreeBSD Ports: apache
5708| [55803] Slackware Advisory SSA:2005-310-04 apache
5709| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5710| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5711| [55355] FreeBSD Ports: apache
5712| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5713| [55261] Debian Security Advisory DSA 805-1 (apache2)
5714| [55259] Debian Security Advisory DSA 803-1 (apache)
5715| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5716| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5717| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5718| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5719| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5720| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5721| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5722| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5723| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5724| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5725| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5726| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5727| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5728| [54439] FreeBSD Ports: apache
5729| [53931] Slackware Advisory SSA:2004-133-01 apache
5730| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5731| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5732| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5733| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5734| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5735| [53848] Debian Security Advisory DSA 131-1 (apache)
5736| [53784] Debian Security Advisory DSA 021-1 (apache)
5737| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5738| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5739| [53735] Debian Security Advisory DSA 187-1 (apache)
5740| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5741| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5742| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5743| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5744| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5745| [53282] Debian Security Advisory DSA 594-1 (apache)
5746| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5747| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5748| [53215] Debian Security Advisory DSA 525-1 (apache)
5749| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5750| [52529] FreeBSD Ports: apache+ssl
5751| [52501] FreeBSD Ports: apache
5752| [52461] FreeBSD Ports: apache
5753| [52390] FreeBSD Ports: apache
5754| [52389] FreeBSD Ports: apache
5755| [52388] FreeBSD Ports: apache
5756| [52383] FreeBSD Ports: apache
5757| [52339] FreeBSD Ports: apache+mod_ssl
5758| [52331] FreeBSD Ports: apache
5759| [52329] FreeBSD Ports: ru-apache+mod_ssl
5760| [52314] FreeBSD Ports: apache
5761| [52310] FreeBSD Ports: apache
5762| [15588] Detect Apache HTTPS
5763| [15555] Apache mod_proxy content-length buffer overflow
5764| [15554] Apache mod_include priviledge escalation
5765| [14771] Apache <= 1.3.33 htpasswd local overflow
5766| [14177] Apache mod_access rule bypass
5767| [13644] Apache mod_rootme Backdoor
5768| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5769| [12280] Apache Connection Blocking Denial of Service
5770| [12239] Apache Error Log Escape Sequence Injection
5771| [12123] Apache Tomcat source.jsp malformed request information disclosure
5772| [12085] Apache Tomcat servlet/JSP container default files
5773| [11438] Apache Tomcat Directory Listing and File disclosure
5774| [11204] Apache Tomcat Default Accounts
5775| [11092] Apache 2.0.39 Win32 directory traversal
5776| [11046] Apache Tomcat TroubleShooter Servlet Installed
5777| [11042] Apache Tomcat DOS Device Name XSS
5778| [11041] Apache Tomcat /servlet Cross Site Scripting
5779| [10938] Apache Remote Command Execution via .bat files
5780| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5781| [10773] MacOS X Finder reveals contents of Apache Web files
5782| [10766] Apache UserDir Sensitive Information Disclosure
5783| [10756] MacOS X Finder reveals contents of Apache Web directories
5784| [10752] Apache Auth Module SQL Insertion Attack
5785| [10704] Apache Directory Listing
5786| [10678] Apache /server-info accessible
5787| [10677] Apache /server-status accessible
5788| [10440] Check for Apache Multiple / vulnerability
5789|
5790| SecurityTracker - https://www.securitytracker.com:
5791| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5792| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5793| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5794| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5795| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5796| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5797| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5798| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5799| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5800| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5801| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5802| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5803| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5804| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5805| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5806| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5807| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5808| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5809| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5810| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5811| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5812| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5813| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5814| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5815| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5816| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5817| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5818| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5819| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5820| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5821| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5822| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5823| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5824| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5825| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5826| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5827| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5828| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5829| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5830| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5831| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5832| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5833| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5834| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5835| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5836| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5837| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5838| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5839| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5840| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5841| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5842| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5843| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5844| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5845| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5846| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5847| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5848| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5849| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5850| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5851| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5852| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5853| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5854| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5855| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5856| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5857| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5858| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5859| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5860| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5861| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5862| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5863| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5864| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5865| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5866| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5867| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5868| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5869| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5870| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5871| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5872| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5873| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5874| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5875| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5876| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5877| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5878| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5879| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5880| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5881| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5882| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5883| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5884| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5885| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5886| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5887| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5888| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5889| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5890| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5891| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5892| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5893| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5894| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5895| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5896| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5897| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5898| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5899| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5900| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5901| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5902| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5903| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5904| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5905| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5906| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5907| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5908| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5909| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5910| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5911| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5912| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5913| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5914| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5915| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5916| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5917| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5918| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5919| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5920| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5921| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5922| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5923| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5924| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5925| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5926| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5927| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5928| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5929| [1008920] Apache mod_digest May Validate Replayed Client Responses
5930| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5931| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5932| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5933| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5934| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5935| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5936| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5937| [1008029] Apache mod_alias Contains a Buffer Overflow
5938| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5939| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5940| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5941| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5942| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5943| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5944| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5945| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5946| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5947| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5948| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5949| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5950| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5951| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5952| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5953| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5954| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5955| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5956| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5957| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5958| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5959| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5960| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5961| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5962| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5963| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5964| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5965| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5966| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5967| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5968| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5969| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5970| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5971| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5972| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5973| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5974| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5975| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5976| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5977| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5978| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5979| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5980| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5981| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5982| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5983| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5984| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5985| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5986| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5987| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5988| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5989| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5990| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5991| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5992| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5993| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5994|
5995| OSVDB - http://www.osvdb.org:
5996| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5997| [96077] Apache CloudStack Global Settings Multiple Field XSS
5998| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5999| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6000| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6001| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6002| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6003| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6004| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6005| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6006| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6007| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6008| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6009| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6010| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6011| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6012| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6013| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6014| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6015| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6016| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6017| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6018| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6019| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6020| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6021| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6022| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6023| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6024| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6025| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6026| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6027| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6028| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6029| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6030| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6031| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6032| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6033| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6034| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6035| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6036| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6037| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6038| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6039| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6040| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6041| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6042| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6043| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6044| [94279] Apache Qpid CA Certificate Validation Bypass
6045| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6046| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6047| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6048| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6049| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6050| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6051| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6052| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6053| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6054| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6055| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6056| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6057| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6058| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6059| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6060| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6061| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6062| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6063| [93541] Apache Solr json.wrf Callback XSS
6064| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6065| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6066| [93520] Apache CloudStack Default SSL Key Weakness
6067| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6068| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6069| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6070| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6071| [93515] Apache HBase table.jsp name Parameter XSS
6072| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6073| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6074| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6075| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6076| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6077| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6078| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6079| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6080| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6081| [93252] Apache Tomcat FORM Authenticator Session Fixation
6082| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6083| [93171] Apache Sling HtmlResponse Error Message XSS
6084| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6085| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6086| [93168] Apache Click ErrorReport.java id Parameter XSS
6087| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6088| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6089| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6090| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6091| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6092| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6093| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6094| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6095| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6096| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6097| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6098| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6099| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6100| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6101| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6102| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6103| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6104| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6105| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6106| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6107| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6108| [93144] Apache Solr Admin Command Execution CSRF
6109| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6110| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6111| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6112| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6113| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6114| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6115| [92748] Apache CloudStack VM Console Access Restriction Bypass
6116| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6117| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6118| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6119| [92706] Apache ActiveMQ Debug Log Rendering XSS
6120| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6121| [92270] Apache Tomcat Unspecified CSRF
6122| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6123| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6124| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6125| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6126| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6127| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6128| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6129| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6130| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6131| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6132| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6133| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6134| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6135| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6136| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6137| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6138| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6139| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6140| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6141| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6142| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6143| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6144| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6145| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6146| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6147| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6148| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6149| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6150| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6151| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6152| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6153| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6154| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6155| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6156| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6157| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6158| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6159| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6160| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6161| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6162| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6163| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6164| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6165| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6166| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6167| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6168| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6169| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6170| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6171| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6172| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6173| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6174| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6175| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6176| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6177| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6178| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6179| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6180| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6181| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6182| [86901] Apache Tomcat Error Message Path Disclosure
6183| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6184| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6185| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6186| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6187| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6188| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6189| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6190| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6191| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6192| [85430] Apache mod_pagespeed Module Unspecified XSS
6193| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6194| [85249] Apache Wicket Unspecified XSS
6195| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6196| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6197| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6198| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6199| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6200| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6201| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6202| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6203| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6204| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6205| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6206| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6207| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6208| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6209| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6210| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6211| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6212| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6213| [83339] Apache Roller Blogger Roll Unspecified XSS
6214| [83270] Apache Roller Unspecified Admin Action CSRF
6215| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6216| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6217| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6218| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6219| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6220| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6221| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6222| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6223| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6224| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6225| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6226| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6227| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6228| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6229| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6230| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6231| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6232| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6233| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6234| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6235| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6236| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6237| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6238| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6239| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6240| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6241| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6242| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6243| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6244| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6245| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6246| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6247| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6248| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6249| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6250| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6251| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6252| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6253| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6254| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6255| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6256| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6257| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6258| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6259| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6260| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6261| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6262| [77593] Apache Struts Conversion Error OGNL Expression Injection
6263| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6264| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6265| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6266| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6267| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6268| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6269| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6270| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6271| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6272| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6273| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6274| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6275| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6276| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6277| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6278| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6279| [74725] Apache Wicket Multi Window Support Unspecified XSS
6280| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6281| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6282| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6283| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6284| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6285| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6286| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6287| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6288| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6289| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6290| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6291| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6292| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6293| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6294| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6295| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6296| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6297| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6298| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6299| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6300| [73154] Apache Archiva Multiple Unspecified CSRF
6301| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6302| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6303| [72238] Apache Struts Action / Method Names <
6304| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6305| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6306| [71557] Apache Tomcat HTML Manager Multiple XSS
6307| [71075] Apache Archiva User Management Page XSS
6308| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6309| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6310| [70924] Apache Continuum Multiple Admin Function CSRF
6311| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6312| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6313| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6314| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6315| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6316| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6317| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6318| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6319| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6320| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6321| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6322| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6323| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6324| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6325| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6326| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6327| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6328| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6329| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6330| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6331| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6332| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6333| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6334| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6335| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6336| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6337| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6338| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6339| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6340| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6341| [65054] Apache ActiveMQ Jetty Error Handler XSS
6342| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6343| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6344| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6345| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6346| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6347| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6348| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6349| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6350| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6351| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6352| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6353| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6354| [63895] Apache HTTP Server mod_headers Unspecified Issue
6355| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6356| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6357| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6358| [63140] Apache Thrift Service Malformed Data Remote DoS
6359| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6360| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6361| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6362| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6363| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6364| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6365| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6366| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6367| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6368| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6369| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6370| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6371| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6372| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6373| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6374| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6375| [60678] Apache Roller Comment Email Notification Manipulation DoS
6376| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6377| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6378| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6379| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6380| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6381| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6382| [60232] PHP on Apache php.exe Direct Request Remote DoS
6383| [60176] Apache Tomcat Windows Installer Admin Default Password
6384| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6385| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6386| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6387| [59944] Apache Hadoop jobhistory.jsp XSS
6388| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6389| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6390| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6391| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6392| [59019] Apache mod_python Cookie Salting Weakness
6393| [59018] Apache Harmony Error Message Handling Overflow
6394| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6395| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6396| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6397| [59010] Apache Solr get-file.jsp XSS
6398| [59009] Apache Solr action.jsp XSS
6399| [59008] Apache Solr analysis.jsp XSS
6400| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6401| [59006] Apache Beehive select / checkbox Tag XSS
6402| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6403| [59004] Apache Beehive Error Message XSS
6404| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6405| [59002] Apache Jetspeed default-page.psml URI XSS
6406| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6407| [59000] Apache CXF Unsigned Message Policy Bypass
6408| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6409| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6410| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6411| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6412| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6413| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6414| [58993] Apache Hadoop browseBlock.jsp XSS
6415| [58991] Apache Hadoop browseDirectory.jsp XSS
6416| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6417| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6418| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6419| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6420| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6421| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6422| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6423| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6424| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6425| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6426| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6427| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6428| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6429| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6430| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6431| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6432| [58974] Apache Sling /apps Script User Session Management Access Weakness
6433| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6434| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6435| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6436| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6437| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6438| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6439| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6440| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6441| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6442| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6443| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6444| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6445| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6446| [58805] Apache Derby Unauthenticated Database / Admin Access
6447| [58804] Apache Wicket Header Contribution Unspecified Issue
6448| [58803] Apache Wicket Session Fixation
6449| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6450| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6451| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6452| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6453| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6454| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6455| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6456| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6457| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6458| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6459| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6460| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6461| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6462| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6463| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6464| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6465| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6466| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6467| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6468| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6469| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6470| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6471| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6472| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6473| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6474| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6475| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6476| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6477| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6478| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6479| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6480| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6481| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6482| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6483| [58755] Apache Harmony DRLVM Non-public Class Member Access
6484| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6485| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6486| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6487| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6488| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6489| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6490| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6491| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6492| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6493| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6494| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6495| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6496| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6497| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6498| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6499| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6500| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6501| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6502| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6503| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6504| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6505| [58724] Apache Roller Logout Functionality Failure Session Persistence
6506| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6507| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6508| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6509| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6510| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6511| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6512| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6513| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6514| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6515| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6516| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6517| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6518| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6519| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6520| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6521| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6522| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6523| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6524| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6525| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6526| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6527| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6528| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6529| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6530| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6531| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6532| [58687] Apache Axis Invalid wsdl Request XSS
6533| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6534| [58685] Apache Velocity Template Designer Privileged Code Execution
6535| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6536| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6537| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6538| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6539| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6540| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6541| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6542| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6543| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6544| [58667] Apache Roller Database Cleartext Passwords Disclosure
6545| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6546| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6547| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6548| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6549| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6550| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6551| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6552| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6553| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6554| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6555| [56984] Apache Xerces2 Java Malformed XML Input DoS
6556| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6557| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6558| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6559| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6560| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6561| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6562| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6563| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6564| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6565| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6566| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6567| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6568| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6569| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6570| [55056] Apache Tomcat Cross-application TLD File Manipulation
6571| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6572| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6573| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6574| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6575| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6576| [54589] Apache Jserv Nonexistent JSP Request XSS
6577| [54122] Apache Struts s:a / s:url Tag href Element XSS
6578| [54093] Apache ActiveMQ Web Console JMS Message XSS
6579| [53932] Apache Geronimo Multiple Admin Function CSRF
6580| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6581| [53930] Apache Geronimo /console/portal/ URI XSS
6582| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6583| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6584| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6585| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6586| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6587| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6588| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6589| [53380] Apache Struts Unspecified XSS
6590| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6591| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6592| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6593| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6594| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6595| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6596| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6597| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6598| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6599| [51151] Apache Roller Search Function q Parameter XSS
6600| [50482] PHP with Apache php_value Order Unspecified Issue
6601| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6602| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6603| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6604| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6605| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6606| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6607| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6608| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6609| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6610| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6611| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6612| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6613| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6614| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6615| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6616| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6617| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6618| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6619| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6620| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6621| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6622| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6623| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6624| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6625| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6626| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6627| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6628| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6629| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6630| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6631| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6632| [43452] Apache Tomcat HTTP Request Smuggling
6633| [43309] Apache Geronimo LoginModule Login Method Bypass
6634| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6635| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6636| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6637| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6638| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6639| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6640| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6641| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6642| [42091] Apache Maven Site Plugin Installation Permission Weakness
6643| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6644| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6645| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6646| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6647| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6648| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6649| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6650| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6651| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6652| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6653| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6654| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6655| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6656| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6657| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6658| [40262] Apache HTTP Server mod_status refresh XSS
6659| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6660| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6661| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6662| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6663| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6664| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6665| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6666| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6667| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6668| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6669| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6670| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6671| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6672| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6673| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6674| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6675| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6676| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6677| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6678| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6679| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6680| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6681| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6682| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6683| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6684| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6685| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6686| [36079] Apache Tomcat Manager Uploaded Filename XSS
6687| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6688| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6689| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6690| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6691| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6692| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6693| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6694| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6695| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6696| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6697| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6698| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6699| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6700| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6701| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6702| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6703| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6704| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6705| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6706| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6707| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6708| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6709| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6710| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6711| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6712| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6713| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6714| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6715| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6716| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6717| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6718| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6719| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6720| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6721| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6722| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6723| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6724| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6725| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6726| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6727| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6728| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6729| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6730| [24365] Apache Struts Multiple Function Error Message XSS
6731| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6732| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6733| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6734| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6735| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6736| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6737| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6738| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6739| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6740| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6741| [22459] Apache Geronimo Error Page XSS
6742| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6743| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6744| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6745| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6746| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6747| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6748| [21021] Apache Struts Error Message XSS
6749| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6750| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6751| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6752| [20439] Apache Tomcat Directory Listing Saturation DoS
6753| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6754| [20285] Apache HTTP Server Log File Control Character Injection
6755| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6756| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6757| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6758| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6759| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6760| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6761| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6762| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6763| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6764| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6765| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6766| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6767| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6768| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6769| [18233] Apache HTTP Server htdigest user Variable Overfow
6770| [17738] Apache HTTP Server HTTP Request Smuggling
6771| [16586] Apache HTTP Server Win32 GET Overflow DoS
6772| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6773| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6774| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6775| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6776| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6777| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6778| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6779| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6780| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6781| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6782| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6783| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6784| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6785| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6786| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6787| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6788| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6789| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6790| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6791| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6792| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6793| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6794| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6795| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6796| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6797| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6798| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6799| [13304] Apache Tomcat realPath.jsp Path Disclosure
6800| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6801| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6802| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6803| [12848] Apache HTTP Server htdigest realm Variable Overflow
6804| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6805| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6806| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6807| [12557] Apache HTTP Server prefork MPM accept Error DoS
6808| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6809| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6810| [12231] Apache Tomcat web.xml Arbitrary File Access
6811| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6812| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6813| [12178] Apache Jakarta Lucene results.jsp XSS
6814| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6815| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6816| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6817| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6818| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6819| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6820| [10471] Apache Xerces-C++ XML Parser DoS
6821| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6822| [10068] Apache HTTP Server htpasswd Local Overflow
6823| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6824| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6825| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6826| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6827| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6828| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6829| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6830| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6831| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6832| [9714] Apache Authentication Module Threaded MPM DoS
6833| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6834| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6835| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6836| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6837| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6838| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6839| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6840| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6841| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6842| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6843| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6844| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6845| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6846| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6847| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6848| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6849| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6850| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6851| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6852| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6853| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6854| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6855| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6856| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6857| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6858| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6859| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6860| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6861| [9208] Apache Tomcat .jsp Encoded Newline XSS
6862| [9204] Apache Tomcat ROOT Application XSS
6863| [9203] Apache Tomcat examples Application XSS
6864| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6865| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6866| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6867| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6868| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6869| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6870| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6871| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6872| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6873| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6874| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6875| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6876| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6877| [7611] Apache HTTP Server mod_alias Local Overflow
6878| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6879| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6880| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6881| [6882] Apache mod_python Malformed Query String Variant DoS
6882| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6883| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6884| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6885| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6886| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6887| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6888| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6889| [5278] Apache Tomcat web.xml Restriction Bypass
6890| [5051] Apache Tomcat Null Character DoS
6891| [4973] Apache Tomcat servlet Mapping XSS
6892| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6893| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6894| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6895| [4568] mod_survey For Apache ENV Tags SQL Injection
6896| [4553] Apache HTTP Server ApacheBench Overflow DoS
6897| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6898| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6899| [4383] Apache HTTP Server Socket Race Condition DoS
6900| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6901| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6902| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6903| [4231] Apache Cocoon Error Page Server Path Disclosure
6904| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6905| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6906| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6907| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6908| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6909| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6910| [3322] mod_php for Apache HTTP Server Process Hijack
6911| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6912| [2885] Apache mod_python Malformed Query String DoS
6913| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6914| [2733] Apache HTTP Server mod_rewrite Local Overflow
6915| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6916| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6917| [2149] Apache::Gallery Privilege Escalation
6918| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6919| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6920| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6921| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6922| [872] Apache Tomcat Multiple Default Accounts
6923| [862] Apache HTTP Server SSI Error Page XSS
6924| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6925| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6926| [845] Apache Tomcat MSDOS Device XSS
6927| [844] Apache Tomcat Java Servlet Error Page XSS
6928| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6929| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6930| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6931| [775] Apache mod_python Module Importing Privilege Function Execution
6932| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6933| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6934| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6935| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6936| [637] Apache HTTP Server UserDir Directive Username Enumeration
6937| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6938| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6939| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6940| [561] Apache Web Servers mod_status /server-status Information Disclosure
6941| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6942| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6943| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6944| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6945| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6946| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6947| [376] Apache Tomcat contextAdmin Arbitrary File Access
6948| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6949| [222] Apache HTTP Server test-cgi Arbitrary File Access
6950| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6951| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6952|_
6953Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6954Device type: general purpose
6955Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%)
6956OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.9 cpe:/o:linux:linux_kernel:2.6
6957Aggressive OS guesses: Linux 3.10 - 3.12 (89%), Linux 4.9 (89%), Linux 4.4 (88%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
6958No exact OS matches for host (test conditions non-ideal).
6959Uptime guess: 3.076 days (since Wed Dec 11 16:11:48 2019)
6960Network Distance: 16 hops
6961TCP Sequence Prediction: Difficulty=247 (Good luck!)
6962IP ID Sequence Generation: All zeros
6963
6964TRACEROUTE (using port 80/tcp)
6965HOP RTT ADDRESS
69661 149.24 ms 10.218.200.1
69672 ...
69683 146.65 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
69694 146.62 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
69705 151.64 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
69716 151.80 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
69727 173.27 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
69738 ...
69749 291.87 ms GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162)
697510 387.93 ms scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131)
697611 ... 15
697716 397.17 ms phis104123.dedicados.cl (201.148.104.123)
6978
6979NSE: Script Post-scanning.
6980Initiating NSE at 18:00
6981Completed NSE at 18:00, 0.00s elapsed
6982Initiating NSE at 18:00
6983Completed NSE at 18:00, 0.00s elapsed
6984#######################################################################################################################################
6985Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 18:00 EST
6986Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
6987Host is up (0.40s latency).
6988
6989PORT STATE SERVICE VERSION
6990110/tcp open pop3 Dovecot pop3d
6991| pop3-brute:
6992| Accounts: No valid accounts found
6993| Statistics: Performed 52 guesses in 46 seconds, average tps: 1.1
6994|_ ERROR: Failed to connect.
6995|_pop3-capabilities: AUTH-RESP-CODE CAPA RESP-CODES TOP UIDL SASL(PLAIN LOGIN) PIPELINING STLS USER
6996| vulscan: VulDB - https://vuldb.com:
6997| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
6998| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
6999| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
7000| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
7001| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
7002| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
7003| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
7004| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
7005| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
7006| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
7007| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
7008| [69835] Dovecot 2.2.0/2.2.1 denial of service
7009| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
7010| [65684] Dovecot up to 2.2.6 unknown vulnerability
7011| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
7012| [63692] Dovecot up to 2.0.15 spoofing
7013| [7062] Dovecot 2.1.10 mail-search.c denial of service
7014| [57517] Dovecot up to 2.0.12 Login directory traversal
7015| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
7016| [57515] Dovecot up to 2.0.12 Crash denial of service
7017| [54944] Dovecot up to 1.2.14 denial of service
7018| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
7019| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
7020| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
7021| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
7022| [53277] Dovecot up to 1.2.10 denial of service
7023| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
7024| [45256] Dovecot up to 1.1.5 directory traversal
7025| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
7026| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7027| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
7028| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
7029| [40356] Dovecot 1.0.9 Cache unknown vulnerability
7030| [38222] Dovecot 1.0.2 directory traversal
7031| [36376] Dovecot up to 1.0.x directory traversal
7032| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
7033|
7034| MITRE CVE - https://cve.mitre.org:
7035| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
7036| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
7037| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
7038| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
7039| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
7040| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
7041| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
7042| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7043| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
7044| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
7045| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
7046| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
7047| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
7048| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
7049| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
7050| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
7051| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
7052| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
7053| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
7054| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
7055| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
7056| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
7057| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
7058| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
7059| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
7060| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
7061| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
7062| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
7063| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
7064| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
7065| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
7066| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
7067| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
7068| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
7069| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
7070| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
7071| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
7072|
7073| SecurityFocus - https://www.securityfocus.com/bid/:
7074| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
7075| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
7076| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
7077| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
7078| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
7079| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
7080| [67306] Dovecot Denial of Service Vulnerability
7081| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
7082| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
7083| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
7084| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7085| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
7086| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
7087| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
7088| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
7089| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
7090| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
7091| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
7092| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
7093| [39838] tpop3d Remote Denial of Service Vulnerability
7094| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
7095| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
7096| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
7097| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
7098| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
7099| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
7100| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
7101| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
7102| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
7103| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
7104| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
7105| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
7106| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
7107| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
7108| [17961] Dovecot Remote Information Disclosure Vulnerability
7109| [16672] Dovecot Double Free Denial of Service Vulnerability
7110| [8495] akpop3d User Name SQL Injection Vulnerability
7111| [8473] Vpop3d Remote Denial Of Service Vulnerability
7112| [3990] ZPop3D Bad Login Logging Failure Vulnerability
7113| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
7114|
7115| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7116| [86382] Dovecot POP3 Service denial of service
7117| [84396] Dovecot IMAP APPEND denial of service
7118| [80453] Dovecot mail-search.c denial of service
7119| [71354] Dovecot SSL Common Name (CN) weak security
7120| [67675] Dovecot script-login security bypass
7121| [67674] Dovecot script-login directory traversal
7122| [67589] Dovecot header name denial of service
7123| [63267] Apple Mac OS X Dovecot information disclosure
7124| [62340] Dovecot mailbox security bypass
7125| [62339] Dovecot IMAP or POP3 denial of service
7126| [62256] Dovecot mailbox security bypass
7127| [62255] Dovecot ACL entry security bypass
7128| [60639] Dovecot ACL plugin weak security
7129| [57267] Apple Mac OS X Dovecot Kerberos security bypass
7130| [56763] Dovecot header denial of service
7131| [54363] Dovecot base_dir privilege escalation
7132| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
7133| [46323] Dovecot dovecot.conf information disclosure
7134| [46227] Dovecot message parsing denial of service
7135| [45669] Dovecot ACL mailbox security bypass
7136| [45667] Dovecot ACL plugin rights security bypass
7137| [41085] Dovecot TAB characters authentication bypass
7138| [41009] Dovecot mail_extra_groups option unauthorized access
7139| [39342] Dovecot LDAP auth cache configuration security bypass
7140| [35767] Dovecot ACL plugin security bypass
7141| [34082] Dovecot mbox-storage.c directory traversal
7142| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
7143| [26578] Cyrus IMAP pop3d buffer overflow
7144| [26536] Dovecot IMAP LIST information disclosure
7145| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
7146| [24709] Dovecot APPEND command denial of service
7147| [13018] akpop3d authentication code SQL injection
7148| [7345] Slackware Linux imapd and ipop3d core dump
7149| [6269] imap, ipop2d and ipop3d buffer overflows
7150| [5923] Linuxconf vpop3d symbolic link
7151| [4918] IPOP3D, Buffer overflow attack
7152| [1560] IPOP3D, user login successful
7153| [1559] IPOP3D user login to remote host successful
7154| [1525] IPOP3D, user logout
7155| [1524] IPOP3D, user auto-logout
7156| [1523] IPOP3D, user login failure
7157| [1522] IPOP3D, brute force attack
7158| [1521] IPOP3D, user kiss of death logout
7159| [418] pop3d mktemp creates insecure temporary files
7160|
7161| Exploit-DB - https://www.exploit-db.com:
7162| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
7163| [23053] Vpop3d Remote Denial of Service Vulnerability
7164| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
7165| [11893] tPop3d 1.5.3 DoS
7166| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
7167| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
7168| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
7169| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
7170|
7171| OpenVAS (Nessus) - http://www.openvas.org:
7172| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
7173| [901025] Dovecot Version Detection
7174| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
7175| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
7176| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
7177| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
7178| [870607] RedHat Update for dovecot RHSA-2011:0600-01
7179| [870471] RedHat Update for dovecot RHSA-2011:1187-01
7180| [870153] RedHat Update for dovecot RHSA-2008:0297-02
7181| [863272] Fedora Update for dovecot FEDORA-2011-7612
7182| [863115] Fedora Update for dovecot FEDORA-2011-7258
7183| [861525] Fedora Update for dovecot FEDORA-2007-664
7184| [861394] Fedora Update for dovecot FEDORA-2007-493
7185| [861333] Fedora Update for dovecot FEDORA-2007-1485
7186| [860845] Fedora Update for dovecot FEDORA-2008-9202
7187| [860663] Fedora Update for dovecot FEDORA-2008-2475
7188| [860169] Fedora Update for dovecot FEDORA-2008-2464
7189| [860089] Fedora Update for dovecot FEDORA-2008-9232
7190| [840950] Ubuntu Update for dovecot USN-1295-1
7191| [840668] Ubuntu Update for dovecot USN-1143-1
7192| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
7193| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
7194| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
7195| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
7196| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
7197| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
7198| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
7199| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
7200| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
7201| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
7202| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
7203| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
7204| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
7205| [70259] FreeBSD Ports: dovecot
7206| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
7207| [66522] FreeBSD Ports: dovecot
7208| [65010] Ubuntu USN-838-1 (dovecot)
7209| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
7210| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
7211| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
7212| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
7213| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
7214| [62854] FreeBSD Ports: dovecot-managesieve
7215| [61916] FreeBSD Ports: dovecot
7216| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
7217| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
7218| [60528] FreeBSD Ports: dovecot
7219| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
7220| [60089] FreeBSD Ports: dovecot
7221| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
7222| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
7223|
7224| SecurityTracker - https://www.securitytracker.com:
7225| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
7226| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
7227| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
7228|
7229| OSVDB - http://www.osvdb.org:
7230| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
7231| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
7232| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7233| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
7234| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
7235| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
7236| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
7237| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
7238| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
7239| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
7240| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
7241| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
7242| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
7243| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
7244| [66113] Dovecot Mail Root Directory Creation Permission Weakness
7245| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
7246| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
7247| [66110] Dovecot Multiple Unspecified Buffer Overflows
7248| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
7249| [64783] Dovecot E-mail Message Header Unspecified DoS
7250| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
7251| [62796] Dovecot mbox Format Email Header Handling DoS
7252| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
7253| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
7254| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
7255| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
7256| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
7257| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
7258| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
7259| [43137] Dovecot mail_extra_groups Symlink File Manipulation
7260| [42979] Dovecot passdbs Argument Injection Authentication Bypass
7261| [39876] Dovecot LDAP Auth Cache Security Bypass
7262| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
7263| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
7264| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
7265| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7266| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
7267| [23281] Dovecot imap/pop3-login dovecot-auth DoS
7268| [23280] Dovecot Malformed APPEND Command DoS
7269| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
7270| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7271| [5857] Linux pop3d Arbitrary Mail File Access
7272| [2471] akpop3d username SQL Injection
7273|_
7274Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7275Device type: general purpose
7276Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (91%)
7277OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:2.6
7278Aggressive OS guesses: Linux 3.10 - 3.12 (91%), Linux 4.4 (91%), Linux 4.9 (91%), Linux 2.6.18 - 2.6.22 (86%), Linux 3.10 (86%), Linux 3.10 - 4.11 (85%), Linux 3.11 - 4.1 (85%), Linux 3.2 - 4.9 (85%)
7279No exact OS matches for host (test conditions non-ideal).
7280Network Distance: 16 hops
7281
7282TRACEROUTE (using port 110/tcp)
7283HOP RTT ADDRESS
72841 149.48 ms 10.218.200.1
72852 ...
72863 150.53 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
72874 150.12 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
72885 155.96 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
72896 156.36 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
72907 178.16 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
72918 ...
72929 296.23 ms GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162)
729310 392.08 ms scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131)
729411 ... 15
729516 391.49 ms phis104123.dedicados.cl (201.148.104.123)
7296#######################################################################################################################################
7297https://201.148.104.123 [200 OK] Country[CHILE][CL], HTML5, HTTPServer[imunify360-webshield/1.8], IP[201.148.104.123], JQuery[1.12.4], PoweredBy[Imunify360], Script, Title[Captcha]
7298#######################################################################################################################################
7299Version: 1.11.13-static
7300OpenSSL 1.0.2-chacha (1.0.2g-dev)
7301
7302Connected to 201.148.104.123
7303
7304Testing SSL server 201.148.104.123 on port 443 using SNI name 201.148.104.123
7305
7306 TLS Fallback SCSV:
7307Server supports TLS Fallback SCSV
7308
7309 TLS renegotiation:
7310Session renegotiation not supported
7311
7312 TLS Compression:
7313Compression disabled
7314
7315 Heartbleed:
7316TLS 1.2 not vulnerable to heartbleed
7317TLS 1.1 not vulnerable to heartbleed
7318TLS 1.0 not vulnerable to heartbleed
7319
7320 Supported Server Cipher(s):
7321Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
7322Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
7323Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7324Accepted TLSv1.2 256 bits AES256-GCM-SHA384
7325Accepted TLSv1.2 256 bits AES256-SHA256
7326Accepted TLSv1.2 256 bits AES256-SHA
7327Accepted TLSv1.2 256 bits CAMELLIA256-SHA
7328Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
7329Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
7330Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7331Accepted TLSv1.2 128 bits AES128-GCM-SHA256
7332Accepted TLSv1.2 128 bits AES128-SHA256
7333Accepted TLSv1.2 128 bits AES128-SHA
7334Accepted TLSv1.2 128 bits CAMELLIA128-SHA
7335Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7336Accepted TLSv1.1 256 bits AES256-SHA
7337Accepted TLSv1.1 256 bits CAMELLIA256-SHA
7338Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7339Accepted TLSv1.1 128 bits AES128-SHA
7340Accepted TLSv1.1 128 bits CAMELLIA128-SHA
7341
7342 SSL Certificate:
7343Signature Algorithm: sha256WithRSAEncryption
7344RSA Key Strength: 2048
7345
7346Subject: nutricionvital.cl
7347Altnames: DNS:nutricionvital.cl, DNS:www.nutricionvital.cl
7348Issuer: RapidSSL RSA CA 2018
7349
7350Not valid before: Nov 29 00:00:00 2019 GMT
7351Not valid after: Nov 28 12:00:00 2020 GMT
7352#######################################################################################################################################
7353Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 18:04 EST
7354Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
7355Host is up.
7356
7357PORT STATE SERVICE VERSION
73583306/tcp filtered mysql
7359Too many fingerprints match this host to give specific OS details
7360
7361TRACEROUTE (using proto 1/icmp)
7362HOP RTT ADDRESS
73631 153.86 ms 10.218.200.1
73642 ...
73653 154.62 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
73664 154.49 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
73675 160.07 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
73686 160.48 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
73697 160.47 ms ae-10.edge4.Stockholm2.Level3.net (4.68.106.125)
73708 ...
73719 300.37 ms GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162)
737210 388.79 ms scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131)
737311 ... 30
7374#######################################################################################################################################
7375Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 18:06 EST
7376NSE: Loaded 47 scripts for scanning.
7377NSE: Script Pre-scanning.
7378Initiating NSE at 18:06
7379Completed NSE at 18:06, 0.00s elapsed
7380Initiating NSE at 18:06
7381Completed NSE at 18:06, 0.00s elapsed
7382Initiating Parallel DNS resolution of 1 host. at 18:06
7383Completed Parallel DNS resolution of 1 host. at 18:06, 0.03s elapsed
7384Initiating SYN Stealth Scan at 18:06
7385Scanning phis104123.dedicados.cl (201.148.104.123) [65535 ports]
7386Discovered open port 80/tcp on 201.148.104.123
7387Discovered open port 443/tcp on 201.148.104.123
7388Discovered open port 52229/tcp on 201.148.104.123
7389SYN Stealth Scan Timing: About 2.93% done; ETC: 18:24 (0:17:06 remaining)
7390Discovered open port 52228/tcp on 201.148.104.123
7391SYN Stealth Scan Timing: About 6.05% done; ETC: 18:23 (0:15:48 remaining)
7392SYN Stealth Scan Timing: About 9.65% done; ETC: 18:22 (0:14:12 remaining)
7393SYN Stealth Scan Timing: About 18.10% done; ETC: 18:17 (0:09:07 remaining)
7394Discovered open port 52230/tcp on 201.148.104.123
7395SYN Stealth Scan Timing: About 23.30% done; ETC: 18:17 (0:08:17 remaining)
7396Discovered open port 1167/tcp on 201.148.104.123
7397SYN Stealth Scan Timing: About 28.35% done; ETC: 18:17 (0:07:37 remaining)
7398SYN Stealth Scan Timing: About 33.72% done; ETC: 18:16 (0:06:55 remaining)
7399SYN Stealth Scan Timing: About 43.46% done; ETC: 18:15 (0:05:14 remaining)
7400Discovered open port 2083/tcp on 201.148.104.123
7401Discovered open port 2420/tcp on 201.148.104.123
7402SYN Stealth Scan Timing: About 51.82% done; ETC: 18:16 (0:04:45 remaining)
7403Discovered open port 2086/tcp on 201.148.104.123
7404SYN Stealth Scan Timing: About 57.98% done; ETC: 18:16 (0:04:15 remaining)
7405Discovered open port 26/tcp on 201.148.104.123
7406SYN Stealth Scan Timing: About 65.63% done; ETC: 18:16 (0:03:20 remaining)
7407Discovered open port 2082/tcp on 201.148.104.123
7408Discovered open port 2078/tcp on 201.148.104.123
7409SYN Stealth Scan Timing: About 72.33% done; ETC: 18:16 (0:02:50 remaining)
7410Discovered open port 2087/tcp on 201.148.104.123
7411Discovered open port 465/tcp on 201.148.104.123
7412SYN Stealth Scan Timing: About 78.84% done; ETC: 18:17 (0:02:17 remaining)
7413Discovered open port 2095/tcp on 201.148.104.123
7414Discovered open port 2080/tcp on 201.148.104.123
7415Discovered open port 8889/tcp on 201.148.104.123
7416SYN Stealth Scan Timing: About 84.84% done; ETC: 18:17 (0:01:44 remaining)
7417SYN Stealth Scan Timing: About 90.54% done; ETC: 18:17 (0:01:04 remaining)
7418Discovered open port 2096/tcp on 201.148.104.123
7419Discovered open port 2077/tcp on 201.148.104.123
7420Completed SYN Stealth Scan at 18:18, 702.29s elapsed (65535 total ports)
7421Initiating Service scan at 18:18
7422Scanning 19 services on phis104123.dedicados.cl (201.148.104.123)
7423Completed Service scan at 18:19, 95.43s elapsed (19 services on 1 host)
7424Initiating OS detection (try #1) against phis104123.dedicados.cl (201.148.104.123)
7425Retrying OS detection (try #2) against phis104123.dedicados.cl (201.148.104.123)
7426Initiating Traceroute at 18:19
7427Completed Traceroute at 18:20, 9.02s elapsed
7428Initiating Parallel DNS resolution of 8 hosts. at 18:20
7429Completed Parallel DNS resolution of 8 hosts. at 18:20, 0.44s elapsed
7430NSE: Script scanning 201.148.104.123.
7431Initiating NSE at 18:20
7432Completed NSE at 18:20, 34.23s elapsed
7433Initiating NSE at 18:20
7434Completed NSE at 18:20, 3.77s elapsed
7435Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
7436Host is up (0.40s latency).
7437Not shown: 65512 filtered ports
7438PORT STATE SERVICE VERSION
743920/tcp closed ftp-data
744025/tcp closed smtp
744126/tcp open smtp Exim smtpd 4.92
7442| vulners:
7443| cpe:/a:exim:exim:4.92:
7444| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
7445| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
7446|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
7447| vulscan: VulDB - https://vuldb.com:
7448| [141327] Exim up to 4.92.1 Backslash privilege escalation
7449| [138827] Exim up to 4.92 Expansion Code Execution
7450| [135932] Exim up to 4.92 privilege escalation
7451| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
7452|
7453| MITRE CVE - https://cve.mitre.org:
7454| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
7455| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
7456| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
7457| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
7458| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
7459| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
7460| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
7461| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
7462| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
7463| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
7464| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
7465| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
7466| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
7467| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
7468| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
7469| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
7470|
7471| SecurityFocus - https://www.securityfocus.com/bid/:
7472| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
7473| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
7474| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
7475| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
7476| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
7477| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
7478| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
7479| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
7480| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
7481| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
7482| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
7483| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
7484| [45308] Exim Crafted Header Remote Code Execution Vulnerability
7485| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
7486| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
7487| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
7488| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
7489| [17110] sa-exim Unauthorized File Access Vulnerability
7490| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
7491| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
7492| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
7493| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
7494| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
7495| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
7496| [6314] Exim Internet Mailer Format String Vulnerability
7497| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
7498| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
7499| [2828] Exim Format String Vulnerability
7500| [1859] Exim Buffer Overflow Vulnerability
7501|
7502| IBM X-Force - https://exchange.xforce.ibmcloud.com:
7503| [84758] Exim sender_address parameter command execution
7504| [84015] Exim command execution
7505| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
7506| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
7507| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
7508| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
7509| [67455] Exim DKIM processing code execution
7510| [67299] Exim dkim_exim_verify_finish() format string
7511| [65028] Exim open_log privilege escalation
7512| [63967] Exim config file privilege escalation
7513| [63960] Exim header buffer overflow
7514| [59043] Exim mail directory privilege escalation
7515| [59042] Exim MBX symlink
7516| [52922] ikiwiki teximg plugin information disclosure
7517| [34265] Exim spamd buffer overflow
7518| [25286] Sa-exim greylistclean.cron file deletion
7519| [22687] RHSA-2005:025 updates for exim not installed
7520| [18901] Exim dns_build_reverse buffer overflow
7521| [18764] Exim spa_base64_to_bits function buffer overflow
7522| [18763] Exim host_aton buffer overflow
7523| [16079] Exim require_verify buffer overflow
7524| [16077] Exim header_check_syntax buffer overflow
7525| [16075] Exim sender_verify buffer overflow
7526| [13067] Exim HELO or EHLO command heap overflow
7527| [10761] Exim daemon.c format string
7528| [8194] Exim configuration file -c command-line argument buffer overflow
7529| [7738] Exim allows attacker to hide commands in localhost names using pipes
7530| [6671] Exim "
7531| [1893] Exim MTA allows local users to gain root privileges
7532|
7533| Exploit-DB - https://www.exploit-db.com:
7534| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
7535| [15725] Exim 4.63 Remote Root Exploit
7536| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
7537| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
7538| [796] Exim <= 4.42 Local Root Exploit
7539| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
7540|
7541| OpenVAS (Nessus) - http://www.openvas.org:
7542| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
7543|
7544| SecurityTracker - https://www.securitytracker.com:
7545| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
7546| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
7547| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
7548| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
7549| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
7550| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
7551| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
7552| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
7553| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
7554| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
7555| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
7556| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
7557|
7558| OSVDB - http://www.osvdb.org:
7559| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7560| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
7561| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
7562| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
7563| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
7564| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
7565| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
7566| [70696] Exim log.c open_log() Function Local Privilege Escalation
7567| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
7568| [69685] Exim string_format Function Remote Overflow
7569| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
7570| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
7571| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
7572| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
7573| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
7574| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
7575| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
7576| [12726] Exim -be Command Line Option host_aton Function Local Overflow
7577| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
7578| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
7579| [10032] libXpm CreateXImage Function Integer Overflow
7580| [7160] Exim .forward :include: Option Privilege Escalation
7581| [6479] Vexim COOKIE Authentication Credential Disclosure
7582| [6478] Vexim Multiple Parameter SQL Injection
7583| [5930] Exim Parenthesis File Name Filter Bypass
7584| [5897] Exim header_syntax Function Remote Overflow
7585| [5896] Exim sender_verify Function Remote Overflow
7586| [5530] Exim Localhost Name Arbitrary Command Execution
7587| [5330] Exim Configuration File Variable Overflow
7588| [1855] Exim Batched SMTP Mail Header Format String
7589|_
759080/tcp open http Apache httpd
7591|_http-server-header: imunify360-webshield/1.8
7592| vulscan: VulDB - https://vuldb.com:
7593| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7594| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7595| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7596| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7597| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7598| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7599| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7600| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7601| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7602| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7603| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7604| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7605| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7606| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7607| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7608| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7609| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7610| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7611| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7612| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7613| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7614| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7615| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7616| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7617| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7618| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7619| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7620| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7621| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7622| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7623| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7624| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7625| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7626| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7627| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7628| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7629| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7630| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7631| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7632| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7633| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7634| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7635| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7636| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7637| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7638| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7639| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7640| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7641| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7642| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7643| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7644| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7645| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7646| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7647| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7648| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7649| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7650| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7651| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7652| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7653| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7654| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7655| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7656| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7657| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7658| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7659| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7660| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7661| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7662| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7663| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7664| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7665| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7666| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7667| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7668| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7669| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7670| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7671| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7672| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7673| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7674| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7675| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7676| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7677| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7678| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7679| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7680| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7681| [136370] Apache Fineract up to 1.2.x sql injection
7682| [136369] Apache Fineract up to 1.2.x sql injection
7683| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7684| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7685| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7686| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7687| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7688| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7689| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7690| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7691| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7692| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7693| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7694| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7695| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7696| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7697| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7698| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7699| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7700| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7701| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7702| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7703| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7704| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7705| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7706| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7707| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7708| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7709| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7710| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7711| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7712| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7713| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7714| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7715| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7716| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7717| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7718| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7719| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7720| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7721| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7722| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7723| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7724| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7725| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7726| [130629] Apache Guacamole Cookie Flag weak encryption
7727| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7728| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7729| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7730| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7731| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7732| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7733| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7734| [130123] Apache Airflow up to 1.8.2 information disclosure
7735| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7736| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7737| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7738| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7739| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7740| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7741| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7742| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7743| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7744| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7745| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7746| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7747| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7748| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7749| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7750| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7751| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7752| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7753| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7754| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7755| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7756| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7757| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7758| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7759| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7760| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7761| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7762| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7763| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7764| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7765| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7766| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7767| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7768| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7769| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7770| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7771| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7772| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7773| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7774| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7775| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7776| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7777| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7778| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7779| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7780| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7781| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7782| [127007] Apache Spark Request Code Execution
7783| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7784| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7785| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7786| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7787| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7788| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7789| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7790| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7791| [126346] Apache Tomcat Path privilege escalation
7792| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7793| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7794| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7795| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7796| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7797| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7798| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7799| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7800| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7801| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7802| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7803| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7804| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7805| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7806| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7807| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7808| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7809| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7810| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7811| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7812| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7813| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7814| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7815| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7816| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7817| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7818| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7819| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7820| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7821| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7822| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7823| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7824| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7825| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7826| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7827| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7828| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7829| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7830| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7831| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7832| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7833| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7834| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7835| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7836| [123197] Apache Sentry up to 2.0.0 privilege escalation
7837| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7838| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7839| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7840| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7841| [122800] Apache Spark 1.3.0 REST API weak authentication
7842| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7843| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7844| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7845| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7846| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7847| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7848| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7849| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7850| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7851| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7852| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7853| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7854| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7855| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7856| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7857| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7858| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7859| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7860| [121354] Apache CouchDB HTTP API Code Execution
7861| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7862| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7863| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7864| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7865| [120168] Apache CXF weak authentication
7866| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7867| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7868| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7869| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7870| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7871| [119306] Apache MXNet Network Interface privilege escalation
7872| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7873| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7874| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7875| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7876| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7877| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7878| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7879| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7880| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7881| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7882| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7883| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7884| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7885| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7886| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7887| [117115] Apache Tika up to 1.17 tika-server command injection
7888| [116929] Apache Fineract getReportType Parameter privilege escalation
7889| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7890| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7891| [116926] Apache Fineract REST Parameter privilege escalation
7892| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7893| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7894| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7895| [115883] Apache Hive up to 2.3.2 privilege escalation
7896| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7897| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7898| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7899| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7900| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7901| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7902| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7903| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7904| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7905| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7906| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7907| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7908| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7909| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7910| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7911| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7912| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7913| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7914| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7915| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7916| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7917| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7918| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7919| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7920| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7921| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7922| [113895] Apache Geode up to 1.3.x Code Execution
7923| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7924| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7925| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7926| [113747] Apache Tomcat Servlets privilege escalation
7927| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7928| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7929| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7930| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7931| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7932| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7933| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7934| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7935| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7936| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7937| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7938| [112885] Apache Allura up to 1.8.0 File information disclosure
7939| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7940| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7941| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7942| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7943| [112625] Apache POI up to 3.16 Loop denial of service
7944| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7945| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7946| [112339] Apache NiFi 1.5.0 Header privilege escalation
7947| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7948| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7949| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7950| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7951| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7952| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7953| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7954| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7955| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7956| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7957| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7958| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7959| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7960| [112114] Oracle 9.1 Apache Log4j privilege escalation
7961| [112113] Oracle 9.1 Apache Log4j privilege escalation
7962| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7963| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7964| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7965| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7966| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7967| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7968| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7969| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7970| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7971| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7972| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7973| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7974| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7975| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7976| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7977| [110701] Apache Fineract Query Parameter sql injection
7978| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7979| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7980| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7981| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7982| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7983| [110106] Apache CXF Fediz Spring cross site request forgery
7984| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7985| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7986| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7987| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7988| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7989| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7990| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7991| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7992| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7993| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7994| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7995| [108938] Apple macOS up to 10.13.1 apache denial of service
7996| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7997| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7998| [108935] Apple macOS up to 10.13.1 apache denial of service
7999| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8000| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8001| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8002| [108931] Apple macOS up to 10.13.1 apache denial of service
8003| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8004| [108929] Apple macOS up to 10.13.1 apache denial of service
8005| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8006| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8007| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8008| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8009| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8010| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8011| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8012| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8013| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8014| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8015| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8016| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8017| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8018| [108782] Apache Xerces2 XML Service denial of service
8019| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8020| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8021| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8022| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8023| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8024| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8025| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8026| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8027| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8028| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8029| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8030| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8031| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8032| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8033| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8034| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8035| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8036| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8037| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8038| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8039| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8040| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8041| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8042| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8043| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8044| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8045| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8046| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8047| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8048| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8049| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8050| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8051| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8052| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8053| [107639] Apache NiFi 1.4.0 XML External Entity
8054| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8055| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8056| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8057| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8058| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8059| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8060| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8061| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8062| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8063| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8064| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8065| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8066| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8067| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8068| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8069| [107084] Apache Struts up to 2.3.19 cross site scripting
8070| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8071| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8072| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8073| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8074| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8075| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8076| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8077| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8078| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8079| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8080| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8081| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8082| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8083| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8084| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8085| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8086| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8087| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8088| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8089| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8090| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8091| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8092| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8093| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8094| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8095| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8096| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8097| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8098| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8099| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8100| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8101| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8102| [105643] Apache Pony Mail up to 0.8b weak authentication
8103| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8104| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8105| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8106| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8107| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8108| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8109| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8110| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8111| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8112| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8113| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8114| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8115| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8116| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8117| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8118| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8119| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8120| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8121| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8122| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8123| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8124| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8125| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8126| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8127| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8128| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8129| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8130| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8131| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8132| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8133| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8134| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8135| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8136| [103690] Apache OpenMeetings 1.0.0 sql injection
8137| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8138| [103688] Apache OpenMeetings 1.0.0 weak encryption
8139| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8140| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8141| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8142| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8143| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8144| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8145| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8146| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8147| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8148| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8149| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8150| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8151| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8152| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8153| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8154| [103352] Apache Solr Node weak authentication
8155| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8156| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8157| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8158| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8159| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8160| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8161| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8162| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8163| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8164| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8165| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8166| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8167| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8168| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8169| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8170| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8171| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8172| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8173| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8174| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8175| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8176| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8177| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8178| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8179| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8180| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8181| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8182| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8183| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8184| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8185| [99937] Apache Batik up to 1.8 privilege escalation
8186| [99936] Apache FOP up to 2.1 privilege escalation
8187| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8188| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8189| [99930] Apache Traffic Server up to 6.2.0 denial of service
8190| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8191| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8192| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8193| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8194| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8195| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8196| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8197| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8198| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8199| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8200| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8201| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8202| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8203| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8204| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8205| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8206| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8207| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8208| [98605] Apple macOS up to 10.12.3 Apache denial of service
8209| [98604] Apple macOS up to 10.12.3 Apache denial of service
8210| [98603] Apple macOS up to 10.12.3 Apache denial of service
8211| [98602] Apple macOS up to 10.12.3 Apache denial of service
8212| [98601] Apple macOS up to 10.12.3 Apache denial of service
8213| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8214| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8215| [98199] Apache Camel Validation XML External Entity
8216| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8217| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8218| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8219| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8220| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8221| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8222| [97081] Apache Tomcat HTTPS Request denial of service
8223| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8224| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8225| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8226| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8227| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8228| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8229| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8230| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8231| [95311] Apache Storm UI Daemon privilege escalation
8232| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8233| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8234| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8235| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8236| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8237| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8238| [94540] Apache Tika 1.9 tika-server File information disclosure
8239| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8240| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8241| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8242| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8243| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8244| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8245| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8246| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8247| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8248| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8249| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8250| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8251| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8252| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8253| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8254| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8255| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8256| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8257| [93532] Apache Commons Collections Library Java privilege escalation
8258| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8259| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8260| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8261| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8262| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8263| [93098] Apache Commons FileUpload privilege escalation
8264| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8265| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8266| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8267| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8268| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8269| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8270| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8271| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8272| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8273| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8274| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8275| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8276| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
8277| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
8278| [92549] Apache Tomcat on Red Hat privilege escalation
8279| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
8280| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
8281| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
8282| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
8283| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
8284| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
8285| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
8286| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
8287| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
8288| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
8289| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
8290| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
8291| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
8292| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
8293| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
8294| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
8295| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
8296| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
8297| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
8298| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
8299| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
8300| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
8301| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
8302| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8303| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8304| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8305| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8306| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8307| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8308| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8309| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8310| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8311| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8312| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8313| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8314| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8315| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8316| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8317| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8318| [90263] Apache Archiva Header denial of service
8319| [90262] Apache Archiva Deserialize privilege escalation
8320| [90261] Apache Archiva XML DTD Connection privilege escalation
8321| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8322| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8323| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8324| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8325| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8326| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8327| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8328| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8329| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8330| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8331| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8332| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8333| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8334| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8335| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8336| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8337| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8338| [87765] Apache James Server 2.3.2 Command privilege escalation
8339| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8340| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8341| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8342| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8343| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8344| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8345| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8346| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8347| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8348| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8349| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8350| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8351| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8352| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8353| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8354| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8355| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8356| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
8357| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8358| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8359| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8360| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8361| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8362| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8363| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8364| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8365| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8366| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8367| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8368| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8369| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8370| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8371| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8372| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8373| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8374| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8375| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8376| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8377| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8378| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8379| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8380| [82076] Apache Ranger up to 0.5.1 privilege escalation
8381| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8382| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8383| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8384| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8385| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8386| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8387| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8388| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8389| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8390| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8391| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8392| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8393| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8394| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8395| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8396| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8397| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8398| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8399| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8400| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8401| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8402| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8403| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8404| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8405| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8406| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8407| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8408| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8409| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8410| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8411| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8412| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8413| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8414| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8415| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8416| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8417| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8418| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8419| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8420| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8421| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8422| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8423| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8424| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8425| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8426| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8427| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8428| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8429| [78989] Apache Ambari up to 2.1.1 Open Redirect
8430| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8431| [78987] Apache Ambari up to 2.0.x cross site scripting
8432| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8433| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8434| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8435| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8436| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8437| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8438| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8439| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8440| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8441| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8442| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8443| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8444| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8445| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8446| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8447| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8448| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8449| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8450| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8451| [76567] Apache Struts 2.3.20 unknown vulnerability
8452| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8453| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8454| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8455| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8456| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8457| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8458| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8459| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8460| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8461| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8462| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8463| [74793] Apache Tomcat File Upload denial of service
8464| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8465| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8466| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8467| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8468| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8469| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8470| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8471| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8472| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8473| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8474| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8475| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8476| [74468] Apache Batik up to 1.6 denial of service
8477| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8478| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8479| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8480| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8481| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8482| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8483| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8484| [73731] Apache XML Security unknown vulnerability
8485| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8486| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8487| [73593] Apache Traffic Server up to 5.1.0 denial of service
8488| [73511] Apache POI up to 3.10 Deadlock denial of service
8489| [73510] Apache Solr up to 4.3.0 cross site scripting
8490| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8491| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8492| [73173] Apache CloudStack Stack-Based unknown vulnerability
8493| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8494| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8495| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8496| [72890] Apache Qpid 0.30 unknown vulnerability
8497| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8498| [72878] Apache Cordova 3.5.0 cross site request forgery
8499| [72877] Apache Cordova 3.5.0 cross site request forgery
8500| [72876] Apache Cordova 3.5.0 cross site request forgery
8501| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8502| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8503| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8504| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8505| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8506| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8507| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8508| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8509| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8510| [71629] Apache Axis2/C spoofing
8511| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8512| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8513| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8514| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8515| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8516| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8517| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8518| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8519| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8520| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8521| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8522| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8523| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8524| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8525| [70809] Apache POI up to 3.11 Crash denial of service
8526| [70808] Apache POI up to 3.10 unknown vulnerability
8527| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8528| [70749] Apache Axis up to 1.4 getCN spoofing
8529| [70701] Apache Traffic Server up to 3.3.5 denial of service
8530| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8531| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8532| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8533| [70661] Apache Subversion up to 1.6.17 denial of service
8534| [70660] Apache Subversion up to 1.6.17 spoofing
8535| [70659] Apache Subversion up to 1.6.17 spoofing
8536| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8537| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8538| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8539| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8540| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8541| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8542| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8543| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8544| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8545| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8546| [69846] Apache HBase up to 0.94.8 information disclosure
8547| [69783] Apache CouchDB up to 1.2.0 memory corruption
8548| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8549| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8550| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8551| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8552| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8553| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8554| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8555| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8556| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8557| [69431] Apache Archiva up to 1.3.6 cross site scripting
8558| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8559| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8560| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8561| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8562| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8563| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8564| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8565| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8566| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8567| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8568| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8569| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8570| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8571| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8572| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8573| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8574| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8575| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8576| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8577| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8578| [66356] Apache Wicket up to 6.8.0 information disclosure
8579| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8580| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8581| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8582| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8583| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8584| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8585| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8586| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8587| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8588| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8589| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8590| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8591| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8592| [65668] Apache Solr 4.0.0 Updater denial of service
8593| [65665] Apache Solr up to 4.3.0 denial of service
8594| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8595| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8596| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8597| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8598| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8599| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8600| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8601| [65410] Apache Struts 2.3.15.3 cross site scripting
8602| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8603| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8604| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8605| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8606| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8607| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8608| [65340] Apache Shindig 2.5.0 information disclosure
8609| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8610| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8611| [10826] Apache Struts 2 File privilege escalation
8612| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8613| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8614| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8615| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8616| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8617| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8618| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8619| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8620| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8621| [64722] Apache XML Security for C++ Heap-based memory corruption
8622| [64719] Apache XML Security for C++ Heap-based memory corruption
8623| [64718] Apache XML Security for C++ verify denial of service
8624| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8625| [64716] Apache XML Security for C++ spoofing
8626| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8627| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8628| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8629| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8630| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8631| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8632| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8633| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8634| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8635| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8636| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8637| [64467] Apache Geronimo 3.0 memory corruption
8638| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8639| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8640| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8641| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8642| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8643| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8644| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8645| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8646| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8647| [8873] Apache Struts 2.3.14 privilege escalation
8648| [8872] Apache Struts 2.3.14 privilege escalation
8649| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8650| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8651| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8652| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8653| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8654| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8655| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8656| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8657| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8658| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8659| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8660| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8661| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8662| [8427] Apache Tomcat Session Transaction weak authentication
8663| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8664| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8665| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8666| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8667| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8668| [63747] Apache Rave up to 0.20 User Account information disclosure
8669| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8670| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8671| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8672| [7687] Apache CXF up to 2.7.2 Token weak authentication
8673| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8674| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8675| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8676| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8677| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8678| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8679| [63090] Apache Tomcat up to 4.1.24 denial of service
8680| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8681| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8682| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8683| [62833] Apache CXF -/2.6.0 spoofing
8684| [62832] Apache Axis2 up to 1.6.2 spoofing
8685| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8686| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8687| [62826] Apache Libcloud up to 0.11.0 spoofing
8688| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8689| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8690| [62661] Apache Axis2 unknown vulnerability
8691| [62658] Apache Axis2 unknown vulnerability
8692| [62467] Apache Qpid up to 0.17 denial of service
8693| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8694| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8695| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8696| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8697| [62035] Apache Struts up to 2.3.4 denial of service
8698| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8699| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8700| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8701| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8702| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8703| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8704| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8705| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8706| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8707| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8708| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8709| [61229] Apache Sling up to 2.1.1 denial of service
8710| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8711| [61094] Apache Roller up to 5.0 cross site scripting
8712| [61093] Apache Roller up to 5.0 cross site request forgery
8713| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8714| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8715| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8716| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8717| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8718| [60708] Apache Qpid 0.12 unknown vulnerability
8719| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8720| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8721| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8722| [4882] Apache Wicket up to 1.5.4 directory traversal
8723| [4881] Apache Wicket up to 1.4.19 cross site scripting
8724| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8725| [60352] Apache Struts up to 2.2.3 memory corruption
8726| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8727| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8728| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8729| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8730| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8731| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8732| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8733| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8734| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8735| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8736| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8737| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8738| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8739| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8740| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8741| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8742| [59888] Apache Tomcat up to 6.0.6 denial of service
8743| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8744| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8745| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8746| [59850] Apache Geronimo up to 2.2.1 denial of service
8747| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8748| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8749| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8750| [58413] Apache Tomcat up to 6.0.10 spoofing
8751| [58381] Apache Wicket up to 1.4.17 cross site scripting
8752| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8753| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8754| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8755| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8756| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8757| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8758| [57568] Apache Archiva up to 1.3.4 cross site scripting
8759| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8760| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8761| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8762| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8763| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8764| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8765| [57025] Apache Tomcat up to 7.0.11 information disclosure
8766| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8767| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8768| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8769| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8770| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8771| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8772| [56512] Apache Continuum up to 1.4.0 cross site scripting
8773| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8774| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8775| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8776| [56441] Apache Tomcat up to 7.0.6 denial of service
8777| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8778| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8779| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8780| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8781| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8782| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8783| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8784| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8785| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8786| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8787| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8788| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8789| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8790| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8791| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8792| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8793| [54012] Apache Tomcat up to 6.0.10 denial of service
8794| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8795| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8796| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8797| [52894] Apache Tomcat up to 6.0.7 information disclosure
8798| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8799| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8800| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8801| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8802| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8803| [52584] Apache CouchDB up to 0.10.1 information disclosure
8804| [51757] Apache HTTP Server 2.0.44 cross site scripting
8805| [51756] Apache HTTP Server 2.0.44 spoofing
8806| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8807| [51690] Apache Tomcat up to 6.0 directory traversal
8808| [51689] Apache Tomcat up to 6.0 information disclosure
8809| [51688] Apache Tomcat up to 6.0 directory traversal
8810| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8811| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8812| [50626] Apache Solr 1.0.0 cross site scripting
8813| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8814| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8815| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8816| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8817| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8818| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8819| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8820| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8821| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8822| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8823| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8824| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8825| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8826| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8827| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8828| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8829| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8830| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8831| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8832| [47214] Apachefriends xampp 1.6.8 spoofing
8833| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8834| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8835| [47065] Apache Tomcat 4.1.23 cross site scripting
8836| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8837| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8838| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8839| [86625] Apache Struts directory traversal
8840| [44461] Apache Tomcat up to 5.5.0 information disclosure
8841| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8842| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8843| [43663] Apache Tomcat up to 6.0.16 directory traversal
8844| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8845| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8846| [43516] Apache Tomcat up to 4.1.20 directory traversal
8847| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8848| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8849| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8850| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8851| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8852| [40924] Apache Tomcat up to 6.0.15 information disclosure
8853| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8854| [40922] Apache Tomcat up to 6.0 information disclosure
8855| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8856| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8857| [40656] Apache Tomcat 5.5.20 information disclosure
8858| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8859| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8860| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8861| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8862| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8863| [40234] Apache Tomcat up to 6.0.15 directory traversal
8864| [40221] Apache HTTP Server 2.2.6 information disclosure
8865| [40027] David Castro Apache Authcas 0.4 sql injection
8866| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8867| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8868| [3414] Apache Tomcat WebDAV Stored privilege escalation
8869| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8870| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8871| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8872| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8873| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8874| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8875| [38524] Apache Geronimo 2.0 unknown vulnerability
8876| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8877| [38331] Apache Tomcat 4.1.24 information disclosure
8878| [38330] Apache Tomcat 4.1.24 information disclosure
8879| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8880| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8881| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8882| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8883| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8884| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8885| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8886| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8887| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8888| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8889| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8890| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8891| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8892| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8893| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8894| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8895| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8896| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8897| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8898| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8899| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8900| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8901| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8902| [34252] Apache HTTP Server denial of service
8903| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8904| [33877] Apache Opentaps 0.9.3 cross site scripting
8905| [33876] Apache Open For Business Project unknown vulnerability
8906| [33875] Apache Open For Business Project cross site scripting
8907| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8908| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8909|
8910| MITRE CVE - https://cve.mitre.org:
8911| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8912| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8913| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8914| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8915| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8916| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8917| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8918| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8919| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8920| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8921| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8922| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8923| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8924| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8925| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8926| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8927| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8928| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8929| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8930| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8931| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8932| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8933| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8934| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8935| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8936| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8937| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8938| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8939| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8940| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8941| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8942| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8943| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8944| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8945| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8946| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8947| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8948| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8949| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8950| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8951| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8952| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8953| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8954| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8955| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8956| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8957| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8958| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8959| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8960| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8961| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8962| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8963| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8964| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8965| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8966| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8967| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8968| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8969| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8970| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8971| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8972| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8973| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8974| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8975| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8976| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8977| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8978| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8979| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8980| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8981| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8982| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8983| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8984| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8985| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8986| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8987| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8988| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8989| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8990| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8991| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8992| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8993| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8994| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8995| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8996| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8997| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8998| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8999| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9000| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9001| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9002| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9003| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9004| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9005| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9006| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9007| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9008| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9009| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9010| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9011| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9012| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9013| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9014| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9015| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9016| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9017| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9018| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9019| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9020| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9021| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9022| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9023| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9024| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9025| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9026| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9027| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9028| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9029| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9030| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9031| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9032| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9033| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9034| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9035| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9036| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9037| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9038| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9039| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9040| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9041| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9042| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9043| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9044| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9045| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9046| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9047| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9048| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9049| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9050| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9051| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9052| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9053| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9054| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9055| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9056| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9057| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9058| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9059| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9060| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9061| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9062| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9063| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9064| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9065| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9066| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9067| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9068| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9069| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9070| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9071| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9072| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9073| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9074| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9075| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9076| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9077| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9078| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9079| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9080| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9081| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9082| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9083| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9084| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9085| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9086| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9087| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9088| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9089| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9090| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9091| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9092| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9093| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9094| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9095| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9096| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9097| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9098| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9099| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9100| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9101| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9102| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9103| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9104| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9105| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9106| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9107| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9108| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9109| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9110| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9111| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9112| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9113| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9114| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9115| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9116| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9117| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9118| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9119| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9120| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9121| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9122| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9123| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9124| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9125| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9126| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9127| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9128| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9129| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9130| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9131| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9132| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9133| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9134| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9135| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9136| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9137| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9138| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9139| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9140| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9141| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9142| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9143| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9144| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9145| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9146| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9147| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9148| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9149| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9150| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9151| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9152| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9153| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9154| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9155| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9156| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9157| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9158| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9159| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9160| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9161| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9162| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9163| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9164| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9165| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9166| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9167| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9168| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9169| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9170| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9171| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9172| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9173| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9174| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9175| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9176| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9177| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9178| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9179| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9180| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9181| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9182| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9183| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9184| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9185| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9186| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9187| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9188| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9189| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9190| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9191| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9192| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9193| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9194| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9195| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9196| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9197| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9198| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9199| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9200| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9201| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9202| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9203| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9204| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9205| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9206| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9207| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9208| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9209| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9210| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9211| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9212| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9213| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9214| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9215| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9216| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9217| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9218| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9219| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9220| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9221| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9222| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9223| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9224| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9225| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9226| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9227| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9228| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9229| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9230| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9231| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9232| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9233| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9234| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9235| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9236| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9237| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9238| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9239| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9240| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9241| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9242| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9243| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9244| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9245| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9246| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9247| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9248| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9249| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9250| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9251| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9252| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9253| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9254| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9255| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9256| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9257| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9258| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9259| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9260| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9261| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9262| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9263| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9264| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9265| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9266| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9267| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9268| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9269| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9270| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9271| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9272| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9273| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9274| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9275| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9276| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
9277| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9278| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9279| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
9280| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
9281| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
9282| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
9283| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
9284| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
9285| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
9286| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9287| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
9288| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
9289| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
9290| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
9291| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
9292| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9293| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
9294| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9295| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9296| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9297| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9298| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9299| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9300| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9301| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9302| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9303| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9304| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9305| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9306| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9307| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9308| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9309| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9310| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9311| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9312| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9313| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9314| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9315| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9316| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9317| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9318| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9319| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9320| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9321| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9322| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9323| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9324| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9325| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9326| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9327| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9328| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9329| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9330| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9331| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9332| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9333| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9334| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9335| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9336| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9337| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9338| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9339| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9340| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9341| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9342| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9343| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9344| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9345| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9346| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9347| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9348| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9349| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9350| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9351| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9352| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9353| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9354| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9355| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9356| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9357| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9358| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9359| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9360| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9361| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9362| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9363| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9364| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9365| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9366| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9367| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9368| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9369| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9370| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9371| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9372| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9373| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9374| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9375| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9376| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9377| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9378| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9379| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9380| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9381| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9382| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9383| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9384| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9385| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9386| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9387| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9388| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9389| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9390| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9391| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9392| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9393| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9394| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9395| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9396| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9397| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9398| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9399| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9400| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9401| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9402| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9403| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9404| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9405| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9406| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9407| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9408| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9409| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9410| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9411| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9412| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9413| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9414| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9415| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9416| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9417| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9418| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9419| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9420| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9421| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9422| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9423| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9424| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9425| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9426| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9427| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9428| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9429| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9430| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9431| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9432| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9433| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9434| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9435| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9436| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9437| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9438| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9439| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9440| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9441| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9442| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9443| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9444| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9445| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9446| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9447| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9448| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9449| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9450| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9451| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9452| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9453| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9454| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9455| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9456| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9457| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9458| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9459| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9460| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9461| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9462| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9463| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9464| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9465| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9466| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9467| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9468| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9469| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9470| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9471| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9472| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9473| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9474| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9475| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9476| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9477| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9478| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9479| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9480| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9481| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9482| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9483| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9484| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9485| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9486| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9487| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9488| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9489| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9490| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9491| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9492| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9493| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9494| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9495| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9496| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9497| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9498| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9499| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9500| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9501| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9502| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9503| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9504| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9505| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9506| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9507| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9508| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9509| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9510| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9511| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9512| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9513| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9514| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9515| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9516| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9517| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9518| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9519| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9520|
9521| SecurityFocus - https://www.securityfocus.com/bid/:
9522| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9523| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9524| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9525| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9526| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9527| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9528| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9529| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9530| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9531| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9532| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9533| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9534| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9535| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9536| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9537| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9538| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9539| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9540| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9541| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9542| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9543| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9544| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9545| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9546| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9547| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9548| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9549| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9550| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9551| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9552| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9553| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9554| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9555| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9556| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9557| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9558| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9559| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9560| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9561| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9562| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9563| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9564| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9565| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9566| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9567| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9568| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9569| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9570| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9571| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9572| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9573| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9574| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9575| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9576| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9577| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9578| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9579| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9580| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9581| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9582| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9583| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9584| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9585| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9586| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9587| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9588| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9589| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9590| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9591| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9592| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9593| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9594| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9595| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9596| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9597| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9598| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9599| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9600| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9601| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9602| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9603| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9604| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9605| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9606| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9607| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9608| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9609| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9610| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9611| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9612| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9613| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9614| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9615| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9616| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9617| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9618| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9619| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9620| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9621| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9622| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9623| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9624| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9625| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9626| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9627| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9628| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9629| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9630| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9631| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9632| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9633| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9634| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9635| [100447] Apache2Triad Multiple Security Vulnerabilities
9636| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9637| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9638| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9639| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9640| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9641| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9642| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9643| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9644| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9645| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9646| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9647| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9648| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9649| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9650| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9651| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9652| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9653| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9654| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9655| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9656| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9657| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9658| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9659| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9660| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9661| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9662| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9663| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9664| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9665| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9666| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9667| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9668| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9669| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9670| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9671| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9672| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9673| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9674| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9675| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9676| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9677| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9678| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9679| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9680| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9681| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9682| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9683| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9684| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9685| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9686| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9687| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9688| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9689| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9690| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9691| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9692| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9693| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9694| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9695| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9696| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9697| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9698| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9699| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9700| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9701| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9702| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9703| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9704| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9705| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9706| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9707| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9708| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9709| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9710| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9711| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9712| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9713| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9714| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9715| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9716| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9717| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9718| [95675] Apache Struts Remote Code Execution Vulnerability
9719| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9720| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9721| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9722| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9723| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9724| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9725| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9726| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9727| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9728| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9729| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9730| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9731| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9732| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9733| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9734| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9735| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9736| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9737| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9738| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9739| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9740| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9741| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9742| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9743| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9744| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9745| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9746| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9747| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9748| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9749| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9750| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9751| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9752| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9753| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9754| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9755| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9756| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9757| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9758| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9759| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9760| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9761| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9762| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9763| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9764| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9765| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9766| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9767| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9768| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9769| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9770| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9771| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9772| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9773| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9774| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9775| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9776| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9777| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9778| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9779| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9780| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9781| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9782| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9783| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9784| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9785| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9786| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9787| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9788| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9789| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9790| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9791| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9792| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9793| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9794| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9795| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9796| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9797| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9798| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9799| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9800| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9801| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9802| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9803| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9804| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9805| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9806| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9807| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9808| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9809| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9810| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9811| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9812| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9813| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9814| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9815| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9816| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9817| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9818| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9819| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9820| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9821| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9822| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9823| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9824| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9825| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9826| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9827| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9828| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9829| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9830| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9831| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9832| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9833| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9834| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9835| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9836| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9837| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9838| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9839| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9840| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9841| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9842| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9843| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9844| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9845| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9846| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9847| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9848| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9849| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9850| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9851| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9852| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9853| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9854| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9855| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9856| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9857| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9858| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9859| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9860| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9861| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9862| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9863| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9864| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9865| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9866| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9867| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9868| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9869| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9870| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9871| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9872| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9873| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9874| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9875| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9876| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9877| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9878| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9879| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9880| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9881| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9882| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9883| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9884| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9885| [76933] Apache James Server Unspecified Command Execution Vulnerability
9886| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9887| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9888| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9889| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9890| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9891| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9892| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9893| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9894| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9895| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9896| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9897| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9898| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9899| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9900| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9901| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9902| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9903| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9904| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9905| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9906| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9907| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9908| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9909| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9910| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9911| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9912| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9913| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9914| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9915| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9916| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9917| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9918| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9919| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9920| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9921| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9922| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9923| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9924| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9925| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9926| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9927| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9928| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9929| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9930| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9931| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9932| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9933| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9934| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9935| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9936| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9937| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9938| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9939| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9940| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9941| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9942| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9943| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9944| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9945| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9946| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9947| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9948| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9949| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9950| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9951| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9952| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9953| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9954| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9955| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9956| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9957| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9958| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9959| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9960| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9961| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9962| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9963| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9964| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9965| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9966| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9967| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9968| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9969| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9970| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9971| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9972| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9973| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9974| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9975| [68229] Apache Harmony PRNG Entropy Weakness
9976| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9977| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9978| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9979| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9980| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9981| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9982| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9983| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9984| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9985| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9986| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9987| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9988| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9989| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9990| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9991| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9992| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9993| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9994| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9995| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9996| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9997| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9998| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9999| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10000| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10001| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10002| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10003| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10004| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10005| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10006| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10007| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10008| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10009| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10010| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10011| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10012| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10013| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10014| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10015| [64780] Apache CloudStack Unauthorized Access Vulnerability
10016| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10017| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10018| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10019| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10020| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10021| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10022| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10023| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10024| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10025| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10026| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10027| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10028| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10029| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10030| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10031| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10032| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10033| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10034| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10035| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10036| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10037| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10038| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10039| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10040| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10041| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10042| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10043| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10044| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10045| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10046| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10047| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10048| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10049| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10050| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10051| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10052| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10053| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10054| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10055| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10056| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10057| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10058| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10059| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10060| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10061| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10062| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10063| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10064| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10065| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10066| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10067| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10068| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10069| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10070| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10071| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10072| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10073| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10074| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10075| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10076| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10077| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10078| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10079| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10080| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10081| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10082| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10083| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10084| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10085| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10086| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10087| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10088| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10089| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10090| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10091| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10092| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10093| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10094| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10095| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10096| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10097| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10098| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10099| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10100| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10101| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10102| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10103| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10104| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10105| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10106| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10107| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10108| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10109| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10110| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10111| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10112| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10113| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10114| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10115| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10116| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10117| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10118| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10119| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10120| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10121| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10122| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10123| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10124| [54798] Apache Libcloud Man In The Middle Vulnerability
10125| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10126| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10127| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10128| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10129| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10130| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10131| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10132| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10133| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10134| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10135| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10136| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10137| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10138| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10139| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10140| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10141| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10142| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10143| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10144| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10145| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10146| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10147| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10148| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10149| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10150| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10151| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10152| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10153| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10154| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10155| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10156| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10157| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10158| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10159| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10160| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10161| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10162| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10163| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10164| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10165| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10166| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10167| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10168| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10169| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10170| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10171| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10172| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10173| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10174| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10175| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10176| [49290] Apache Wicket Cross Site Scripting Vulnerability
10177| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10178| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10179| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10180| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10181| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10182| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10183| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10184| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10185| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10186| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10187| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10188| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10189| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10190| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10191| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10192| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10193| [46953] Apache MPM-ITK Module Security Weakness
10194| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10195| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10196| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10197| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10198| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10199| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10200| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10201| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10202| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10203| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10204| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10205| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10206| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10207| [44616] Apache Shiro Directory Traversal Vulnerability
10208| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10209| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10210| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10211| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10212| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10213| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10214| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10215| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10216| [42492] Apache CXF XML DTD Processing Security Vulnerability
10217| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10218| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10219| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10220| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10221| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10222| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10223| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10224| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10225| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10226| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10227| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10228| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10229| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10230| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10231| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10232| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10233| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10234| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10235| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10236| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10237| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10238| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10239| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10240| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10241| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10242| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10243| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10244| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10245| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10246| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10247| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10248| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10249| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10250| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10251| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10252| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10253| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10254| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10255| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10256| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10257| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10258| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10259| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10260| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10261| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10262| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10263| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10264| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10265| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10266| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10267| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10268| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10269| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10270| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10271| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10272| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10273| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10274| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10275| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10276| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
10277| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10278| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
10279| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
10280| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
10281| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
10282| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
10283| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
10284| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
10285| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
10286| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
10287| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10288| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
10289| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10290| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
10291| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
10292| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
10293| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
10294| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
10295| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10296| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10297| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10298| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10299| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10300| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10301| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10302| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10303| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10304| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10305| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10306| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10307| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10308| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10309| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10310| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10311| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10312| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10313| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10314| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10315| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10316| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10317| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10318| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10319| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10320| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10321| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10322| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10323| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10324| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10325| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10326| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10327| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10328| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10329| [20527] Apache Mod_TCL Remote Format String Vulnerability
10330| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10331| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10332| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10333| [19106] Apache Tomcat Information Disclosure Vulnerability
10334| [18138] Apache James SMTP Denial Of Service Vulnerability
10335| [17342] Apache Struts Multiple Remote Vulnerabilities
10336| [17095] Apache Log4Net Denial Of Service Vulnerability
10337| [16916] Apache mod_python FileSession Code Execution Vulnerability
10338| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10339| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10340| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10341| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10342| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10343| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10344| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10345| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10346| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10347| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10348| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10349| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10350| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10351| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10352| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10353| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10354| [14106] Apache HTTP Request Smuggling Vulnerability
10355| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10356| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10357| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10358| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10359| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10360| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10361| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10362| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10363| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10364| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10365| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10366| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10367| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10368| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10369| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10370| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10371| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10372| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10373| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10374| [11094] Apache mod_ssl Denial Of Service Vulnerability
10375| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10376| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10377| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10378| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10379| [10478] ClueCentral Apache Suexec Patch Security Weakness
10380| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10381| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10382| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10383| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10384| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10385| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10386| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10387| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10388| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10389| [9733] Apache Cygwin Directory Traversal Vulnerability
10390| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10391| [9590] Apache-SSL Client Certificate Forging Vulnerability
10392| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10393| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10394| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10395| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10396| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10397| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10398| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10399| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10400| [8898] Red Hat Apache Directory Index Default Configuration Error
10401| [8883] Apache Cocoon Directory Traversal Vulnerability
10402| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10403| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10404| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10405| [8707] Apache htpasswd Password Entropy Weakness
10406| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10407| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10408| [8226] Apache HTTP Server Multiple Vulnerabilities
10409| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10410| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10411| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10412| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10413| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10414| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10415| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10416| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10417| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10418| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10419| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10420| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10421| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10422| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10423| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10424| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10425| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10426| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10427| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10428| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10429| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10430| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10431| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10432| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10433| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10434| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10435| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10436| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10437| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10438| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10439| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10440| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10441| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10442| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10443| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10444| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10445| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10446| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10447| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10448| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10449| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10450| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10451| [5485] Apache 2.0 Path Disclosure Vulnerability
10452| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10453| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10454| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10455| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10456| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10457| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10458| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10459| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10460| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10461| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10462| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10463| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10464| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10465| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10466| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10467| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10468| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10469| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10470| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10471| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10472| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10473| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10474| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10475| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10476| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10477| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10478| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10479| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10480| [3596] Apache Split-Logfile File Append Vulnerability
10481| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10482| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10483| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10484| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10485| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10486| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10487| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10488| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10489| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10490| [3169] Apache Server Address Disclosure Vulnerability
10491| [3009] Apache Possible Directory Index Disclosure Vulnerability
10492| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10493| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10494| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10495| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10496| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10497| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10498| [2216] Apache Web Server DoS Vulnerability
10499| [2182] Apache /tmp File Race Vulnerability
10500| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10501| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10502| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10503| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10504| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10505| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10506| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10507| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10508| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10509| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10510| [1457] Apache::ASP source.asp Example Script Vulnerability
10511| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10512| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10513|
10514| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10515| [86258] Apache CloudStack text fields cross-site scripting
10516| [85983] Apache Subversion mod_dav_svn module denial of service
10517| [85875] Apache OFBiz UEL code execution
10518| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10519| [85871] Apache HTTP Server mod_session_dbd unspecified
10520| [85756] Apache Struts OGNL expression command execution
10521| [85755] Apache Struts DefaultActionMapper class open redirect
10522| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10523| [85574] Apache HTTP Server mod_dav denial of service
10524| [85573] Apache Struts Showcase App OGNL code execution
10525| [85496] Apache CXF denial of service
10526| [85423] Apache Geronimo RMI classloader code execution
10527| [85326] Apache Santuario XML Security for C++ buffer overflow
10528| [85323] Apache Santuario XML Security for Java spoofing
10529| [85319] Apache Qpid Python client SSL spoofing
10530| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10531| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10532| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10533| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10534| [84952] Apache Tomcat CVE-2012-3544 denial of service
10535| [84763] Apache Struts CVE-2013-2135 security bypass
10536| [84762] Apache Struts CVE-2013-2134 security bypass
10537| [84719] Apache Subversion CVE-2013-2088 command execution
10538| [84718] Apache Subversion CVE-2013-2112 denial of service
10539| [84717] Apache Subversion CVE-2013-1968 denial of service
10540| [84577] Apache Tomcat security bypass
10541| [84576] Apache Tomcat symlink
10542| [84543] Apache Struts CVE-2013-2115 security bypass
10543| [84542] Apache Struts CVE-2013-1966 security bypass
10544| [84154] Apache Tomcat session hijacking
10545| [84144] Apache Tomcat denial of service
10546| [84143] Apache Tomcat information disclosure
10547| [84111] Apache HTTP Server command execution
10548| [84043] Apache Virtual Computing Lab cross-site scripting
10549| [84042] Apache Virtual Computing Lab cross-site scripting
10550| [83782] Apache CloudStack information disclosure
10551| [83781] Apache CloudStack security bypass
10552| [83720] Apache ActiveMQ cross-site scripting
10553| [83719] Apache ActiveMQ denial of service
10554| [83718] Apache ActiveMQ denial of service
10555| [83263] Apache Subversion denial of service
10556| [83262] Apache Subversion denial of service
10557| [83261] Apache Subversion denial of service
10558| [83259] Apache Subversion denial of service
10559| [83035] Apache mod_ruid2 security bypass
10560| [82852] Apache Qpid federation_tag security bypass
10561| [82851] Apache Qpid qpid::framing::Buffer denial of service
10562| [82758] Apache Rave User RPC API information disclosure
10563| [82663] Apache Subversion svn_fs_file_length() denial of service
10564| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10565| [82641] Apache Qpid AMQP denial of service
10566| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10567| [82618] Apache Commons FileUpload symlink
10568| [82360] Apache HTTP Server manager interface cross-site scripting
10569| [82359] Apache HTTP Server hostnames cross-site scripting
10570| [82338] Apache Tomcat log/logdir information disclosure
10571| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10572| [82268] Apache OpenJPA deserialization command execution
10573| [81981] Apache CXF UsernameTokens security bypass
10574| [81980] Apache CXF WS-Security security bypass
10575| [81398] Apache OFBiz cross-site scripting
10576| [81240] Apache CouchDB directory traversal
10577| [81226] Apache CouchDB JSONP code execution
10578| [81225] Apache CouchDB Futon user interface cross-site scripting
10579| [81211] Apache Axis2/C SSL spoofing
10580| [81167] Apache CloudStack DeployVM information disclosure
10581| [81166] Apache CloudStack AddHost API information disclosure
10582| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10583| [80518] Apache Tomcat cross-site request forgery security bypass
10584| [80517] Apache Tomcat FormAuthenticator security bypass
10585| [80516] Apache Tomcat NIO denial of service
10586| [80408] Apache Tomcat replay-countermeasure security bypass
10587| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10588| [80317] Apache Tomcat slowloris denial of service
10589| [79984] Apache Commons HttpClient SSL spoofing
10590| [79983] Apache CXF SSL spoofing
10591| [79830] Apache Axis2/Java SSL spoofing
10592| [79829] Apache Axis SSL spoofing
10593| [79809] Apache Tomcat DIGEST security bypass
10594| [79806] Apache Tomcat parseHeaders() denial of service
10595| [79540] Apache OFBiz unspecified
10596| [79487] Apache Axis2 SAML security bypass
10597| [79212] Apache Cloudstack code execution
10598| [78734] Apache CXF SOAP Action security bypass
10599| [78730] Apache Qpid broker denial of service
10600| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10601| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10602| [78562] Apache mod_pagespeed module security bypass
10603| [78454] Apache Axis2 security bypass
10604| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10605| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10606| [78321] Apache Wicket unspecified cross-site scripting
10607| [78183] Apache Struts parameters denial of service
10608| [78182] Apache Struts cross-site request forgery
10609| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10610| [77987] mod_rpaf module for Apache denial of service
10611| [77958] Apache Struts skill name code execution
10612| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10613| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10614| [77568] Apache Qpid broker security bypass
10615| [77421] Apache Libcloud spoofing
10616| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10617| [77046] Oracle Solaris Apache HTTP Server information disclosure
10618| [76837] Apache Hadoop information disclosure
10619| [76802] Apache Sling CopyFrom denial of service
10620| [76692] Apache Hadoop symlink
10621| [76535] Apache Roller console cross-site request forgery
10622| [76534] Apache Roller weblog cross-site scripting
10623| [76152] Apache CXF elements security bypass
10624| [76151] Apache CXF child policies security bypass
10625| [75983] MapServer for Windows Apache file include
10626| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10627| [75558] Apache POI denial of service
10628| [75545] PHP apache_request_headers() buffer overflow
10629| [75302] Apache Qpid SASL security bypass
10630| [75211] Debian GNU/Linux apache 2 cross-site scripting
10631| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10632| [74871] Apache OFBiz FlexibleStringExpander code execution
10633| [74870] Apache OFBiz multiple cross-site scripting
10634| [74750] Apache Hadoop unspecified spoofing
10635| [74319] Apache Struts XSLTResult.java file upload
10636| [74313] Apache Traffic Server header buffer overflow
10637| [74276] Apache Wicket directory traversal
10638| [74273] Apache Wicket unspecified cross-site scripting
10639| [74181] Apache HTTP Server mod_fcgid module denial of service
10640| [73690] Apache Struts OGNL code execution
10641| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10642| [73100] Apache MyFaces in directory traversal
10643| [73096] Apache APR hash denial of service
10644| [73052] Apache Struts name cross-site scripting
10645| [73030] Apache CXF UsernameToken security bypass
10646| [72888] Apache Struts lastName cross-site scripting
10647| [72758] Apache HTTP Server httpOnly information disclosure
10648| [72757] Apache HTTP Server MPM denial of service
10649| [72585] Apache Struts ParameterInterceptor security bypass
10650| [72438] Apache Tomcat Digest security bypass
10651| [72437] Apache Tomcat Digest security bypass
10652| [72436] Apache Tomcat DIGEST security bypass
10653| [72425] Apache Tomcat parameter denial of service
10654| [72422] Apache Tomcat request object information disclosure
10655| [72377] Apache HTTP Server scoreboard security bypass
10656| [72345] Apache HTTP Server HTTP request denial of service
10657| [72229] Apache Struts ExceptionDelegator command execution
10658| [72089] Apache Struts ParameterInterceptor directory traversal
10659| [72088] Apache Struts CookieInterceptor command execution
10660| [72047] Apache Geronimo hash denial of service
10661| [72016] Apache Tomcat hash denial of service
10662| [71711] Apache Struts OGNL expression code execution
10663| [71654] Apache Struts interfaces security bypass
10664| [71620] Apache ActiveMQ failover denial of service
10665| [71617] Apache HTTP Server mod_proxy module information disclosure
10666| [71508] Apache MyFaces EL security bypass
10667| [71445] Apache HTTP Server mod_proxy security bypass
10668| [71203] Apache Tomcat servlets privilege escalation
10669| [71181] Apache HTTP Server ap_pregsub() denial of service
10670| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10671| [70336] Apache HTTP Server mod_proxy information disclosure
10672| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10673| [69472] Apache Tomcat AJP security bypass
10674| [69396] Apache HTTP Server ByteRange filter denial of service
10675| [69394] Apache Wicket multi window support cross-site scripting
10676| [69176] Apache Tomcat XML information disclosure
10677| [69161] Apache Tomcat jsvc information disclosure
10678| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10679| [68541] Apache Tomcat sendfile information disclosure
10680| [68420] Apache XML Security denial of service
10681| [68238] Apache Tomcat JMX information disclosure
10682| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10683| [67804] Apache Subversion control rules information disclosure
10684| [67803] Apache Subversion control rules denial of service
10685| [67802] Apache Subversion baselined denial of service
10686| [67672] Apache Archiva multiple cross-site scripting
10687| [67671] Apache Archiva multiple cross-site request forgery
10688| [67564] Apache APR apr_fnmatch() denial of service
10689| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10690| [67515] Apache Tomcat annotations security bypass
10691| [67480] Apache Struts s:submit information disclosure
10692| [67414] Apache APR apr_fnmatch() denial of service
10693| [67356] Apache Struts javatemplates cross-site scripting
10694| [67354] Apache Struts Xwork cross-site scripting
10695| [66676] Apache Tomcat HTTP BIO information disclosure
10696| [66675] Apache Tomcat web.xml security bypass
10697| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10698| [66241] Apache HttpComponents information disclosure
10699| [66154] Apache Tomcat ServletSecurity security bypass
10700| [65971] Apache Tomcat ServletSecurity security bypass
10701| [65876] Apache Subversion mod_dav_svn denial of service
10702| [65343] Apache Continuum unspecified cross-site scripting
10703| [65162] Apache Tomcat NIO connector denial of service
10704| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10705| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10706| [65159] Apache Tomcat ServletContect security bypass
10707| [65050] Apache CouchDB web-based administration UI cross-site scripting
10708| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10709| [64473] Apache Subversion blame -g denial of service
10710| [64472] Apache Subversion walk() denial of service
10711| [64407] Apache Axis2 CVE-2010-0219 code execution
10712| [63926] Apache Archiva password privilege escalation
10713| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10714| [63493] Apache Archiva credentials cross-site request forgery
10715| [63477] Apache Tomcat HttpOnly session hijacking
10716| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10717| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10718| [62959] Apache Shiro filters security bypass
10719| [62790] Apache Perl cgi module denial of service
10720| [62576] Apache Qpid exchange denial of service
10721| [62575] Apache Qpid AMQP denial of service
10722| [62354] Apache Qpid SSL denial of service
10723| [62235] Apache APR-util apr_brigade_split_line() denial of service
10724| [62181] Apache XML-RPC SAX Parser information disclosure
10725| [61721] Apache Traffic Server cache poisoning
10726| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10727| [61186] Apache CouchDB Futon cross-site request forgery
10728| [61169] Apache CXF DTD denial of service
10729| [61070] Apache Jackrabbit search.jsp SQL injection
10730| [61006] Apache SLMS Quoting cross-site request forgery
10731| [60962] Apache Tomcat time cross-site scripting
10732| [60883] Apache mod_proxy_http information disclosure
10733| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10734| [60264] Apache Tomcat Transfer-Encoding denial of service
10735| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10736| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10737| [59413] Apache mod_proxy_http timeout information disclosure
10738| [59058] Apache MyFaces unencrypted view state cross-site scripting
10739| [58827] Apache Axis2 xsd file include
10740| [58790] Apache Axis2 modules cross-site scripting
10741| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10742| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10743| [58056] Apache ActiveMQ .jsp source code disclosure
10744| [58055] Apache Tomcat realm name information disclosure
10745| [58046] Apache HTTP Server mod_auth_shadow security bypass
10746| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10747| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10748| [57429] Apache CouchDB algorithms information disclosure
10749| [57398] Apache ActiveMQ Web console cross-site request forgery
10750| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10751| [56653] Apache HTTP Server DNS spoofing
10752| [56652] Apache HTTP Server DNS cross-site scripting
10753| [56625] Apache HTTP Server request header information disclosure
10754| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10755| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10756| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10757| [55857] Apache Tomcat WAR files directory traversal
10758| [55856] Apache Tomcat autoDeploy attribute security bypass
10759| [55855] Apache Tomcat WAR directory traversal
10760| [55210] Intuit component for Joomla! Apache information disclosure
10761| [54533] Apache Tomcat 404 error page cross-site scripting
10762| [54182] Apache Tomcat admin default password
10763| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10764| [53666] Apache HTTP Server Solaris pollset support denial of service
10765| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10766| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10767| [53041] mod_proxy_ftp module for Apache denial of service
10768| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10769| [51953] Apache Tomcat Path Disclosure
10770| [51952] Apache Tomcat Path Traversal
10771| [51951] Apache stronghold-status Information Disclosure
10772| [51950] Apache stronghold-info Information Disclosure
10773| [51949] Apache PHP Source Code Disclosure
10774| [51948] Apache Multiviews Attack
10775| [51946] Apache JServ Environment Status Information Disclosure
10776| [51945] Apache error_log Information Disclosure
10777| [51944] Apache Default Installation Page Pattern Found
10778| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10779| [51942] Apache AXIS XML External Entity File Retrieval
10780| [51941] Apache AXIS Sample Servlet Information Leak
10781| [51940] Apache access_log Information Disclosure
10782| [51626] Apache mod_deflate denial of service
10783| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10784| [51365] Apache Tomcat RequestDispatcher security bypass
10785| [51273] Apache HTTP Server Incomplete Request denial of service
10786| [51195] Apache Tomcat XML information disclosure
10787| [50994] Apache APR-util xml/apr_xml.c denial of service
10788| [50993] Apache APR-util apr_brigade_vprintf denial of service
10789| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10790| [50930] Apache Tomcat j_security_check information disclosure
10791| [50928] Apache Tomcat AJP denial of service
10792| [50884] Apache HTTP Server XML ENTITY denial of service
10793| [50808] Apache HTTP Server AllowOverride privilege escalation
10794| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10795| [50059] Apache mod_proxy_ajp information disclosure
10796| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10797| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10798| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10799| [49921] Apache ActiveMQ Web interface cross-site scripting
10800| [49898] Apache Geronimo Services/Repository directory traversal
10801| [49725] Apache Tomcat mod_jk module information disclosure
10802| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10803| [49712] Apache Struts unspecified cross-site scripting
10804| [49213] Apache Tomcat cal2.jsp cross-site scripting
10805| [48934] Apache Tomcat POST doRead method information disclosure
10806| [48211] Apache Tomcat header HTTP request smuggling
10807| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10808| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10809| [47709] Apache Roller "
10810| [47104] Novell Netware ApacheAdmin console security bypass
10811| [47086] Apache HTTP Server OS fingerprinting unspecified
10812| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10813| [45791] Apache Tomcat RemoteFilterValve security bypass
10814| [44435] Oracle WebLogic Apache Connector buffer overflow
10815| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10816| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10817| [44156] Apache Tomcat RequestDispatcher directory traversal
10818| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10819| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10820| [42987] Apache HTTP Server mod_proxy module denial of service
10821| [42915] Apache Tomcat JSP files path disclosure
10822| [42914] Apache Tomcat MS-DOS path disclosure
10823| [42892] Apache Tomcat unspecified unauthorized access
10824| [42816] Apache Tomcat Host Manager cross-site scripting
10825| [42303] Apache 403 error cross-site scripting
10826| [41618] Apache-SSL ExpandCert() authentication bypass
10827| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10828| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10829| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10830| [40562] Apache Geronimo init information disclosure
10831| [40478] Novell Web Manager webadmin-apache.conf security bypass
10832| [40411] Apache Tomcat exception handling information disclosure
10833| [40409] Apache Tomcat native (APR based) connector weak security
10834| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10835| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10836| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10837| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10838| [39804] Apache Tomcat SingleSignOn information disclosure
10839| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10840| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10841| [39608] Apache HTTP Server balancer manager cross-site request forgery
10842| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10843| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10844| [39472] Apache HTTP Server mod_status cross-site scripting
10845| [39201] Apache Tomcat JULI logging weak security
10846| [39158] Apache HTTP Server Windows SMB shares information disclosure
10847| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10848| [38951] Apache::AuthCAS Perl module cookie SQL injection
10849| [38800] Apache HTTP Server 413 error page cross-site scripting
10850| [38211] Apache Geronimo SQLLoginModule authentication bypass
10851| [37243] Apache Tomcat WebDAV directory traversal
10852| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10853| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10854| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10855| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10856| [36782] Apache Geronimo MEJB unauthorized access
10857| [36586] Apache HTTP Server UTF-7 cross-site scripting
10858| [36468] Apache Geronimo LoginModule security bypass
10859| [36467] Apache Tomcat functions.jsp cross-site scripting
10860| [36402] Apache Tomcat calendar cross-site request forgery
10861| [36354] Apache HTTP Server mod_proxy module denial of service
10862| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10863| [36336] Apache Derby lock table privilege escalation
10864| [36335] Apache Derby schema privilege escalation
10865| [36006] Apache Tomcat "
10866| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10867| [35999] Apache Tomcat \"
10868| [35795] Apache Tomcat CookieExample cross-site scripting
10869| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10870| [35384] Apache HTTP Server mod_cache module denial of service
10871| [35097] Apache HTTP Server mod_status module cross-site scripting
10872| [35095] Apache HTTP Server Prefork MPM module denial of service
10873| [34984] Apache HTTP Server recall_headers information disclosure
10874| [34966] Apache HTTP Server MPM content spoofing
10875| [34965] Apache HTTP Server MPM information disclosure
10876| [34963] Apache HTTP Server MPM multiple denial of service
10877| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10878| [34869] Apache Tomcat JSP example Web application cross-site scripting
10879| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10880| [34496] Apache Tomcat JK Connector security bypass
10881| [34377] Apache Tomcat hello.jsp cross-site scripting
10882| [34212] Apache Tomcat SSL configuration security bypass
10883| [34210] Apache Tomcat Accept-Language cross-site scripting
10884| [34209] Apache Tomcat calendar application cross-site scripting
10885| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10886| [34167] Apache Axis WSDL file path disclosure
10887| [34068] Apache Tomcat AJP connector information disclosure
10888| [33584] Apache HTTP Server suEXEC privilege escalation
10889| [32988] Apache Tomcat proxy module directory traversal
10890| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10891| [32708] Debian Apache tty privilege escalation
10892| [32441] ApacheStats extract() PHP call unspecified
10893| [32128] Apache Tomcat default account
10894| [31680] Apache Tomcat RequestParamExample cross-site scripting
10895| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10896| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10897| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10898| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10899| [29550] Apache mod_tcl set_var() format string
10900| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10901| [28357] Apache HTTP Server mod_alias script source information disclosure
10902| [28063] Apache mod_rewrite off-by-one buffer overflow
10903| [27902] Apache Tomcat URL information disclosure
10904| [26786] Apache James SMTP server denial of service
10905| [25680] libapache2 /tmp/svn file upload
10906| [25614] Apache Struts lookupMap cross-site scripting
10907| [25613] Apache Struts ActionForm denial of service
10908| [25612] Apache Struts isCancelled() security bypass
10909| [24965] Apache mod_python FileSession command execution
10910| [24716] Apache James spooler memory leak denial of service
10911| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10912| [24158] Apache Geronimo jsp-examples cross-site scripting
10913| [24030] Apache auth_ldap module multiple format strings
10914| [24008] Apache mod_ssl custom error message denial of service
10915| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10916| [23612] Apache mod_imap referer field cross-site scripting
10917| [23173] Apache Struts error message cross-site scripting
10918| [22942] Apache Tomcat directory listing denial of service
10919| [22858] Apache Multi-Processing Module code allows denial of service
10920| [22602] RHSA-2005:582 updates for Apache httpd not installed
10921| [22520] Apache mod-auth-shadow "
10922| [22466] ApacheTop symlink
10923| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10924| [22006] Apache HTTP Server byte-range filter denial of service
10925| [21567] Apache mod_ssl off-by-one buffer overflow
10926| [21195] Apache HTTP Server header HTTP request smuggling
10927| [20383] Apache HTTP Server htdigest buffer overflow
10928| [19681] Apache Tomcat AJP12 request denial of service
10929| [18993] Apache HTTP server check_forensic symlink attack
10930| [18790] Apache Tomcat Manager cross-site scripting
10931| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10932| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10933| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10934| [17961] Apache Web server ServerTokens has not been set
10935| [17930] Apache HTTP Server HTTP GET request denial of service
10936| [17785] Apache mod_include module buffer overflow
10937| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10938| [17473] Apache HTTP Server Satisfy directive allows access to resources
10939| [17413] Apache htpasswd buffer overflow
10940| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10941| [17382] Apache HTTP Server IPv6 apr_util denial of service
10942| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10943| [17273] Apache HTTP Server speculative mode denial of service
10944| [17200] Apache HTTP Server mod_ssl denial of service
10945| [16890] Apache HTTP Server server-info request has been detected
10946| [16889] Apache HTTP Server server-status request has been detected
10947| [16705] Apache mod_ssl format string attack
10948| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10949| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10950| [16230] Apache HTTP Server PHP denial of service
10951| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10952| [15958] Apache HTTP Server authentication modules memory corruption
10953| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10954| [15540] Apache HTTP Server socket starvation denial of service
10955| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10956| [15422] Apache HTTP Server mod_access information disclosure
10957| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10958| [15293] Apache for Cygwin "
10959| [15065] Apache-SSL has a default password
10960| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10961| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10962| [14751] Apache Mod_python output filter information disclosure
10963| [14125] Apache HTTP Server mod_userdir module information disclosure
10964| [14075] Apache HTTP Server mod_php file descriptor leak
10965| [13703] Apache HTTP Server account
10966| [13689] Apache HTTP Server configuration allows symlinks
10967| [13688] Apache HTTP Server configuration allows SSI
10968| [13687] Apache HTTP Server Server: header value
10969| [13685] Apache HTTP Server ServerTokens value
10970| [13684] Apache HTTP Server ServerSignature value
10971| [13672] Apache HTTP Server config allows directory autoindexing
10972| [13671] Apache HTTP Server default content
10973| [13670] Apache HTTP Server config file directive references outside content root
10974| [13668] Apache HTTP Server httpd not running in chroot environment
10975| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10976| [13664] Apache HTTP Server config file contains ScriptAlias entry
10977| [13663] Apache HTTP Server CGI support modules loaded
10978| [13661] Apache HTTP Server config file contains AddHandler entry
10979| [13660] Apache HTTP Server 500 error page not CGI script
10980| [13659] Apache HTTP Server 413 error page not CGI script
10981| [13658] Apache HTTP Server 403 error page not CGI script
10982| [13657] Apache HTTP Server 401 error page not CGI script
10983| [13552] Apache HTTP Server mod_cgid module information disclosure
10984| [13550] Apache GET request directory traversal
10985| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10986| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10987| [13429] Apache Tomcat non-HTTP request denial of service
10988| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10989| [13295] Apache weak password encryption
10990| [13254] Apache Tomcat .jsp cross-site scripting
10991| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10992| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10993| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10994| [12662] Apache HTTP Server rotatelogs denial of service
10995| [12554] Apache Tomcat stores password in plain text
10996| [12553] Apache HTTP Server redirects and subrequests denial of service
10997| [12552] Apache HTTP Server FTP proxy server denial of service
10998| [12551] Apache HTTP Server prefork MPM denial of service
10999| [12550] Apache HTTP Server weaker than expected encryption
11000| [12549] Apache HTTP Server type-map file denial of service
11001| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11002| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11003| [12091] Apache HTTP Server apr_password_validate denial of service
11004| [12090] Apache HTTP Server apr_psprintf code execution
11005| [11804] Apache HTTP Server mod_access_referer denial of service
11006| [11750] Apache HTTP Server could leak sensitive file descriptors
11007| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11008| [11703] Apache long slash path allows directory listing
11009| [11695] Apache HTTP Server LF (Line Feed) denial of service
11010| [11694] Apache HTTP Server filestat.c denial of service
11011| [11438] Apache HTTP Server MIME message boundaries information disclosure
11012| [11412] Apache HTTP Server error log terminal escape sequence injection
11013| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11014| [11195] Apache Tomcat web.xml could be used to read files
11015| [11194] Apache Tomcat URL appended with a null character could list directories
11016| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11017| [11126] Apache HTTP Server illegal character file disclosure
11018| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11019| [11124] Apache HTTP Server DOS device name denial of service
11020| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11021| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11022| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11023| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11024| [10499] Apache HTTP Server WebDAV HTTP POST view source
11025| [10457] Apache HTTP Server mod_ssl "
11026| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11027| [10414] Apache HTTP Server htdigest multiple buffer overflows
11028| [10413] Apache HTTP Server htdigest temporary file race condition
11029| [10412] Apache HTTP Server htpasswd temporary file race condition
11030| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11031| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11032| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11033| [10280] Apache HTTP Server shared memory scorecard overwrite
11034| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11035| [10241] Apache HTTP Server Host: header cross-site scripting
11036| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11037| [10208] Apache HTTP Server mod_dav denial of service
11038| [10206] HP VVOS Apache mod_ssl denial of service
11039| [10200] Apache HTTP Server stderr denial of service
11040| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11041| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11042| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11043| [10098] Slapper worm targets OpenSSL/Apache systems
11044| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11045| [9875] Apache HTTP Server .var file request could disclose installation path
11046| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11047| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11048| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11049| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11050| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11051| [9396] Apache Tomcat null character to threads denial of service
11052| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11053| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11054| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11055| [8932] Apache Tomcat example class information disclosure
11056| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11057| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11058| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11059| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11060| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11061| [8400] Apache HTTP Server mod_frontpage buffer overflows
11062| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11063| [8308] Apache "
11064| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11065| [8119] Apache and PHP OPTIONS request reveals "
11066| [8054] Apache is running on the system
11067| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11068| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11069| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11070| [7836] Apache HTTP Server log directory denial of service
11071| [7815] Apache for Windows "
11072| [7810] Apache HTTP request could result in unexpected behavior
11073| [7599] Apache Tomcat reveals installation path
11074| [7494] Apache "
11075| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11076| [7363] Apache Web Server hidden HTTP requests
11077| [7249] Apache mod_proxy denial of service
11078| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11079| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11080| [7059] Apache "
11081| [7057] Apache "
11082| [7056] Apache "
11083| [7055] Apache "
11084| [7054] Apache "
11085| [6997] Apache Jakarta Tomcat error message may reveal information
11086| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11087| [6970] Apache crafted HTTP request could reveal the internal IP address
11088| [6921] Apache long slash path allows directory listing
11089| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11090| [6527] Apache Web Server for Windows and OS2 denial of service
11091| [6316] Apache Jakarta Tomcat may reveal JSP source code
11092| [6305] Apache Jakarta Tomcat directory traversal
11093| [5926] Linux Apache symbolic link
11094| [5659] Apache Web server discloses files when used with php script
11095| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11096| [5204] Apache WebDAV directory listings
11097| [5197] Apache Web server reveals CGI script source code
11098| [5160] Apache Jakarta Tomcat default installation
11099| [5099] Trustix Secure Linux installs Apache with world writable access
11100| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11101| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11102| [4931] Apache source.asp example file allows users to write to files
11103| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11104| [4205] Apache Jakarta Tomcat delivers file contents
11105| [2084] Apache on Debian by default serves the /usr/doc directory
11106| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11107| [697] Apache HTTP server beck exploit
11108| [331] Apache cookies buffer overflow
11109|
11110| Exploit-DB - https://www.exploit-db.com:
11111| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11112| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11113| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11114| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11115| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11116| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11117| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11118| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11119| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11120| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11121| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11122| [29859] Apache Roller OGNL Injection
11123| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11124| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11125| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11126| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11127| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11128| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11129| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11130| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11131| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11132| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11133| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11134| [27096] Apache Geronimo 1.0 Error Page XSS
11135| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11136| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11137| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11138| [25986] Plesk Apache Zeroday Remote Exploit
11139| [25980] Apache Struts includeParams Remote Code Execution
11140| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11141| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11142| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11143| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11144| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11145| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11146| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11147| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11148| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11149| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11150| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11151| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11152| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11153| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11154| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11155| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11156| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11157| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11158| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11159| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11160| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11161| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11162| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11163| [21719] Apache 2.0 Path Disclosure Vulnerability
11164| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11165| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11166| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11167| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11168| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11169| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11170| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11171| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11172| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11173| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11174| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11175| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11176| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11177| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11178| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11179| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11180| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11181| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11182| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11183| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11184| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11185| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11186| [20558] Apache 1.2 Web Server DoS Vulnerability
11187| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11188| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11189| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11190| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11191| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11192| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11193| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11194| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11195| [19231] PHP apache_request_headers Function Buffer Overflow
11196| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11197| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11198| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11199| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11200| [18442] Apache httpOnly Cookie Disclosure
11201| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11202| [18221] Apache HTTP Server Denial of Service
11203| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11204| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11205| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11206| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11207| [16782] Apache Win32 Chunked Encoding
11208| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11209| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11210| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11211| [15319] Apache 2.2 (Windows) Local Denial of Service
11212| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11213| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11214| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11215| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11216| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11217| [12330] Apache OFBiz - Multiple XSS
11218| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11219| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11220| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11221| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11222| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11223| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11224| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11225| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11226| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11227| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11228| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11229| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11230| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11231| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11232| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11233| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11234| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11235| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11236| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11237| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11238| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11239| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11240| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11241| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11242| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11243| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11244| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11245| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11246| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11247| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11248| [466] htpasswd Apache 1.3.31 - Local Exploit
11249| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11250| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11251| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11252| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11253| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11254| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11255| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11256| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11257| [9] Apache HTTP Server 2.x Memory Leak Exploit
11258|
11259| OpenVAS (Nessus) - http://www.openvas.org:
11260| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11261| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11262| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11263| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11264| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11265| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11266| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11267| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11268| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11269| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11270| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11271| [900571] Apache APR-Utils Version Detection
11272| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11273| [900496] Apache Tiles Multiple XSS Vulnerability
11274| [900493] Apache Tiles Version Detection
11275| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11276| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
11277| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
11278| [870175] RedHat Update for apache RHSA-2008:0004-01
11279| [864591] Fedora Update for apache-poi FEDORA-2012-10835
11280| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
11281| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
11282| [864250] Fedora Update for apache-poi FEDORA-2012-7683
11283| [864249] Fedora Update for apache-poi FEDORA-2012-7686
11284| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
11285| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
11286| [855821] Solaris Update for Apache 1.3 122912-19
11287| [855812] Solaris Update for Apache 1.3 122911-19
11288| [855737] Solaris Update for Apache 1.3 122911-17
11289| [855731] Solaris Update for Apache 1.3 122912-17
11290| [855695] Solaris Update for Apache 1.3 122911-16
11291| [855645] Solaris Update for Apache 1.3 122912-16
11292| [855587] Solaris Update for kernel update and Apache 108529-29
11293| [855566] Solaris Update for Apache 116973-07
11294| [855531] Solaris Update for Apache 116974-07
11295| [855524] Solaris Update for Apache 2 120544-14
11296| [855494] Solaris Update for Apache 1.3 122911-15
11297| [855478] Solaris Update for Apache Security 114145-11
11298| [855472] Solaris Update for Apache Security 113146-12
11299| [855179] Solaris Update for Apache 1.3 122912-15
11300| [855147] Solaris Update for kernel update and Apache 108528-29
11301| [855077] Solaris Update for Apache 2 120543-14
11302| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11303| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11304| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11305| [841209] Ubuntu Update for apache2 USN-1627-1
11306| [840900] Ubuntu Update for apache2 USN-1368-1
11307| [840798] Ubuntu Update for apache2 USN-1259-1
11308| [840734] Ubuntu Update for apache2 USN-1199-1
11309| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11310| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11311| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11312| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11313| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11314| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11315| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11316| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11317| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11318| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11319| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11320| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11321| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11322| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11323| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11324| [835188] HP-UX Update for Apache HPSBUX02308
11325| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11326| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11327| [835172] HP-UX Update for Apache HPSBUX02365
11328| [835168] HP-UX Update for Apache HPSBUX02313
11329| [835148] HP-UX Update for Apache HPSBUX01064
11330| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11331| [835131] HP-UX Update for Apache HPSBUX00256
11332| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11333| [835104] HP-UX Update for Apache HPSBUX00224
11334| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11335| [835101] HP-UX Update for Apache HPSBUX01232
11336| [835080] HP-UX Update for Apache HPSBUX02273
11337| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11338| [835044] HP-UX Update for Apache HPSBUX01019
11339| [835040] HP-UX Update for Apache PHP HPSBUX00207
11340| [835025] HP-UX Update for Apache HPSBUX00197
11341| [835023] HP-UX Update for Apache HPSBUX01022
11342| [835022] HP-UX Update for Apache HPSBUX02292
11343| [835005] HP-UX Update for Apache HPSBUX02262
11344| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11345| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11346| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11347| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11348| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11349| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11350| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11351| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11352| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11353| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11354| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11355| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11356| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11357| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11358| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11359| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11360| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11361| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11362| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11363| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11364| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11365| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11366| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11367| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11368| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11369| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11370| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11371| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11372| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11373| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11374| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11375| [801942] Apache Archiva Multiple Vulnerabilities
11376| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11377| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11378| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11379| [801284] Apache Derby Information Disclosure Vulnerability
11380| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11381| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11382| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11383| [800680] Apache APR Version Detection
11384| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11385| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11386| [800677] Apache Roller Version Detection
11387| [800279] Apache mod_jk Module Version Detection
11388| [800278] Apache Struts Cross Site Scripting Vulnerability
11389| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11390| [800276] Apache Struts Version Detection
11391| [800271] Apache Struts Directory Traversal Vulnerability
11392| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11393| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11394| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11395| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11396| [103074] Apache Continuum Cross Site Scripting Vulnerability
11397| [103073] Apache Continuum Detection
11398| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11399| [101023] Apache Open For Business Weak Password security check
11400| [101020] Apache Open For Business HTML injection vulnerability
11401| [101019] Apache Open For Business service detection
11402| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11403| [100923] Apache Archiva Detection
11404| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11405| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11406| [100813] Apache Axis2 Detection
11407| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11408| [100795] Apache Derby Detection
11409| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11410| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11411| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11412| [100514] Apache Multiple Security Vulnerabilities
11413| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11414| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11415| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11416| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11417| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11418| [72612] FreeBSD Ports: apache22
11419| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11420| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11421| [71512] FreeBSD Ports: apache
11422| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11423| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11424| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11425| [70737] FreeBSD Ports: apache
11426| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11427| [70600] FreeBSD Ports: apache
11428| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11429| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11430| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11431| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11432| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11433| [67868] FreeBSD Ports: apache
11434| [66816] FreeBSD Ports: apache
11435| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11436| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11437| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11438| [66081] SLES11: Security update for Apache 2
11439| [66074] SLES10: Security update for Apache 2
11440| [66070] SLES9: Security update for Apache 2
11441| [65998] SLES10: Security update for apache2-mod_python
11442| [65893] SLES10: Security update for Apache 2
11443| [65888] SLES10: Security update for Apache 2
11444| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11445| [65510] SLES9: Security update for Apache 2
11446| [65472] SLES9: Security update for Apache
11447| [65467] SLES9: Security update for Apache
11448| [65450] SLES9: Security update for apache2
11449| [65390] SLES9: Security update for Apache2
11450| [65363] SLES9: Security update for Apache2
11451| [65309] SLES9: Security update for Apache and mod_ssl
11452| [65296] SLES9: Security update for webdav apache module
11453| [65283] SLES9: Security update for Apache2
11454| [65249] SLES9: Security update for Apache 2
11455| [65230] SLES9: Security update for Apache 2
11456| [65228] SLES9: Security update for Apache 2
11457| [65212] SLES9: Security update for apache2-mod_python
11458| [65209] SLES9: Security update for apache2-worker
11459| [65207] SLES9: Security update for Apache 2
11460| [65168] SLES9: Security update for apache2-mod_python
11461| [65142] SLES9: Security update for Apache2
11462| [65136] SLES9: Security update for Apache 2
11463| [65132] SLES9: Security update for apache
11464| [65131] SLES9: Security update for Apache 2 oes/CORE
11465| [65113] SLES9: Security update for apache2
11466| [65072] SLES9: Security update for apache and mod_ssl
11467| [65017] SLES9: Security update for Apache 2
11468| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11469| [64783] FreeBSD Ports: apache
11470| [64774] Ubuntu USN-802-2 (apache2)
11471| [64653] Ubuntu USN-813-2 (apache2)
11472| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11473| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11474| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11475| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11476| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11477| [64443] Ubuntu USN-802-1 (apache2)
11478| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11479| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11480| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11481| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11482| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11483| [64201] Ubuntu USN-787-1 (apache2)
11484| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11485| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11486| [63565] FreeBSD Ports: apache
11487| [63562] Ubuntu USN-731-1 (apache2)
11488| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11489| [61185] FreeBSD Ports: apache
11490| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11491| [60387] Slackware Advisory SSA:2008-045-02 apache
11492| [58826] FreeBSD Ports: apache-tomcat
11493| [58825] FreeBSD Ports: apache-tomcat
11494| [58804] FreeBSD Ports: apache
11495| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11496| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11497| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11498| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11499| [57335] Debian Security Advisory DSA 1167-1 (apache)
11500| [57201] Debian Security Advisory DSA 1131-1 (apache)
11501| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11502| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11503| [57145] FreeBSD Ports: apache
11504| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11505| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11506| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11507| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11508| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11509| [56067] FreeBSD Ports: apache
11510| [55803] Slackware Advisory SSA:2005-310-04 apache
11511| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11512| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11513| [55355] FreeBSD Ports: apache
11514| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11515| [55261] Debian Security Advisory DSA 805-1 (apache2)
11516| [55259] Debian Security Advisory DSA 803-1 (apache)
11517| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11518| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11519| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11520| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11521| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11522| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11523| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11524| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11525| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11526| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11527| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11528| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11529| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11530| [54439] FreeBSD Ports: apache
11531| [53931] Slackware Advisory SSA:2004-133-01 apache
11532| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11533| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11534| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11535| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11536| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11537| [53848] Debian Security Advisory DSA 131-1 (apache)
11538| [53784] Debian Security Advisory DSA 021-1 (apache)
11539| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11540| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11541| [53735] Debian Security Advisory DSA 187-1 (apache)
11542| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11543| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11544| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11545| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11546| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11547| [53282] Debian Security Advisory DSA 594-1 (apache)
11548| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11549| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11550| [53215] Debian Security Advisory DSA 525-1 (apache)
11551| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11552| [52529] FreeBSD Ports: apache+ssl
11553| [52501] FreeBSD Ports: apache
11554| [52461] FreeBSD Ports: apache
11555| [52390] FreeBSD Ports: apache
11556| [52389] FreeBSD Ports: apache
11557| [52388] FreeBSD Ports: apache
11558| [52383] FreeBSD Ports: apache
11559| [52339] FreeBSD Ports: apache+mod_ssl
11560| [52331] FreeBSD Ports: apache
11561| [52329] FreeBSD Ports: ru-apache+mod_ssl
11562| [52314] FreeBSD Ports: apache
11563| [52310] FreeBSD Ports: apache
11564| [15588] Detect Apache HTTPS
11565| [15555] Apache mod_proxy content-length buffer overflow
11566| [15554] Apache mod_include priviledge escalation
11567| [14771] Apache <= 1.3.33 htpasswd local overflow
11568| [14177] Apache mod_access rule bypass
11569| [13644] Apache mod_rootme Backdoor
11570| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11571| [12280] Apache Connection Blocking Denial of Service
11572| [12239] Apache Error Log Escape Sequence Injection
11573| [12123] Apache Tomcat source.jsp malformed request information disclosure
11574| [12085] Apache Tomcat servlet/JSP container default files
11575| [11438] Apache Tomcat Directory Listing and File disclosure
11576| [11204] Apache Tomcat Default Accounts
11577| [11092] Apache 2.0.39 Win32 directory traversal
11578| [11046] Apache Tomcat TroubleShooter Servlet Installed
11579| [11042] Apache Tomcat DOS Device Name XSS
11580| [11041] Apache Tomcat /servlet Cross Site Scripting
11581| [10938] Apache Remote Command Execution via .bat files
11582| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11583| [10773] MacOS X Finder reveals contents of Apache Web files
11584| [10766] Apache UserDir Sensitive Information Disclosure
11585| [10756] MacOS X Finder reveals contents of Apache Web directories
11586| [10752] Apache Auth Module SQL Insertion Attack
11587| [10704] Apache Directory Listing
11588| [10678] Apache /server-info accessible
11589| [10677] Apache /server-status accessible
11590| [10440] Check for Apache Multiple / vulnerability
11591|
11592| SecurityTracker - https://www.securitytracker.com:
11593| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11594| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11595| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11596| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11597| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11598| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11599| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11600| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11601| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11602| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11603| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11604| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11605| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11606| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11607| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11608| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11609| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11610| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11611| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11612| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11613| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11614| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11615| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11616| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11617| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11618| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11619| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11620| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11621| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11622| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11623| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11624| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11625| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11626| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11627| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11628| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11629| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11630| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11631| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11632| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11633| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11634| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11635| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11636| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11637| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11638| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11639| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11640| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11641| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11642| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11643| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11644| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11645| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11646| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11647| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11648| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11649| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11650| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11651| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11652| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11653| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11654| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11655| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11656| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11657| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11658| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11659| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11660| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11661| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11662| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11663| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11664| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11665| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11666| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11667| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11668| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11669| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11670| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11671| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11672| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11673| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11674| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11675| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11676| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11677| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11678| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11679| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11680| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11681| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11682| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11683| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11684| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11685| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11686| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11687| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11688| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11689| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11690| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11691| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11692| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11693| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11694| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11695| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11696| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11697| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11698| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11699| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11700| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11701| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11702| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11703| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11704| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11705| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11706| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11707| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11708| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11709| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11710| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11711| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11712| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11713| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11714| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11715| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11716| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11717| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11718| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11719| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11720| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11721| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11722| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11723| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11724| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11725| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11726| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11727| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11728| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11729| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11730| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11731| [1008920] Apache mod_digest May Validate Replayed Client Responses
11732| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11733| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11734| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11735| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11736| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11737| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11738| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11739| [1008029] Apache mod_alias Contains a Buffer Overflow
11740| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11741| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11742| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11743| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11744| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11745| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11746| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11747| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11748| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11749| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11750| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11751| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11752| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11753| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11754| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11755| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11756| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11757| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11758| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11759| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11760| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11761| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11762| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11763| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11764| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11765| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11766| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11767| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11768| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11769| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11770| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11771| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11772| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11773| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11774| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11775| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11776| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11777| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11778| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11779| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11780| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11781| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11782| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11783| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11784| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11785| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11786| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11787| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11788| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11789| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11790| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11791| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11792| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11793| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11794| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11795| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11796|
11797| OSVDB - http://www.osvdb.org:
11798| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11799| [96077] Apache CloudStack Global Settings Multiple Field XSS
11800| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11801| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11802| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11803| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11804| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11805| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11806| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11807| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11808| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11809| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11810| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11811| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11812| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11813| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11814| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11815| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11816| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11817| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11818| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11819| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11820| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11821| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11822| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11823| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11824| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11825| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11826| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11827| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11828| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11829| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11830| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11831| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11832| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11833| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11834| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11835| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11836| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11837| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11838| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11839| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11840| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11841| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11842| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11843| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11844| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11845| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11846| [94279] Apache Qpid CA Certificate Validation Bypass
11847| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11848| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11849| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11850| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11851| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11852| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11853| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11854| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11855| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11856| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11857| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11858| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11859| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11860| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11861| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11862| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11863| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11864| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11865| [93541] Apache Solr json.wrf Callback XSS
11866| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11867| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11868| [93520] Apache CloudStack Default SSL Key Weakness
11869| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11870| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11871| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11872| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11873| [93515] Apache HBase table.jsp name Parameter XSS
11874| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11875| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11876| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11877| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11878| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11879| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11880| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11881| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11882| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11883| [93252] Apache Tomcat FORM Authenticator Session Fixation
11884| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11885| [93171] Apache Sling HtmlResponse Error Message XSS
11886| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11887| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11888| [93168] Apache Click ErrorReport.java id Parameter XSS
11889| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11890| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11891| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11892| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11893| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11894| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11895| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11896| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11897| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11898| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11899| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11900| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11901| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11902| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11903| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11904| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11905| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11906| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11907| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11908| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11909| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11910| [93144] Apache Solr Admin Command Execution CSRF
11911| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11912| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11913| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11914| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11915| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11916| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11917| [92748] Apache CloudStack VM Console Access Restriction Bypass
11918| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11919| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11920| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11921| [92706] Apache ActiveMQ Debug Log Rendering XSS
11922| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11923| [92270] Apache Tomcat Unspecified CSRF
11924| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11925| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11926| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11927| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11928| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11929| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11930| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11931| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11932| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11933| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11934| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11935| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11936| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11937| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11938| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11939| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11940| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11941| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11942| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11943| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11944| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11945| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11946| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11947| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11948| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11949| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11950| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11951| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11952| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11953| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11954| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11955| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11956| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11957| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11958| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11959| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11960| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11961| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11962| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11963| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11964| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11965| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11966| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11967| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11968| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11969| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11970| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11971| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11972| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11973| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11974| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11975| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11976| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11977| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11978| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11979| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11980| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11981| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11982| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11983| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11984| [86901] Apache Tomcat Error Message Path Disclosure
11985| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11986| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11987| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11988| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11989| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11990| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11991| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11992| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11993| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11994| [85430] Apache mod_pagespeed Module Unspecified XSS
11995| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11996| [85249] Apache Wicket Unspecified XSS
11997| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11998| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11999| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12000| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12001| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12002| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12003| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12004| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12005| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12006| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12007| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12008| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12009| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12010| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12011| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12012| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12013| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12014| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12015| [83339] Apache Roller Blogger Roll Unspecified XSS
12016| [83270] Apache Roller Unspecified Admin Action CSRF
12017| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12018| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12019| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12020| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12021| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12022| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12023| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12024| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12025| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12026| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12027| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12028| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12029| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12030| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12031| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12032| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12033| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12034| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12035| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12036| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12037| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12038| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12039| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12040| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12041| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12042| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12043| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12044| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12045| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12046| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12047| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12048| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12049| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12050| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12051| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12052| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12053| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12054| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12055| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12056| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12057| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12058| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12059| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12060| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12061| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12062| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12063| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12064| [77593] Apache Struts Conversion Error OGNL Expression Injection
12065| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12066| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12067| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12068| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12069| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12070| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12071| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12072| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12073| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12074| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12075| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12076| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12077| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12078| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12079| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12080| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12081| [74725] Apache Wicket Multi Window Support Unspecified XSS
12082| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12083| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12084| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12085| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12086| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12087| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12088| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12089| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12090| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12091| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12092| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12093| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12094| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12095| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12096| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12097| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12098| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12099| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12100| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12101| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12102| [73154] Apache Archiva Multiple Unspecified CSRF
12103| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12104| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12105| [72238] Apache Struts Action / Method Names <
12106| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12107| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12108| [71557] Apache Tomcat HTML Manager Multiple XSS
12109| [71075] Apache Archiva User Management Page XSS
12110| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12111| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12112| [70924] Apache Continuum Multiple Admin Function CSRF
12113| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12114| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12115| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12116| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12117| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12118| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12119| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12120| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12121| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12122| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12123| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12124| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12125| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12126| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12127| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12128| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12129| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12130| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12131| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12132| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12133| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12134| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12135| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12136| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12137| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12138| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12139| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12140| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12141| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12142| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12143| [65054] Apache ActiveMQ Jetty Error Handler XSS
12144| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12145| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12146| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12147| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12148| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12149| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12150| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12151| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12152| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12153| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12154| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12155| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12156| [63895] Apache HTTP Server mod_headers Unspecified Issue
12157| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12158| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12159| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12160| [63140] Apache Thrift Service Malformed Data Remote DoS
12161| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12162| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12163| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12164| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12165| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12166| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12167| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12168| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12169| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12170| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12171| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12172| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12173| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12174| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12175| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12176| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12177| [60678] Apache Roller Comment Email Notification Manipulation DoS
12178| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12179| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12180| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12181| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12182| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12183| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12184| [60232] PHP on Apache php.exe Direct Request Remote DoS
12185| [60176] Apache Tomcat Windows Installer Admin Default Password
12186| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12187| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12188| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12189| [59944] Apache Hadoop jobhistory.jsp XSS
12190| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12191| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12192| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12193| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12194| [59019] Apache mod_python Cookie Salting Weakness
12195| [59018] Apache Harmony Error Message Handling Overflow
12196| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12197| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12198| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12199| [59010] Apache Solr get-file.jsp XSS
12200| [59009] Apache Solr action.jsp XSS
12201| [59008] Apache Solr analysis.jsp XSS
12202| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12203| [59006] Apache Beehive select / checkbox Tag XSS
12204| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12205| [59004] Apache Beehive Error Message XSS
12206| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12207| [59002] Apache Jetspeed default-page.psml URI XSS
12208| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12209| [59000] Apache CXF Unsigned Message Policy Bypass
12210| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12211| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12212| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12213| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12214| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12215| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12216| [58993] Apache Hadoop browseBlock.jsp XSS
12217| [58991] Apache Hadoop browseDirectory.jsp XSS
12218| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12219| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12220| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12221| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12222| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12223| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12224| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12225| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12226| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12227| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12228| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12229| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12230| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12231| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12232| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12233| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12234| [58974] Apache Sling /apps Script User Session Management Access Weakness
12235| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12236| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12237| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12238| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12239| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12240| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12241| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12242| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12243| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12244| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12245| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12246| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12247| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12248| [58805] Apache Derby Unauthenticated Database / Admin Access
12249| [58804] Apache Wicket Header Contribution Unspecified Issue
12250| [58803] Apache Wicket Session Fixation
12251| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12252| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12253| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12254| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12255| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12256| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12257| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12258| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12259| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12260| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12261| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12262| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12263| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12264| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12265| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12266| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12267| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12268| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12269| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12270| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12271| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12272| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12273| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12274| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12275| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12276| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12277| [58763] Apache JSPWiki Include Tag Multiple Script XSS
12278| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
12279| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
12280| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
12281| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
12282| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
12283| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
12284| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
12285| [58755] Apache Harmony DRLVM Non-public Class Member Access
12286| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
12287| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
12288| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
12289| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
12290| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
12291| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
12292| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
12293| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
12294| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
12295| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12296| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12297| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12298| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12299| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12300| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12301| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12302| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12303| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12304| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12305| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12306| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12307| [58724] Apache Roller Logout Functionality Failure Session Persistence
12308| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12309| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12310| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12311| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12312| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12313| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12314| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12315| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12316| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12317| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12318| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12319| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12320| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12321| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12322| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12323| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12324| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12325| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12326| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12327| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12328| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12329| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12330| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12331| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12332| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12333| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12334| [58687] Apache Axis Invalid wsdl Request XSS
12335| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12336| [58685] Apache Velocity Template Designer Privileged Code Execution
12337| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12338| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12339| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12340| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12341| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12342| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12343| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12344| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12345| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12346| [58667] Apache Roller Database Cleartext Passwords Disclosure
12347| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12348| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12349| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12350| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12351| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12352| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12353| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12354| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12355| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12356| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12357| [56984] Apache Xerces2 Java Malformed XML Input DoS
12358| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12359| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12360| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12361| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12362| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12363| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12364| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12365| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12366| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12367| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12368| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12369| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12370| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12371| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12372| [55056] Apache Tomcat Cross-application TLD File Manipulation
12373| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12374| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12375| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12376| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12377| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12378| [54589] Apache Jserv Nonexistent JSP Request XSS
12379| [54122] Apache Struts s:a / s:url Tag href Element XSS
12380| [54093] Apache ActiveMQ Web Console JMS Message XSS
12381| [53932] Apache Geronimo Multiple Admin Function CSRF
12382| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12383| [53930] Apache Geronimo /console/portal/ URI XSS
12384| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12385| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12386| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12387| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12388| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12389| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12390| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12391| [53380] Apache Struts Unspecified XSS
12392| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12393| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12394| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12395| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12396| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12397| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12398| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12399| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12400| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12401| [51151] Apache Roller Search Function q Parameter XSS
12402| [50482] PHP with Apache php_value Order Unspecified Issue
12403| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12404| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12405| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12406| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12407| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12408| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12409| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12410| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12411| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12412| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12413| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12414| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12415| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12416| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12417| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12418| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12419| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12420| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12421| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12422| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12423| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12424| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12425| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12426| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12427| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12428| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12429| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12430| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12431| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12432| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12433| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12434| [43452] Apache Tomcat HTTP Request Smuggling
12435| [43309] Apache Geronimo LoginModule Login Method Bypass
12436| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12437| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12438| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12439| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12440| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12441| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12442| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12443| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12444| [42091] Apache Maven Site Plugin Installation Permission Weakness
12445| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12446| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12447| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12448| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12449| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12450| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12451| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12452| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12453| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12454| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12455| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12456| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12457| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12458| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12459| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12460| [40262] Apache HTTP Server mod_status refresh XSS
12461| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12462| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12463| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12464| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12465| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12466| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12467| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12468| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12469| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12470| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12471| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12472| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12473| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12474| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12475| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12476| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12477| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12478| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12479| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12480| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12481| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12482| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12483| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12484| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12485| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12486| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12487| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12488| [36079] Apache Tomcat Manager Uploaded Filename XSS
12489| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12490| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12491| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12492| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12493| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12494| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12495| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12496| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12497| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12498| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12499| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12500| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12501| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12502| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12503| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12504| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12505| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12506| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12507| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12508| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12509| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12510| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12511| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12512| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12513| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12514| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12515| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12516| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12517| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12518| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12519| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12520| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12521| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12522| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12523| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12524| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12525| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12526| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12527| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12528| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12529| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12530| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12531| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12532| [24365] Apache Struts Multiple Function Error Message XSS
12533| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12534| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12535| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12536| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12537| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12538| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12539| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12540| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12541| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12542| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12543| [22459] Apache Geronimo Error Page XSS
12544| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12545| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12546| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12547| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12548| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12549| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12550| [21021] Apache Struts Error Message XSS
12551| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12552| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12553| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12554| [20439] Apache Tomcat Directory Listing Saturation DoS
12555| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12556| [20285] Apache HTTP Server Log File Control Character Injection
12557| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12558| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12559| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12560| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12561| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12562| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12563| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12564| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12565| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12566| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12567| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12568| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12569| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12570| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12571| [18233] Apache HTTP Server htdigest user Variable Overfow
12572| [17738] Apache HTTP Server HTTP Request Smuggling
12573| [16586] Apache HTTP Server Win32 GET Overflow DoS
12574| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12575| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12576| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12577| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12578| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12579| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12580| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12581| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12582| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12583| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12584| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12585| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12586| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12587| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12588| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12589| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12590| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12591| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12592| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12593| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12594| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12595| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12596| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12597| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12598| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12599| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12600| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12601| [13304] Apache Tomcat realPath.jsp Path Disclosure
12602| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12603| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12604| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12605| [12848] Apache HTTP Server htdigest realm Variable Overflow
12606| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12607| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12608| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12609| [12557] Apache HTTP Server prefork MPM accept Error DoS
12610| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12611| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12612| [12231] Apache Tomcat web.xml Arbitrary File Access
12613| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12614| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12615| [12178] Apache Jakarta Lucene results.jsp XSS
12616| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12617| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12618| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12619| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12620| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12621| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12622| [10471] Apache Xerces-C++ XML Parser DoS
12623| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12624| [10068] Apache HTTP Server htpasswd Local Overflow
12625| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12626| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12627| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12628| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12629| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12630| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12631| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12632| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12633| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12634| [9714] Apache Authentication Module Threaded MPM DoS
12635| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12636| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12637| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12638| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12639| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12640| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12641| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12642| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12643| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12644| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12645| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12646| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12647| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12648| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12649| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12650| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12651| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12652| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12653| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12654| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12655| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12656| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12657| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12658| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12659| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12660| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12661| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12662| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12663| [9208] Apache Tomcat .jsp Encoded Newline XSS
12664| [9204] Apache Tomcat ROOT Application XSS
12665| [9203] Apache Tomcat examples Application XSS
12666| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12667| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12668| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12669| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12670| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12671| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12672| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12673| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12674| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12675| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12676| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12677| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12678| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12679| [7611] Apache HTTP Server mod_alias Local Overflow
12680| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12681| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12682| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12683| [6882] Apache mod_python Malformed Query String Variant DoS
12684| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12685| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12686| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12687| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12688| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12689| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12690| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12691| [5278] Apache Tomcat web.xml Restriction Bypass
12692| [5051] Apache Tomcat Null Character DoS
12693| [4973] Apache Tomcat servlet Mapping XSS
12694| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12695| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12696| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12697| [4568] mod_survey For Apache ENV Tags SQL Injection
12698| [4553] Apache HTTP Server ApacheBench Overflow DoS
12699| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12700| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12701| [4383] Apache HTTP Server Socket Race Condition DoS
12702| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12703| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12704| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12705| [4231] Apache Cocoon Error Page Server Path Disclosure
12706| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12707| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12708| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12709| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12710| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12711| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12712| [3322] mod_php for Apache HTTP Server Process Hijack
12713| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12714| [2885] Apache mod_python Malformed Query String DoS
12715| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12716| [2733] Apache HTTP Server mod_rewrite Local Overflow
12717| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12718| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12719| [2149] Apache::Gallery Privilege Escalation
12720| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12721| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12722| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12723| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12724| [872] Apache Tomcat Multiple Default Accounts
12725| [862] Apache HTTP Server SSI Error Page XSS
12726| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12727| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12728| [845] Apache Tomcat MSDOS Device XSS
12729| [844] Apache Tomcat Java Servlet Error Page XSS
12730| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12731| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12732| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12733| [775] Apache mod_python Module Importing Privilege Function Execution
12734| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12735| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12736| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12737| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12738| [637] Apache HTTP Server UserDir Directive Username Enumeration
12739| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12740| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12741| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12742| [561] Apache Web Servers mod_status /server-status Information Disclosure
12743| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12744| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12745| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12746| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12747| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12748| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12749| [376] Apache Tomcat contextAdmin Arbitrary File Access
12750| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12751| [222] Apache HTTP Server test-cgi Arbitrary File Access
12752| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12753| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12754|_
12755139/tcp closed netbios-ssn
12756443/tcp open ssl/http Apache httpd
12757|_http-server-header: imunify360-webshield/1.8
12758| vulscan: VulDB - https://vuldb.com:
12759| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
12760| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
12761| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
12762| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
12763| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
12764| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
12765| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
12766| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
12767| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
12768| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
12769| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
12770| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
12771| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
12772| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
12773| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
12774| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
12775| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
12776| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
12777| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
12778| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
12779| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
12780| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
12781| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
12782| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
12783| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
12784| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
12785| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
12786| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
12787| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
12788| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
12789| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
12790| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
12791| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12792| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
12793| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
12794| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12795| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
12796| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
12797| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
12798| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
12799| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12800| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
12801| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
12802| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
12803| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
12804| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12805| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
12806| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
12807| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
12808| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12809| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
12810| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
12811| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
12812| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
12813| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
12814| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
12815| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
12816| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
12817| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
12818| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
12819| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
12820| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12821| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
12822| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
12823| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
12824| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12825| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
12826| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
12827| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
12828| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
12829| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
12830| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
12831| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
12832| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
12833| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
12834| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
12835| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
12836| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
12837| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
12838| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
12839| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
12840| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
12841| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
12842| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
12843| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
12844| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
12845| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
12846| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
12847| [136370] Apache Fineract up to 1.2.x sql injection
12848| [136369] Apache Fineract up to 1.2.x sql injection
12849| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
12850| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
12851| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
12852| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
12853| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
12854| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
12855| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
12856| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
12857| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
12858| [134416] Apache Sanselan 0.97-incubator Loop denial of service
12859| [134415] Apache Sanselan 0.97-incubator Hang denial of service
12860| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
12861| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
12862| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12863| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
12864| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
12865| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
12866| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
12867| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
12868| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
12869| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
12870| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
12871| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
12872| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
12873| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
12874| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
12875| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
12876| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
12877| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
12878| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
12879| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
12880| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
12881| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
12882| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
12883| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
12884| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
12885| [131859] Apache Hadoop up to 2.9.1 privilege escalation
12886| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
12887| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
12888| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
12889| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
12890| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
12891| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
12892| [130629] Apache Guacamole Cookie Flag weak encryption
12893| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
12894| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
12895| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
12896| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
12897| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
12898| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
12899| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
12900| [130123] Apache Airflow up to 1.8.2 information disclosure
12901| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
12902| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
12903| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
12904| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
12905| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12906| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12907| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
12908| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
12909| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
12910| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
12911| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
12912| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
12913| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
12914| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
12915| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
12916| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
12917| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
12918| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
12919| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12920| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
12921| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
12922| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
12923| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
12924| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
12925| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
12926| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
12927| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
12928| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
12929| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
12930| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
12931| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
12932| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
12933| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
12934| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
12935| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
12936| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
12937| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
12938| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
12939| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
12940| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
12941| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
12942| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
12943| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
12944| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
12945| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
12946| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
12947| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
12948| [127007] Apache Spark Request Code Execution
12949| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
12950| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
12951| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
12952| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
12953| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
12954| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
12955| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
12956| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
12957| [126346] Apache Tomcat Path privilege escalation
12958| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
12959| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
12960| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
12961| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
12962| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
12963| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
12964| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
12965| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
12966| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
12967| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
12968| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
12969| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
12970| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
12971| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
12972| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
12973| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
12974| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
12975| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
12976| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
12977| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
12978| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
12979| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
12980| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
12981| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
12982| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
12983| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
12984| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
12985| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
12986| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
12987| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
12988| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
12989| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
12990| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
12991| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
12992| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
12993| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
12994| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
12995| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
12996| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
12997| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
12998| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
12999| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
13000| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
13001| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
13002| [123197] Apache Sentry up to 2.0.0 privilege escalation
13003| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
13004| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
13005| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
13006| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
13007| [122800] Apache Spark 1.3.0 REST API weak authentication
13008| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
13009| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
13010| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
13011| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
13012| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
13013| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
13014| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
13015| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
13016| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
13017| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
13018| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
13019| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
13020| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
13021| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
13022| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
13023| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
13024| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
13025| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
13026| [121354] Apache CouchDB HTTP API Code Execution
13027| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
13028| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
13029| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
13030| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
13031| [120168] Apache CXF weak authentication
13032| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
13033| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
13034| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
13035| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
13036| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
13037| [119306] Apache MXNet Network Interface privilege escalation
13038| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
13039| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
13040| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
13041| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
13042| [118143] Apache NiFi activemq-client Library Deserialization denial of service
13043| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
13044| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
13045| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
13046| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
13047| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
13048| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
13049| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
13050| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
13051| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
13052| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
13053| [117115] Apache Tika up to 1.17 tika-server command injection
13054| [116929] Apache Fineract getReportType Parameter privilege escalation
13055| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
13056| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
13057| [116926] Apache Fineract REST Parameter privilege escalation
13058| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
13059| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
13060| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
13061| [115883] Apache Hive up to 2.3.2 privilege escalation
13062| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
13063| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
13064| [115518] Apache Ignite 2.3 Deserialization privilege escalation
13065| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
13066| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
13067| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
13068| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
13069| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
13070| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
13071| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
13072| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
13073| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
13074| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
13075| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
13076| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
13077| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
13078| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
13079| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
13080| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
13081| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
13082| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
13083| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
13084| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
13085| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
13086| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
13087| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
13088| [113895] Apache Geode up to 1.3.x Code Execution
13089| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
13090| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
13091| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
13092| [113747] Apache Tomcat Servlets privilege escalation
13093| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
13094| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
13095| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
13096| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
13097| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
13098| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13099| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
13100| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13101| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
13102| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
13103| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
13104| [112885] Apache Allura up to 1.8.0 File information disclosure
13105| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
13106| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
13107| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
13108| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
13109| [112625] Apache POI up to 3.16 Loop denial of service
13110| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
13111| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
13112| [112339] Apache NiFi 1.5.0 Header privilege escalation
13113| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
13114| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
13115| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
13116| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
13117| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
13118| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
13119| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
13120| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
13121| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
13122| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
13123| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
13124| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
13125| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
13126| [112114] Oracle 9.1 Apache Log4j privilege escalation
13127| [112113] Oracle 9.1 Apache Log4j privilege escalation
13128| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
13129| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
13130| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
13131| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
13132| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
13133| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
13134| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
13135| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
13136| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
13137| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
13138| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
13139| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
13140| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
13141| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13142| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13143| [110701] Apache Fineract Query Parameter sql injection
13144| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13145| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13146| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13147| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13148| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13149| [110106] Apache CXF Fediz Spring cross site request forgery
13150| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13151| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13152| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13153| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13154| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13155| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13156| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13157| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13158| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13159| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13160| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13161| [108938] Apple macOS up to 10.13.1 apache denial of service
13162| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13163| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13164| [108935] Apple macOS up to 10.13.1 apache denial of service
13165| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13166| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13167| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13168| [108931] Apple macOS up to 10.13.1 apache denial of service
13169| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13170| [108929] Apple macOS up to 10.13.1 apache denial of service
13171| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13172| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13173| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13174| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13175| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13176| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13177| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13178| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13179| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13180| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13181| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13182| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13183| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13184| [108782] Apache Xerces2 XML Service denial of service
13185| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13186| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13187| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13188| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13189| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13190| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13191| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13192| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13193| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13194| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13195| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13196| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13197| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13198| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13199| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13200| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13201| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13202| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13203| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13204| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13205| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13206| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13207| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13208| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13209| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13210| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13211| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13212| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13213| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13214| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13215| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13216| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13217| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13218| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13219| [107639] Apache NiFi 1.4.0 XML External Entity
13220| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13221| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13222| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13223| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13224| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13225| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13226| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13227| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13228| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13229| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13230| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13231| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13232| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13233| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13234| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13235| [107084] Apache Struts up to 2.3.19 cross site scripting
13236| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13237| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13238| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13239| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13240| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13241| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13242| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13243| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13244| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13245| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13246| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13247| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13248| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13249| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13250| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13251| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13252| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13253| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13254| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13255| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13256| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13257| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13258| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13259| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13260| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13261| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13262| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13263| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13264| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13265| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13266| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13267| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13268| [105643] Apache Pony Mail up to 0.8b weak authentication
13269| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13270| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13271| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13272| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13273| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13274| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13275| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13276| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
13277| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
13278| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
13279| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
13280| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
13281| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
13282| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
13283| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
13284| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
13285| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
13286| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
13287| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
13288| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
13289| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
13290| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
13291| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
13292| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
13293| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
13294| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
13295| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
13296| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
13297| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
13298| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
13299| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
13300| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
13301| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
13302| [103690] Apache OpenMeetings 1.0.0 sql injection
13303| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
13304| [103688] Apache OpenMeetings 1.0.0 weak encryption
13305| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
13306| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
13307| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
13308| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
13309| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
13310| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
13311| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
13312| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
13313| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
13314| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
13315| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
13316| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
13317| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
13318| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
13319| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
13320| [103352] Apache Solr Node weak authentication
13321| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
13322| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
13323| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
13324| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
13325| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
13326| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
13327| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
13328| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
13329| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
13330| [102536] Apache Ranger up to 0.6 Stored cross site scripting
13331| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
13332| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
13333| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
13334| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
13335| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
13336| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
13337| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
13338| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
13339| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
13340| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
13341| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
13342| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
13343| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
13344| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
13345| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
13346| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
13347| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
13348| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
13349| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
13350| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
13351| [99937] Apache Batik up to 1.8 privilege escalation
13352| [99936] Apache FOP up to 2.1 privilege escalation
13353| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
13354| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
13355| [99930] Apache Traffic Server up to 6.2.0 denial of service
13356| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
13357| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
13358| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
13359| [117569] Apache Hadoop up to 2.7.3 privilege escalation
13360| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
13361| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
13362| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
13363| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
13364| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
13365| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
13366| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
13367| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
13368| [99014] Apache Camel Jackson/JacksonXML privilege escalation
13369| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13370| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
13371| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
13372| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
13373| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
13374| [98605] Apple macOS up to 10.12.3 Apache denial of service
13375| [98604] Apple macOS up to 10.12.3 Apache denial of service
13376| [98603] Apple macOS up to 10.12.3 Apache denial of service
13377| [98602] Apple macOS up to 10.12.3 Apache denial of service
13378| [98601] Apple macOS up to 10.12.3 Apache denial of service
13379| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
13380| [98405] Apache Hadoop up to 0.23.10 privilege escalation
13381| [98199] Apache Camel Validation XML External Entity
13382| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
13383| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
13384| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
13385| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
13386| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
13387| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
13388| [97081] Apache Tomcat HTTPS Request denial of service
13389| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
13390| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
13391| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
13392| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
13393| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
13394| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
13395| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
13396| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
13397| [95311] Apache Storm UI Daemon privilege escalation
13398| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
13399| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
13400| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
13401| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
13402| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
13403| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
13404| [94540] Apache Tika 1.9 tika-server File information disclosure
13405| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
13406| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
13407| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
13408| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
13409| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
13410| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
13411| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13412| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
13413| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
13414| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
13415| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
13416| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
13417| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
13418| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
13419| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13420| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
13421| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
13422| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
13423| [93532] Apache Commons Collections Library Java privilege escalation
13424| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
13425| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
13426| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
13427| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
13428| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
13429| [93098] Apache Commons FileUpload privilege escalation
13430| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
13431| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
13432| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
13433| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
13434| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
13435| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
13436| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
13437| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
13438| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
13439| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
13440| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
13441| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
13442| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
13443| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
13444| [92549] Apache Tomcat on Red Hat privilege escalation
13445| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
13446| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
13447| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
13448| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
13449| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
13450| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
13451| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
13452| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
13453| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
13454| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
13455| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
13456| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
13457| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
13458| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
13459| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
13460| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
13461| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
13462| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
13463| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
13464| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
13465| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
13466| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
13467| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
13468| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
13469| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
13470| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
13471| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
13472| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
13473| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
13474| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
13475| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
13476| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
13477| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
13478| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
13479| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
13480| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
13481| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
13482| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
13483| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
13484| [90263] Apache Archiva Header denial of service
13485| [90262] Apache Archiva Deserialize privilege escalation
13486| [90261] Apache Archiva XML DTD Connection privilege escalation
13487| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
13488| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
13489| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
13490| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
13491| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13492| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
13493| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
13494| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
13495| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
13496| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
13497| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
13498| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
13499| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
13500| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
13501| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
13502| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
13503| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
13504| [87765] Apache James Server 2.3.2 Command privilege escalation
13505| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
13506| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
13507| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
13508| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
13509| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
13510| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
13511| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
13512| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
13513| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
13514| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13515| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13516| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
13517| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
13518| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
13519| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13520| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
13521| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
13522| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
13523| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
13524| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
13525| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
13526| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
13527| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
13528| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
13529| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
13530| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
13531| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
13532| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
13533| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
13534| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
13535| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
13536| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
13537| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
13538| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
13539| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
13540| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
13541| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
13542| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
13543| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
13544| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
13545| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
13546| [82076] Apache Ranger up to 0.5.1 privilege escalation
13547| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
13548| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
13549| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
13550| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
13551| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
13552| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
13553| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
13554| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
13555| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
13556| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
13557| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
13558| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
13559| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13560| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
13561| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
13562| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
13563| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
13564| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
13565| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
13566| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
13567| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
13568| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
13569| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
13570| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
13571| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
13572| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
13573| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
13574| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
13575| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
13576| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
13577| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
13578| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
13579| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
13580| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
13581| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
13582| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
13583| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
13584| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
13585| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
13586| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
13587| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
13588| [79791] Cisco Products Apache Commons Collections Library privilege escalation
13589| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13590| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
13591| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
13592| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
13593| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
13594| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
13595| [78989] Apache Ambari up to 2.1.1 Open Redirect
13596| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
13597| [78987] Apache Ambari up to 2.0.x cross site scripting
13598| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
13599| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13600| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
13601| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13602| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13603| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13604| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13605| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
13606| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
13607| [77406] Apache Flex BlazeDS AMF Message XML External Entity
13608| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
13609| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
13610| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
13611| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
13612| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
13613| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
13614| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
13615| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
13616| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
13617| [76567] Apache Struts 2.3.20 unknown vulnerability
13618| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
13619| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
13620| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
13621| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
13622| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
13623| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
13624| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
13625| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
13626| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
13627| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
13628| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
13629| [74793] Apache Tomcat File Upload denial of service
13630| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
13631| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
13632| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
13633| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
13634| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
13635| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
13636| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
13637| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
13638| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
13639| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
13640| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
13641| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
13642| [74468] Apache Batik up to 1.6 denial of service
13643| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
13644| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
13645| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
13646| [74174] Apache WSS4J up to 2.0.0 privilege escalation
13647| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
13648| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
13649| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
13650| [73731] Apache XML Security unknown vulnerability
13651| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
13652| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
13653| [73593] Apache Traffic Server up to 5.1.0 denial of service
13654| [73511] Apache POI up to 3.10 Deadlock denial of service
13655| [73510] Apache Solr up to 4.3.0 cross site scripting
13656| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
13657| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
13658| [73173] Apache CloudStack Stack-Based unknown vulnerability
13659| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
13660| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
13661| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
13662| [72890] Apache Qpid 0.30 unknown vulnerability
13663| [72887] Apache Hive 0.13.0 File Permission privilege escalation
13664| [72878] Apache Cordova 3.5.0 cross site request forgery
13665| [72877] Apache Cordova 3.5.0 cross site request forgery
13666| [72876] Apache Cordova 3.5.0 cross site request forgery
13667| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
13668| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
13669| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
13670| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
13671| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13672| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
13673| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
13674| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
13675| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
13676| [71629] Apache Axis2/C spoofing
13677| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
13678| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
13679| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
13680| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
13681| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
13682| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
13683| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
13684| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
13685| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
13686| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
13687| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
13688| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
13689| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
13690| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
13691| [70809] Apache POI up to 3.11 Crash denial of service
13692| [70808] Apache POI up to 3.10 unknown vulnerability
13693| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
13694| [70749] Apache Axis up to 1.4 getCN spoofing
13695| [70701] Apache Traffic Server up to 3.3.5 denial of service
13696| [70700] Apache OFBiz up to 12.04.03 cross site scripting
13697| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
13698| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
13699| [70661] Apache Subversion up to 1.6.17 denial of service
13700| [70660] Apache Subversion up to 1.6.17 spoofing
13701| [70659] Apache Subversion up to 1.6.17 spoofing
13702| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
13703| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
13704| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
13705| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
13706| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
13707| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
13708| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
13709| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
13710| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
13711| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
13712| [69846] Apache HBase up to 0.94.8 information disclosure
13713| [69783] Apache CouchDB up to 1.2.0 memory corruption
13714| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
13715| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
13716| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
13717| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
13718| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
13719| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
13720| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
13721| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
13722| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
13723| [69431] Apache Archiva up to 1.3.6 cross site scripting
13724| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
13725| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
13726| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
13727| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
13728| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
13729| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
13730| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
13731| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
13732| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
13733| [66739] Apache Camel up to 2.12.2 unknown vulnerability
13734| [66738] Apache Camel up to 2.12.2 unknown vulnerability
13735| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
13736| [66695] Apache CouchDB up to 1.2.0 cross site scripting
13737| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
13738| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
13739| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
13740| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
13741| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
13742| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
13743| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
13744| [66356] Apache Wicket up to 6.8.0 information disclosure
13745| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
13746| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
13747| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13748| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
13749| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
13750| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13751| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
13752| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
13753| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
13754| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
13755| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
13756| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
13757| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
13758| [65668] Apache Solr 4.0.0 Updater denial of service
13759| [65665] Apache Solr up to 4.3.0 denial of service
13760| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
13761| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
13762| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
13763| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
13764| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
13765| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
13766| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
13767| [65410] Apache Struts 2.3.15.3 cross site scripting
13768| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
13769| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
13770| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
13771| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
13772| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
13773| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
13774| [65340] Apache Shindig 2.5.0 information disclosure
13775| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
13776| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
13777| [10826] Apache Struts 2 File privilege escalation
13778| [65204] Apache Camel up to 2.10.1 unknown vulnerability
13779| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
13780| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
13781| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
13782| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
13783| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
13784| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
13785| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
13786| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
13787| [64722] Apache XML Security for C++ Heap-based memory corruption
13788| [64719] Apache XML Security for C++ Heap-based memory corruption
13789| [64718] Apache XML Security for C++ verify denial of service
13790| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
13791| [64716] Apache XML Security for C++ spoofing
13792| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
13793| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
13794| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
13795| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
13796| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
13797| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
13798| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
13799| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
13800| [64485] Apache Struts up to 2.2.3.0 privilege escalation
13801| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
13802| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
13803| [64467] Apache Geronimo 3.0 memory corruption
13804| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
13805| [64457] Apache Struts up to 2.2.3.0 cross site scripting
13806| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
13807| [9184] Apache Qpid up to 0.20 SSL misconfiguration
13808| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
13809| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
13810| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
13811| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
13812| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
13813| [8873] Apache Struts 2.3.14 privilege escalation
13814| [8872] Apache Struts 2.3.14 privilege escalation
13815| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
13816| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
13817| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
13818| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
13819| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
13820| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13821| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
13822| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
13823| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
13824| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
13825| [64006] Apache ActiveMQ up to 5.7.0 denial of service
13826| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
13827| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
13828| [8427] Apache Tomcat Session Transaction weak authentication
13829| [63960] Apache Maven 3.0.4 Default Configuration spoofing
13830| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
13831| [63750] Apache qpid up to 0.20 checkAvailable denial of service
13832| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
13833| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
13834| [63747] Apache Rave up to 0.20 User Account information disclosure
13835| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
13836| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
13837| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
13838| [7687] Apache CXF up to 2.7.2 Token weak authentication
13839| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13840| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
13841| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
13842| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
13843| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
13844| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
13845| [63090] Apache Tomcat up to 4.1.24 denial of service
13846| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
13847| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
13848| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
13849| [62833] Apache CXF -/2.6.0 spoofing
13850| [62832] Apache Axis2 up to 1.6.2 spoofing
13851| [62831] Apache Axis up to 1.4 Java Message Service spoofing
13852| [62830] Apache Commons-httpclient 3.0 Payments spoofing
13853| [62826] Apache Libcloud up to 0.11.0 spoofing
13854| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
13855| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
13856| [62661] Apache Axis2 unknown vulnerability
13857| [62658] Apache Axis2 unknown vulnerability
13858| [62467] Apache Qpid up to 0.17 denial of service
13859| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
13860| [6301] Apache HTTP Server mod_pagespeed cross site scripting
13861| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
13862| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
13863| [62035] Apache Struts up to 2.3.4 denial of service
13864| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
13865| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
13866| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
13867| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
13868| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
13869| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
13870| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
13871| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
13872| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
13873| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
13874| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
13875| [61229] Apache Sling up to 2.1.1 denial of service
13876| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
13877| [61094] Apache Roller up to 5.0 cross site scripting
13878| [61093] Apache Roller up to 5.0 cross site request forgery
13879| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
13880| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
13881| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
13882| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
13883| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
13884| [60708] Apache Qpid 0.12 unknown vulnerability
13885| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
13886| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
13887| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
13888| [4882] Apache Wicket up to 1.5.4 directory traversal
13889| [4881] Apache Wicket up to 1.4.19 cross site scripting
13890| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
13891| [60352] Apache Struts up to 2.2.3 memory corruption
13892| [60153] Apache Portable Runtime up to 1.4.3 denial of service
13893| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
13894| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
13895| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
13896| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
13897| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
13898| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
13899| [4571] Apache Struts up to 2.3.1.2 privilege escalation
13900| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
13901| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
13902| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
13903| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
13904| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
13905| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
13906| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
13907| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
13908| [59888] Apache Tomcat up to 6.0.6 denial of service
13909| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
13910| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
13911| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
13912| [59850] Apache Geronimo up to 2.2.1 denial of service
13913| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
13914| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
13915| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
13916| [58413] Apache Tomcat up to 6.0.10 spoofing
13917| [58381] Apache Wicket up to 1.4.17 cross site scripting
13918| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
13919| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
13920| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
13921| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
13922| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13923| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
13924| [57568] Apache Archiva up to 1.3.4 cross site scripting
13925| [57567] Apache Archiva up to 1.3.4 cross site request forgery
13926| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
13927| [4355] Apache HTTP Server APR apr_fnmatch denial of service
13928| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
13929| [57425] Apache Struts up to 2.2.1.1 cross site scripting
13930| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
13931| [57025] Apache Tomcat up to 7.0.11 information disclosure
13932| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
13933| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
13934| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
13935| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
13936| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
13937| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
13938| [56512] Apache Continuum up to 1.4.0 cross site scripting
13939| [4285] Apache Tomcat 5.x JVM getLocale denial of service
13940| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
13941| [4283] Apache Tomcat 5.x ServletContect privilege escalation
13942| [56441] Apache Tomcat up to 7.0.6 denial of service
13943| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
13944| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
13945| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
13946| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
13947| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
13948| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
13949| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
13950| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
13951| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
13952| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
13953| [54693] Apache Traffic Server DNS Cache unknown vulnerability
13954| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
13955| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
13956| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
13957| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
13958| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
13959| [54012] Apache Tomcat up to 6.0.10 denial of service
13960| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
13961| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
13962| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
13963| [52894] Apache Tomcat up to 6.0.7 information disclosure
13964| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
13965| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
13966| [52786] Apache Open For Business Project up to 09.04 cross site scripting
13967| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
13968| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
13969| [52584] Apache CouchDB up to 0.10.1 information disclosure
13970| [51757] Apache HTTP Server 2.0.44 cross site scripting
13971| [51756] Apache HTTP Server 2.0.44 spoofing
13972| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
13973| [51690] Apache Tomcat up to 6.0 directory traversal
13974| [51689] Apache Tomcat up to 6.0 information disclosure
13975| [51688] Apache Tomcat up to 6.0 directory traversal
13976| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
13977| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
13978| [50626] Apache Solr 1.0.0 cross site scripting
13979| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
13980| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
13981| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
13982| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
13983| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
13984| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
13985| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
13986| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
13987| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
13988| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
13989| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
13990| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
13991| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
13992| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
13993| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
13994| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
13995| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
13996| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
13997| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
13998| [47214] Apachefriends xampp 1.6.8 spoofing
13999| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
14000| [47162] Apachefriends XAMPP 1.4.4 weak authentication
14001| [47065] Apache Tomcat 4.1.23 cross site scripting
14002| [46834] Apache Tomcat up to 5.5.20 cross site scripting
14003| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
14004| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
14005| [86625] Apache Struts directory traversal
14006| [44461] Apache Tomcat up to 5.5.0 information disclosure
14007| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
14008| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
14009| [43663] Apache Tomcat up to 6.0.16 directory traversal
14010| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
14011| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
14012| [43516] Apache Tomcat up to 4.1.20 directory traversal
14013| [43509] Apache Tomcat up to 6.0.13 cross site scripting
14014| [42637] Apache Tomcat up to 6.0.16 cross site scripting
14015| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
14016| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
14017| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
14018| [40924] Apache Tomcat up to 6.0.15 information disclosure
14019| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
14020| [40922] Apache Tomcat up to 6.0 information disclosure
14021| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
14022| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
14023| [40656] Apache Tomcat 5.5.20 information disclosure
14024| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
14025| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
14026| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
14027| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
14028| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
14029| [40234] Apache Tomcat up to 6.0.15 directory traversal
14030| [40221] Apache HTTP Server 2.2.6 information disclosure
14031| [40027] David Castro Apache Authcas 0.4 sql injection
14032| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
14033| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
14034| [3414] Apache Tomcat WebDAV Stored privilege escalation
14035| [39489] Apache Jakarta Slide up to 2.1 directory traversal
14036| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
14037| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
14038| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
14039| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
14040| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
14041| [38524] Apache Geronimo 2.0 unknown vulnerability
14042| [3256] Apache Tomcat up to 6.0.13 cross site scripting
14043| [38331] Apache Tomcat 4.1.24 information disclosure
14044| [38330] Apache Tomcat 4.1.24 information disclosure
14045| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
14046| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
14047| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
14048| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
14049| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
14050| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
14051| [37292] Apache Tomcat up to 5.5.1 cross site scripting
14052| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
14053| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
14054| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
14055| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
14056| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
14057| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
14058| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
14059| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
14060| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
14061| [36225] XAMPP Apache Distribution 1.6.0a sql injection
14062| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
14063| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
14064| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
14065| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
14066| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
14067| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
14068| [34252] Apache HTTP Server denial of service
14069| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
14070| [33877] Apache Opentaps 0.9.3 cross site scripting
14071| [33876] Apache Open For Business Project unknown vulnerability
14072| [33875] Apache Open For Business Project cross site scripting
14073| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
14074| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
14075|
14076| MITRE CVE - https://cve.mitre.org:
14077| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
14078| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
14079| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
14080| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
14081| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
14082| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
14083| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
14084| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
14085| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
14086| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
14087| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
14088| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
14089| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
14090| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
14091| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
14092| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
14093| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
14094| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
14095| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
14096| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
14097| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
14098| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
14099| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
14100| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
14101| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
14102| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
14103| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
14104| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
14105| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
14106| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
14107| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14108| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
14109| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
14110| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
14111| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
14112| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
14113| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
14114| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
14115| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
14116| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
14117| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
14118| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14119| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14120| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14121| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14122| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
14123| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
14124| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
14125| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
14126| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
14127| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
14128| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
14129| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
14130| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
14131| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
14132| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
14133| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
14134| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
14135| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
14136| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
14137| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
14138| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
14139| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
14140| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
14141| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14142| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14143| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14144| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14145| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14146| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14147| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14148| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14149| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14150| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14151| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14152| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14153| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14154| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14155| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14156| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14157| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14158| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14159| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14160| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14161| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14162| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14163| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14164| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14165| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14166| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14167| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14168| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14169| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14170| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14171| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14172| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14173| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14174| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14175| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14176| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14177| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14178| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14179| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14180| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14181| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14182| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14183| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14184| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14185| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14186| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14187| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14188| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14189| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14190| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14191| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14192| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14193| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14194| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14195| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14196| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14197| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14198| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14199| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14200| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14201| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14202| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14203| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14204| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14205| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14206| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14207| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14208| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14209| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14210| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14211| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14212| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14213| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14214| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14215| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14216| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14217| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14218| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14219| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14220| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14221| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14222| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14223| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14224| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14225| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14226| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14227| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14228| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14229| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14230| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14231| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14232| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14233| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14234| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14235| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14236| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14237| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14238| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14239| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14240| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14241| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14242| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14243| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14244| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14245| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14246| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14247| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14248| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14249| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14250| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14251| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14252| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14253| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14254| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14255| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14256| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14257| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14258| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14259| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14260| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14261| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14262| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14263| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14264| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14265| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14266| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14267| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14268| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14269| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14270| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14271| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14272| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14273| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14274| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14275| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14276| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
14277| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
14278| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
14279| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
14280| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
14281| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
14282| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
14283| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
14284| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
14285| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
14286| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
14287| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
14288| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
14289| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
14290| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
14291| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
14292| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
14293| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
14294| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
14295| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
14296| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
14297| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14298| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14299| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
14300| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
14301| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
14302| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
14303| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
14304| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
14305| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
14306| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
14307| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
14308| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
14309| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
14310| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
14311| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
14312| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
14313| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
14314| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
14315| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
14316| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
14317| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
14318| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
14319| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
14320| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
14321| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
14322| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
14323| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
14324| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
14325| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
14326| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
14327| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
14328| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
14329| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
14330| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
14331| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
14332| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
14333| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
14334| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
14335| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
14336| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
14337| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
14338| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
14339| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
14340| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
14341| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
14342| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
14343| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
14344| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
14345| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
14346| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
14347| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
14348| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
14349| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
14350| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
14351| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
14352| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
14353| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
14354| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
14355| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
14356| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
14357| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
14358| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
14359| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
14360| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
14361| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
14362| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
14363| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
14364| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
14365| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
14366| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
14367| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
14368| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
14369| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
14370| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14371| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
14372| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
14373| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
14374| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
14375| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
14376| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
14377| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
14378| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
14379| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
14380| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
14381| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
14382| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14383| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14384| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
14385| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
14386| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
14387| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
14388| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
14389| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
14390| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
14391| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
14392| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
14393| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
14394| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
14395| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
14396| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14397| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
14398| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
14399| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
14400| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
14401| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
14402| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
14403| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
14404| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
14405| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
14406| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
14407| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
14408| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
14409| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
14410| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
14411| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
14412| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
14413| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
14414| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
14415| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
14416| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
14417| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
14418| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
14419| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
14420| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
14421| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
14422| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
14423| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
14424| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14425| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
14426| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
14427| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
14428| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
14429| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14430| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
14431| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
14432| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
14433| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
14434| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
14435| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
14436| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
14437| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
14438| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
14439| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
14440| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
14441| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
14442| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
14443| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14444| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14445| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
14446| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
14447| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
14448| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
14449| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
14450| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
14451| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
14452| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14453| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
14454| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
14455| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
14456| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
14457| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
14458| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14459| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14460| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14461| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
14462| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
14463| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14464| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
14465| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
14466| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
14467| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
14468| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
14469| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
14470| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
14471| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
14472| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
14473| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
14474| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
14475| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
14476| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
14477| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
14478| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
14479| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
14480| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
14481| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
14482| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
14483| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
14484| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
14485| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
14486| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
14487| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
14488| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
14489| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
14490| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
14491| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
14492| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
14493| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
14494| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14495| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
14496| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
14497| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
14498| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
14499| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
14500| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
14501| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
14502| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
14503| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
14504| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
14505| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
14506| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
14507| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
14508| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
14509| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
14510| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
14511| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
14512| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
14513| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
14514| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
14515| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
14516| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
14517| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
14518| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
14519| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14520| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
14521| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14522| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
14523| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
14524| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
14525| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
14526| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
14527| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
14528| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
14529| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
14530| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
14531| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
14532| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
14533| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
14534| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
14535| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
14536| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
14537| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14538| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
14539| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
14540| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
14541| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
14542| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
14543| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
14544| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
14545| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
14546| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
14547| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
14548| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
14549| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
14550| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
14551| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
14552| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
14553| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
14554| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
14555| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
14556| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
14557| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
14558| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
14559| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
14560| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
14561| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
14562| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
14563| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
14564| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14565| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
14566| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
14567| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
14568| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
14569| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
14570| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
14571| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
14572| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
14573| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
14574| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
14575| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
14576| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
14577| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
14578| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
14579| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
14580| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
14581| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
14582| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
14583| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
14584| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
14585| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
14586| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
14587| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
14588| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
14589| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
14590| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
14591| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
14592| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
14593| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
14594| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
14595| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
14596| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
14597| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
14598| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
14599| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
14600| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
14601| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
14602| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
14603| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
14604| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
14605| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
14606| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
14607| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
14608| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
14609| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
14610| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
14611| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
14612| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
14613| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
14614| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
14615| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
14616| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
14617| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
14618| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
14619| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
14620| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
14621| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
14622| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
14623| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
14624| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
14625| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
14626| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
14627| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
14628| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
14629| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
14630| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
14631| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
14632| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
14633| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
14634| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
14635| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
14636| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
14637| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
14638| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
14639| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
14640| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
14641| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
14642| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
14643| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
14644| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
14645| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
14646| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
14647| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
14648| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
14649| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
14650| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
14651| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
14652| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
14653| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
14654| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
14655| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
14656| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
14657| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
14658| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
14659| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
14660| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
14661| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
14662| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
14663| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
14664| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
14665| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
14666| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
14667| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
14668| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
14669| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
14670| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
14671| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
14672| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
14673| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
14674| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
14675| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
14676| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
14677| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
14678| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
14679| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
14680| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
14681| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
14682| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
14683| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
14684| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
14685| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
14686|
14687| SecurityFocus - https://www.securityfocus.com/bid/:
14688| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
14689| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
14690| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
14691| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
14692| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
14693| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
14694| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
14695| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
14696| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
14697| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
14698| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
14699| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
14700| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
14701| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
14702| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
14703| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
14704| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
14705| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
14706| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
14707| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
14708| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
14709| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
14710| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
14711| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
14712| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
14713| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
14714| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
14715| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
14716| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
14717| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
14718| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
14719| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
14720| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
14721| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
14722| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
14723| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
14724| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
14725| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
14726| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
14727| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
14728| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
14729| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
14730| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
14731| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
14732| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
14733| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
14734| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
14735| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
14736| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
14737| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
14738| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
14739| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
14740| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
14741| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
14742| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
14743| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
14744| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
14745| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
14746| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
14747| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
14748| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
14749| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
14750| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
14751| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
14752| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
14753| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
14754| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
14755| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
14756| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
14757| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
14758| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
14759| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
14760| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
14761| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
14762| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
14763| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
14764| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
14765| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
14766| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
14767| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
14768| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
14769| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
14770| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
14771| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
14772| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
14773| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
14774| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
14775| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
14776| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
14777| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
14778| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
14779| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
14780| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
14781| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
14782| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
14783| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
14784| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
14785| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
14786| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
14787| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
14788| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
14789| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
14790| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
14791| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
14792| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
14793| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
14794| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
14795| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
14796| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
14797| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
14798| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
14799| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
14800| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
14801| [100447] Apache2Triad Multiple Security Vulnerabilities
14802| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
14803| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
14804| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
14805| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
14806| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
14807| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
14808| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
14809| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
14810| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
14811| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
14812| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
14813| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
14814| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
14815| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
14816| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
14817| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
14818| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
14819| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
14820| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
14821| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
14822| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
14823| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
14824| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
14825| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
14826| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
14827| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
14828| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
14829| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
14830| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
14831| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
14832| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
14833| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
14834| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
14835| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
14836| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
14837| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
14838| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
14839| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
14840| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
14841| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
14842| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
14843| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
14844| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
14845| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
14846| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
14847| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
14848| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
14849| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
14850| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
14851| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
14852| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
14853| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
14854| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
14855| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
14856| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
14857| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
14858| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
14859| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
14860| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
14861| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
14862| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
14863| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
14864| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
14865| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
14866| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
14867| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
14868| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
14869| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
14870| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
14871| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
14872| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
14873| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
14874| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
14875| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
14876| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
14877| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
14878| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
14879| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
14880| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
14881| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
14882| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
14883| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
14884| [95675] Apache Struts Remote Code Execution Vulnerability
14885| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
14886| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
14887| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
14888| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
14889| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
14890| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
14891| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
14892| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
14893| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
14894| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
14895| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
14896| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
14897| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
14898| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
14899| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
14900| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
14901| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
14902| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
14903| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
14904| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
14905| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
14906| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
14907| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
14908| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
14909| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
14910| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
14911| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
14912| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
14913| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
14914| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
14915| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
14916| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
14917| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
14918| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
14919| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
14920| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
14921| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
14922| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
14923| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
14924| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
14925| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
14926| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
14927| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
14928| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
14929| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
14930| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
14931| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
14932| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
14933| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
14934| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
14935| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
14936| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
14937| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
14938| [91736] Apache XML-RPC Multiple Security Vulnerabilities
14939| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
14940| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
14941| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
14942| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
14943| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
14944| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
14945| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
14946| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
14947| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
14948| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
14949| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
14950| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
14951| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
14952| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
14953| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
14954| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
14955| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
14956| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
14957| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
14958| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
14959| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
14960| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
14961| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
14962| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
14963| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
14964| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
14965| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
14966| [90482] Apache CVE-2004-1387 Local Security Vulnerability
14967| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
14968| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
14969| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
14970| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
14971| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
14972| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
14973| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
14974| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
14975| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
14976| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
14977| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
14978| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
14979| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
14980| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
14981| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
14982| [86399] Apache CVE-2007-1743 Local Security Vulnerability
14983| [86397] Apache CVE-2007-1742 Local Security Vulnerability
14984| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
14985| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
14986| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
14987| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
14988| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
14989| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
14990| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
14991| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
14992| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
14993| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
14994| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
14995| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
14996| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
14997| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
14998| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
14999| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
15000| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
15001| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
15002| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
15003| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
15004| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
15005| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
15006| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
15007| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
15008| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
15009| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
15010| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
15011| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
15012| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
15013| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
15014| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
15015| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
15016| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
15017| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
15018| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
15019| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
15020| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
15021| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
15022| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
15023| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
15024| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
15025| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
15026| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
15027| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
15028| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
15029| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
15030| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
15031| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
15032| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
15033| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
15034| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
15035| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
15036| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
15037| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
15038| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
15039| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
15040| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
15041| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
15042| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
15043| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
15044| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
15045| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
15046| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
15047| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
15048| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
15049| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
15050| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
15051| [76933] Apache James Server Unspecified Command Execution Vulnerability
15052| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
15053| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
15054| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
15055| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
15056| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
15057| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
15058| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
15059| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
15060| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
15061| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
15062| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
15063| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
15064| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
15065| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
15066| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
15067| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
15068| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
15069| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
15070| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
15071| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
15072| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
15073| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
15074| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
15075| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
15076| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
15077| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
15078| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
15079| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
15080| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
15081| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
15082| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
15083| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
15084| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
15085| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
15086| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
15087| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
15088| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
15089| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
15090| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
15091| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
15092| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
15093| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
15094| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
15095| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
15096| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
15097| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
15098| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
15099| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
15100| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
15101| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
15102| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
15103| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
15104| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
15105| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
15106| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
15107| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
15108| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
15109| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
15110| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
15111| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
15112| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
15113| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
15114| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
15115| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
15116| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
15117| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
15118| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
15119| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
15120| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
15121| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
15122| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
15123| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
15124| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
15125| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
15126| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
15127| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
15128| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
15129| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
15130| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
15131| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
15132| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
15133| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
15134| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
15135| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
15136| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
15137| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
15138| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
15139| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
15140| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
15141| [68229] Apache Harmony PRNG Entropy Weakness
15142| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15143| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15144| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15145| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15146| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15147| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15148| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15149| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15150| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15151| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15152| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15153| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15154| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15155| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15156| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15157| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15158| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15159| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15160| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15161| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15162| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15163| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15164| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15165| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15166| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15167| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15168| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15169| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15170| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15171| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15172| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15173| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15174| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15175| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15176| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15177| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15178| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15179| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15180| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15181| [64780] Apache CloudStack Unauthorized Access Vulnerability
15182| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15183| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15184| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15185| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15186| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15187| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15188| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15189| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15190| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15191| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15192| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15193| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15194| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15195| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15196| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15197| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15198| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15199| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15200| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15201| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15202| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15203| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15204| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15205| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15206| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15207| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15208| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15209| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15210| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15211| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15212| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15213| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15214| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15215| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15216| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15217| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15218| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15219| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15220| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15221| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15222| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15223| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15224| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15225| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15226| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15227| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15228| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15229| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15230| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15231| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15232| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15233| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15234| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15235| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15236| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15237| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15238| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15239| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15240| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15241| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15242| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15243| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15244| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15245| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15246| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15247| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15248| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15249| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15250| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15251| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15252| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15253| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15254| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15255| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15256| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15257| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15258| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15259| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15260| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15261| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15262| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15263| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15264| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15265| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15266| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15267| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15268| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15269| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15270| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15271| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15272| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15273| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15274| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15275| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15276| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
15277| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
15278| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
15279| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
15280| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
15281| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
15282| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
15283| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
15284| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
15285| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
15286| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
15287| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
15288| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
15289| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
15290| [54798] Apache Libcloud Man In The Middle Vulnerability
15291| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
15292| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
15293| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
15294| [54189] Apache Roller Cross Site Request Forgery Vulnerability
15295| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
15296| [53880] Apache CXF Child Policies Security Bypass Vulnerability
15297| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
15298| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
15299| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
15300| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
15301| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
15302| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
15303| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
15304| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
15305| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
15306| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
15307| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
15308| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
15309| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
15310| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
15311| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
15312| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
15313| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
15314| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
15315| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
15316| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
15317| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15318| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
15319| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
15320| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
15321| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
15322| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
15323| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
15324| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
15325| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
15326| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
15327| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
15328| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
15329| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
15330| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
15331| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
15332| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
15333| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
15334| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
15335| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
15336| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
15337| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
15338| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
15339| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
15340| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
15341| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
15342| [49290] Apache Wicket Cross Site Scripting Vulnerability
15343| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
15344| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
15345| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
15346| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
15347| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
15348| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
15349| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
15350| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15351| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
15352| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
15353| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
15354| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
15355| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
15356| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
15357| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
15358| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
15359| [46953] Apache MPM-ITK Module Security Weakness
15360| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
15361| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
15362| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
15363| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
15364| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
15365| [46166] Apache Tomcat JVM Denial of Service Vulnerability
15366| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
15367| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
15368| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
15369| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
15370| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
15371| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
15372| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
15373| [44616] Apache Shiro Directory Traversal Vulnerability
15374| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
15375| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
15376| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
15377| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
15378| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
15379| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
15380| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
15381| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
15382| [42492] Apache CXF XML DTD Processing Security Vulnerability
15383| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
15384| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
15385| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
15386| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
15387| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
15388| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
15389| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
15390| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
15391| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
15392| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
15393| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
15394| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
15395| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
15396| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
15397| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
15398| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
15399| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
15400| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
15401| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
15402| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
15403| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
15404| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
15405| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
15406| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
15407| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
15408| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
15409| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
15410| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
15411| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
15412| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
15413| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
15414| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
15415| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
15416| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
15417| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
15418| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15419| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
15420| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
15421| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
15422| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
15423| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
15424| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
15425| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15426| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
15427| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
15428| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
15429| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
15430| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
15431| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
15432| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
15433| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
15434| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
15435| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
15436| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
15437| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
15438| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
15439| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
15440| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
15441| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
15442| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
15443| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
15444| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
15445| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
15446| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
15447| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
15448| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
15449| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
15450| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
15451| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
15452| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
15453| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
15454| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
15455| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
15456| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
15457| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
15458| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
15459| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
15460| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
15461| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
15462| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
15463| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
15464| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
15465| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
15466| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
15467| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
15468| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
15469| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
15470| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
15471| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
15472| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
15473| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
15474| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
15475| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
15476| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
15477| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
15478| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
15479| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
15480| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
15481| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
15482| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
15483| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
15484| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
15485| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
15486| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
15487| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
15488| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
15489| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
15490| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
15491| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
15492| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
15493| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
15494| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
15495| [20527] Apache Mod_TCL Remote Format String Vulnerability
15496| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
15497| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
15498| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
15499| [19106] Apache Tomcat Information Disclosure Vulnerability
15500| [18138] Apache James SMTP Denial Of Service Vulnerability
15501| [17342] Apache Struts Multiple Remote Vulnerabilities
15502| [17095] Apache Log4Net Denial Of Service Vulnerability
15503| [16916] Apache mod_python FileSession Code Execution Vulnerability
15504| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
15505| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
15506| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
15507| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15508| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
15509| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
15510| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
15511| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
15512| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15513| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
15514| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
15515| [15177] PHP Apache 2 Local Denial of Service Vulnerability
15516| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
15517| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
15518| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
15519| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
15520| [14106] Apache HTTP Request Smuggling Vulnerability
15521| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
15522| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
15523| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
15524| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
15525| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
15526| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
15527| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
15528| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
15529| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
15530| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
15531| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
15532| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
15533| [11471] Apache mod_include Local Buffer Overflow Vulnerability
15534| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
15535| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
15536| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
15537| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
15538| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
15539| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
15540| [11094] Apache mod_ssl Denial Of Service Vulnerability
15541| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
15542| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
15543| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
15544| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
15545| [10478] ClueCentral Apache Suexec Patch Security Weakness
15546| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
15547| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
15548| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
15549| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
15550| [9921] Apache Connection Blocking Denial Of Service Vulnerability
15551| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
15552| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
15553| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
15554| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
15555| [9733] Apache Cygwin Directory Traversal Vulnerability
15556| [9599] Apache mod_php Global Variables Information Disclosure Weakness
15557| [9590] Apache-SSL Client Certificate Forging Vulnerability
15558| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
15559| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
15560| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
15561| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
15562| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
15563| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
15564| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
15565| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
15566| [8898] Red Hat Apache Directory Index Default Configuration Error
15567| [8883] Apache Cocoon Directory Traversal Vulnerability
15568| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
15569| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
15570| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
15571| [8707] Apache htpasswd Password Entropy Weakness
15572| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
15573| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
15574| [8226] Apache HTTP Server Multiple Vulnerabilities
15575| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
15576| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
15577| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
15578| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
15579| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
15580| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
15581| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
15582| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
15583| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
15584| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
15585| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
15586| [7255] Apache Web Server File Descriptor Leakage Vulnerability
15587| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
15588| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
15589| [6939] Apache Web Server ETag Header Information Disclosure Weakness
15590| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
15591| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
15592| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
15593| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
15594| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
15595| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
15596| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
15597| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
15598| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
15599| [6117] Apache mod_php File Descriptor Leakage Vulnerability
15600| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
15601| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
15602| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
15603| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
15604| [5992] Apache HTDigest Insecure Temporary File Vulnerability
15605| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
15606| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
15607| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
15608| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
15609| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
15610| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
15611| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
15612| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
15613| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
15614| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
15615| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
15616| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
15617| [5485] Apache 2.0 Path Disclosure Vulnerability
15618| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
15619| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
15620| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
15621| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
15622| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
15623| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
15624| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
15625| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
15626| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
15627| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
15628| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
15629| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
15630| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
15631| [4437] Apache Error Message Cross-Site Scripting Vulnerability
15632| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
15633| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
15634| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
15635| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
15636| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
15637| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
15638| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
15639| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
15640| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
15641| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
15642| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
15643| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
15644| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
15645| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
15646| [3596] Apache Split-Logfile File Append Vulnerability
15647| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
15648| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
15649| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
15650| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
15651| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
15652| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
15653| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
15654| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
15655| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
15656| [3169] Apache Server Address Disclosure Vulnerability
15657| [3009] Apache Possible Directory Index Disclosure Vulnerability
15658| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
15659| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
15660| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
15661| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
15662| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
15663| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
15664| [2216] Apache Web Server DoS Vulnerability
15665| [2182] Apache /tmp File Race Vulnerability
15666| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
15667| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
15668| [1821] Apache mod_cookies Buffer Overflow Vulnerability
15669| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
15670| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
15671| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
15672| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
15673| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
15674| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
15675| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
15676| [1457] Apache::ASP source.asp Example Script Vulnerability
15677| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
15678| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
15679|
15680| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15681| [86258] Apache CloudStack text fields cross-site scripting
15682| [85983] Apache Subversion mod_dav_svn module denial of service
15683| [85875] Apache OFBiz UEL code execution
15684| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
15685| [85871] Apache HTTP Server mod_session_dbd unspecified
15686| [85756] Apache Struts OGNL expression command execution
15687| [85755] Apache Struts DefaultActionMapper class open redirect
15688| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
15689| [85574] Apache HTTP Server mod_dav denial of service
15690| [85573] Apache Struts Showcase App OGNL code execution
15691| [85496] Apache CXF denial of service
15692| [85423] Apache Geronimo RMI classloader code execution
15693| [85326] Apache Santuario XML Security for C++ buffer overflow
15694| [85323] Apache Santuario XML Security for Java spoofing
15695| [85319] Apache Qpid Python client SSL spoofing
15696| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
15697| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
15698| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
15699| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
15700| [84952] Apache Tomcat CVE-2012-3544 denial of service
15701| [84763] Apache Struts CVE-2013-2135 security bypass
15702| [84762] Apache Struts CVE-2013-2134 security bypass
15703| [84719] Apache Subversion CVE-2013-2088 command execution
15704| [84718] Apache Subversion CVE-2013-2112 denial of service
15705| [84717] Apache Subversion CVE-2013-1968 denial of service
15706| [84577] Apache Tomcat security bypass
15707| [84576] Apache Tomcat symlink
15708| [84543] Apache Struts CVE-2013-2115 security bypass
15709| [84542] Apache Struts CVE-2013-1966 security bypass
15710| [84154] Apache Tomcat session hijacking
15711| [84144] Apache Tomcat denial of service
15712| [84143] Apache Tomcat information disclosure
15713| [84111] Apache HTTP Server command execution
15714| [84043] Apache Virtual Computing Lab cross-site scripting
15715| [84042] Apache Virtual Computing Lab cross-site scripting
15716| [83782] Apache CloudStack information disclosure
15717| [83781] Apache CloudStack security bypass
15718| [83720] Apache ActiveMQ cross-site scripting
15719| [83719] Apache ActiveMQ denial of service
15720| [83718] Apache ActiveMQ denial of service
15721| [83263] Apache Subversion denial of service
15722| [83262] Apache Subversion denial of service
15723| [83261] Apache Subversion denial of service
15724| [83259] Apache Subversion denial of service
15725| [83035] Apache mod_ruid2 security bypass
15726| [82852] Apache Qpid federation_tag security bypass
15727| [82851] Apache Qpid qpid::framing::Buffer denial of service
15728| [82758] Apache Rave User RPC API information disclosure
15729| [82663] Apache Subversion svn_fs_file_length() denial of service
15730| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
15731| [82641] Apache Qpid AMQP denial of service
15732| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
15733| [82618] Apache Commons FileUpload symlink
15734| [82360] Apache HTTP Server manager interface cross-site scripting
15735| [82359] Apache HTTP Server hostnames cross-site scripting
15736| [82338] Apache Tomcat log/logdir information disclosure
15737| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
15738| [82268] Apache OpenJPA deserialization command execution
15739| [81981] Apache CXF UsernameTokens security bypass
15740| [81980] Apache CXF WS-Security security bypass
15741| [81398] Apache OFBiz cross-site scripting
15742| [81240] Apache CouchDB directory traversal
15743| [81226] Apache CouchDB JSONP code execution
15744| [81225] Apache CouchDB Futon user interface cross-site scripting
15745| [81211] Apache Axis2/C SSL spoofing
15746| [81167] Apache CloudStack DeployVM information disclosure
15747| [81166] Apache CloudStack AddHost API information disclosure
15748| [81165] Apache CloudStack createSSHKeyPair API information disclosure
15749| [80518] Apache Tomcat cross-site request forgery security bypass
15750| [80517] Apache Tomcat FormAuthenticator security bypass
15751| [80516] Apache Tomcat NIO denial of service
15752| [80408] Apache Tomcat replay-countermeasure security bypass
15753| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
15754| [80317] Apache Tomcat slowloris denial of service
15755| [79984] Apache Commons HttpClient SSL spoofing
15756| [79983] Apache CXF SSL spoofing
15757| [79830] Apache Axis2/Java SSL spoofing
15758| [79829] Apache Axis SSL spoofing
15759| [79809] Apache Tomcat DIGEST security bypass
15760| [79806] Apache Tomcat parseHeaders() denial of service
15761| [79540] Apache OFBiz unspecified
15762| [79487] Apache Axis2 SAML security bypass
15763| [79212] Apache Cloudstack code execution
15764| [78734] Apache CXF SOAP Action security bypass
15765| [78730] Apache Qpid broker denial of service
15766| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
15767| [78563] Apache mod_pagespeed module unspecified cross-site scripting
15768| [78562] Apache mod_pagespeed module security bypass
15769| [78454] Apache Axis2 security bypass
15770| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
15771| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
15772| [78321] Apache Wicket unspecified cross-site scripting
15773| [78183] Apache Struts parameters denial of service
15774| [78182] Apache Struts cross-site request forgery
15775| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
15776| [77987] mod_rpaf module for Apache denial of service
15777| [77958] Apache Struts skill name code execution
15778| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
15779| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
15780| [77568] Apache Qpid broker security bypass
15781| [77421] Apache Libcloud spoofing
15782| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
15783| [77046] Oracle Solaris Apache HTTP Server information disclosure
15784| [76837] Apache Hadoop information disclosure
15785| [76802] Apache Sling CopyFrom denial of service
15786| [76692] Apache Hadoop symlink
15787| [76535] Apache Roller console cross-site request forgery
15788| [76534] Apache Roller weblog cross-site scripting
15789| [76152] Apache CXF elements security bypass
15790| [76151] Apache CXF child policies security bypass
15791| [75983] MapServer for Windows Apache file include
15792| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
15793| [75558] Apache POI denial of service
15794| [75545] PHP apache_request_headers() buffer overflow
15795| [75302] Apache Qpid SASL security bypass
15796| [75211] Debian GNU/Linux apache 2 cross-site scripting
15797| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
15798| [74871] Apache OFBiz FlexibleStringExpander code execution
15799| [74870] Apache OFBiz multiple cross-site scripting
15800| [74750] Apache Hadoop unspecified spoofing
15801| [74319] Apache Struts XSLTResult.java file upload
15802| [74313] Apache Traffic Server header buffer overflow
15803| [74276] Apache Wicket directory traversal
15804| [74273] Apache Wicket unspecified cross-site scripting
15805| [74181] Apache HTTP Server mod_fcgid module denial of service
15806| [73690] Apache Struts OGNL code execution
15807| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
15808| [73100] Apache MyFaces in directory traversal
15809| [73096] Apache APR hash denial of service
15810| [73052] Apache Struts name cross-site scripting
15811| [73030] Apache CXF UsernameToken security bypass
15812| [72888] Apache Struts lastName cross-site scripting
15813| [72758] Apache HTTP Server httpOnly information disclosure
15814| [72757] Apache HTTP Server MPM denial of service
15815| [72585] Apache Struts ParameterInterceptor security bypass
15816| [72438] Apache Tomcat Digest security bypass
15817| [72437] Apache Tomcat Digest security bypass
15818| [72436] Apache Tomcat DIGEST security bypass
15819| [72425] Apache Tomcat parameter denial of service
15820| [72422] Apache Tomcat request object information disclosure
15821| [72377] Apache HTTP Server scoreboard security bypass
15822| [72345] Apache HTTP Server HTTP request denial of service
15823| [72229] Apache Struts ExceptionDelegator command execution
15824| [72089] Apache Struts ParameterInterceptor directory traversal
15825| [72088] Apache Struts CookieInterceptor command execution
15826| [72047] Apache Geronimo hash denial of service
15827| [72016] Apache Tomcat hash denial of service
15828| [71711] Apache Struts OGNL expression code execution
15829| [71654] Apache Struts interfaces security bypass
15830| [71620] Apache ActiveMQ failover denial of service
15831| [71617] Apache HTTP Server mod_proxy module information disclosure
15832| [71508] Apache MyFaces EL security bypass
15833| [71445] Apache HTTP Server mod_proxy security bypass
15834| [71203] Apache Tomcat servlets privilege escalation
15835| [71181] Apache HTTP Server ap_pregsub() denial of service
15836| [71093] Apache HTTP Server ap_pregsub() buffer overflow
15837| [70336] Apache HTTP Server mod_proxy information disclosure
15838| [69804] Apache HTTP Server mod_proxy_ajp denial of service
15839| [69472] Apache Tomcat AJP security bypass
15840| [69396] Apache HTTP Server ByteRange filter denial of service
15841| [69394] Apache Wicket multi window support cross-site scripting
15842| [69176] Apache Tomcat XML information disclosure
15843| [69161] Apache Tomcat jsvc information disclosure
15844| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
15845| [68541] Apache Tomcat sendfile information disclosure
15846| [68420] Apache XML Security denial of service
15847| [68238] Apache Tomcat JMX information disclosure
15848| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
15849| [67804] Apache Subversion control rules information disclosure
15850| [67803] Apache Subversion control rules denial of service
15851| [67802] Apache Subversion baselined denial of service
15852| [67672] Apache Archiva multiple cross-site scripting
15853| [67671] Apache Archiva multiple cross-site request forgery
15854| [67564] Apache APR apr_fnmatch() denial of service
15855| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
15856| [67515] Apache Tomcat annotations security bypass
15857| [67480] Apache Struts s:submit information disclosure
15858| [67414] Apache APR apr_fnmatch() denial of service
15859| [67356] Apache Struts javatemplates cross-site scripting
15860| [67354] Apache Struts Xwork cross-site scripting
15861| [66676] Apache Tomcat HTTP BIO information disclosure
15862| [66675] Apache Tomcat web.xml security bypass
15863| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
15864| [66241] Apache HttpComponents information disclosure
15865| [66154] Apache Tomcat ServletSecurity security bypass
15866| [65971] Apache Tomcat ServletSecurity security bypass
15867| [65876] Apache Subversion mod_dav_svn denial of service
15868| [65343] Apache Continuum unspecified cross-site scripting
15869| [65162] Apache Tomcat NIO connector denial of service
15870| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
15871| [65160] Apache Tomcat HTML Manager interface cross-site scripting
15872| [65159] Apache Tomcat ServletContect security bypass
15873| [65050] Apache CouchDB web-based administration UI cross-site scripting
15874| [64773] Oracle HTTP Server Apache Plugin unauthorized access
15875| [64473] Apache Subversion blame -g denial of service
15876| [64472] Apache Subversion walk() denial of service
15877| [64407] Apache Axis2 CVE-2010-0219 code execution
15878| [63926] Apache Archiva password privilege escalation
15879| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
15880| [63493] Apache Archiva credentials cross-site request forgery
15881| [63477] Apache Tomcat HttpOnly session hijacking
15882| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
15883| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
15884| [62959] Apache Shiro filters security bypass
15885| [62790] Apache Perl cgi module denial of service
15886| [62576] Apache Qpid exchange denial of service
15887| [62575] Apache Qpid AMQP denial of service
15888| [62354] Apache Qpid SSL denial of service
15889| [62235] Apache APR-util apr_brigade_split_line() denial of service
15890| [62181] Apache XML-RPC SAX Parser information disclosure
15891| [61721] Apache Traffic Server cache poisoning
15892| [61202] Apache Derby BUILTIN authentication functionality information disclosure
15893| [61186] Apache CouchDB Futon cross-site request forgery
15894| [61169] Apache CXF DTD denial of service
15895| [61070] Apache Jackrabbit search.jsp SQL injection
15896| [61006] Apache SLMS Quoting cross-site request forgery
15897| [60962] Apache Tomcat time cross-site scripting
15898| [60883] Apache mod_proxy_http information disclosure
15899| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
15900| [60264] Apache Tomcat Transfer-Encoding denial of service
15901| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
15902| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
15903| [59413] Apache mod_proxy_http timeout information disclosure
15904| [59058] Apache MyFaces unencrypted view state cross-site scripting
15905| [58827] Apache Axis2 xsd file include
15906| [58790] Apache Axis2 modules cross-site scripting
15907| [58299] Apache ActiveMQ queueBrowse cross-site scripting
15908| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
15909| [58056] Apache ActiveMQ .jsp source code disclosure
15910| [58055] Apache Tomcat realm name information disclosure
15911| [58046] Apache HTTP Server mod_auth_shadow security bypass
15912| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
15913| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
15914| [57429] Apache CouchDB algorithms information disclosure
15915| [57398] Apache ActiveMQ Web console cross-site request forgery
15916| [57397] Apache ActiveMQ createDestination.action cross-site scripting
15917| [56653] Apache HTTP Server DNS spoofing
15918| [56652] Apache HTTP Server DNS cross-site scripting
15919| [56625] Apache HTTP Server request header information disclosure
15920| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
15921| [56623] Apache HTTP Server mod_proxy_ajp denial of service
15922| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
15923| [55857] Apache Tomcat WAR files directory traversal
15924| [55856] Apache Tomcat autoDeploy attribute security bypass
15925| [55855] Apache Tomcat WAR directory traversal
15926| [55210] Intuit component for Joomla! Apache information disclosure
15927| [54533] Apache Tomcat 404 error page cross-site scripting
15928| [54182] Apache Tomcat admin default password
15929| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
15930| [53666] Apache HTTP Server Solaris pollset support denial of service
15931| [53650] Apache HTTP Server HTTP basic-auth module security bypass
15932| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
15933| [53041] mod_proxy_ftp module for Apache denial of service
15934| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
15935| [51953] Apache Tomcat Path Disclosure
15936| [51952] Apache Tomcat Path Traversal
15937| [51951] Apache stronghold-status Information Disclosure
15938| [51950] Apache stronghold-info Information Disclosure
15939| [51949] Apache PHP Source Code Disclosure
15940| [51948] Apache Multiviews Attack
15941| [51946] Apache JServ Environment Status Information Disclosure
15942| [51945] Apache error_log Information Disclosure
15943| [51944] Apache Default Installation Page Pattern Found
15944| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
15945| [51942] Apache AXIS XML External Entity File Retrieval
15946| [51941] Apache AXIS Sample Servlet Information Leak
15947| [51940] Apache access_log Information Disclosure
15948| [51626] Apache mod_deflate denial of service
15949| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
15950| [51365] Apache Tomcat RequestDispatcher security bypass
15951| [51273] Apache HTTP Server Incomplete Request denial of service
15952| [51195] Apache Tomcat XML information disclosure
15953| [50994] Apache APR-util xml/apr_xml.c denial of service
15954| [50993] Apache APR-util apr_brigade_vprintf denial of service
15955| [50964] Apache APR-util apr_strmatch_precompile() denial of service
15956| [50930] Apache Tomcat j_security_check information disclosure
15957| [50928] Apache Tomcat AJP denial of service
15958| [50884] Apache HTTP Server XML ENTITY denial of service
15959| [50808] Apache HTTP Server AllowOverride privilege escalation
15960| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
15961| [50059] Apache mod_proxy_ajp information disclosure
15962| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
15963| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
15964| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
15965| [49921] Apache ActiveMQ Web interface cross-site scripting
15966| [49898] Apache Geronimo Services/Repository directory traversal
15967| [49725] Apache Tomcat mod_jk module information disclosure
15968| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
15969| [49712] Apache Struts unspecified cross-site scripting
15970| [49213] Apache Tomcat cal2.jsp cross-site scripting
15971| [48934] Apache Tomcat POST doRead method information disclosure
15972| [48211] Apache Tomcat header HTTP request smuggling
15973| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
15974| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
15975| [47709] Apache Roller "
15976| [47104] Novell Netware ApacheAdmin console security bypass
15977| [47086] Apache HTTP Server OS fingerprinting unspecified
15978| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
15979| [45791] Apache Tomcat RemoteFilterValve security bypass
15980| [44435] Oracle WebLogic Apache Connector buffer overflow
15981| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
15982| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
15983| [44156] Apache Tomcat RequestDispatcher directory traversal
15984| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
15985| [43885] Oracle WebLogic Server Apache Connector buffer overflow
15986| [42987] Apache HTTP Server mod_proxy module denial of service
15987| [42915] Apache Tomcat JSP files path disclosure
15988| [42914] Apache Tomcat MS-DOS path disclosure
15989| [42892] Apache Tomcat unspecified unauthorized access
15990| [42816] Apache Tomcat Host Manager cross-site scripting
15991| [42303] Apache 403 error cross-site scripting
15992| [41618] Apache-SSL ExpandCert() authentication bypass
15993| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
15994| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
15995| [40614] Apache mod_jk2 HTTP Host header buffer overflow
15996| [40562] Apache Geronimo init information disclosure
15997| [40478] Novell Web Manager webadmin-apache.conf security bypass
15998| [40411] Apache Tomcat exception handling information disclosure
15999| [40409] Apache Tomcat native (APR based) connector weak security
16000| [40403] Apache Tomcat quotes and %5C cookie information disclosure
16001| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
16002| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
16003| [39867] Apache HTTP Server mod_negotiation cross-site scripting
16004| [39804] Apache Tomcat SingleSignOn information disclosure
16005| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
16006| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
16007| [39608] Apache HTTP Server balancer manager cross-site request forgery
16008| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
16009| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
16010| [39472] Apache HTTP Server mod_status cross-site scripting
16011| [39201] Apache Tomcat JULI logging weak security
16012| [39158] Apache HTTP Server Windows SMB shares information disclosure
16013| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
16014| [38951] Apache::AuthCAS Perl module cookie SQL injection
16015| [38800] Apache HTTP Server 413 error page cross-site scripting
16016| [38211] Apache Geronimo SQLLoginModule authentication bypass
16017| [37243] Apache Tomcat WebDAV directory traversal
16018| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
16019| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
16020| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
16021| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
16022| [36782] Apache Geronimo MEJB unauthorized access
16023| [36586] Apache HTTP Server UTF-7 cross-site scripting
16024| [36468] Apache Geronimo LoginModule security bypass
16025| [36467] Apache Tomcat functions.jsp cross-site scripting
16026| [36402] Apache Tomcat calendar cross-site request forgery
16027| [36354] Apache HTTP Server mod_proxy module denial of service
16028| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
16029| [36336] Apache Derby lock table privilege escalation
16030| [36335] Apache Derby schema privilege escalation
16031| [36006] Apache Tomcat "
16032| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
16033| [35999] Apache Tomcat \"
16034| [35795] Apache Tomcat CookieExample cross-site scripting
16035| [35536] Apache Tomcat SendMailServlet example cross-site scripting
16036| [35384] Apache HTTP Server mod_cache module denial of service
16037| [35097] Apache HTTP Server mod_status module cross-site scripting
16038| [35095] Apache HTTP Server Prefork MPM module denial of service
16039| [34984] Apache HTTP Server recall_headers information disclosure
16040| [34966] Apache HTTP Server MPM content spoofing
16041| [34965] Apache HTTP Server MPM information disclosure
16042| [34963] Apache HTTP Server MPM multiple denial of service
16043| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
16044| [34869] Apache Tomcat JSP example Web application cross-site scripting
16045| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
16046| [34496] Apache Tomcat JK Connector security bypass
16047| [34377] Apache Tomcat hello.jsp cross-site scripting
16048| [34212] Apache Tomcat SSL configuration security bypass
16049| [34210] Apache Tomcat Accept-Language cross-site scripting
16050| [34209] Apache Tomcat calendar application cross-site scripting
16051| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
16052| [34167] Apache Axis WSDL file path disclosure
16053| [34068] Apache Tomcat AJP connector information disclosure
16054| [33584] Apache HTTP Server suEXEC privilege escalation
16055| [32988] Apache Tomcat proxy module directory traversal
16056| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
16057| [32708] Debian Apache tty privilege escalation
16058| [32441] ApacheStats extract() PHP call unspecified
16059| [32128] Apache Tomcat default account
16060| [31680] Apache Tomcat RequestParamExample cross-site scripting
16061| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
16062| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
16063| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
16064| [30456] Apache mod_auth_kerb off-by-one buffer overflow
16065| [29550] Apache mod_tcl set_var() format string
16066| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
16067| [28357] Apache HTTP Server mod_alias script source information disclosure
16068| [28063] Apache mod_rewrite off-by-one buffer overflow
16069| [27902] Apache Tomcat URL information disclosure
16070| [26786] Apache James SMTP server denial of service
16071| [25680] libapache2 /tmp/svn file upload
16072| [25614] Apache Struts lookupMap cross-site scripting
16073| [25613] Apache Struts ActionForm denial of service
16074| [25612] Apache Struts isCancelled() security bypass
16075| [24965] Apache mod_python FileSession command execution
16076| [24716] Apache James spooler memory leak denial of service
16077| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
16078| [24158] Apache Geronimo jsp-examples cross-site scripting
16079| [24030] Apache auth_ldap module multiple format strings
16080| [24008] Apache mod_ssl custom error message denial of service
16081| [24003] Apache mod_auth_pgsql module multiple syslog format strings
16082| [23612] Apache mod_imap referer field cross-site scripting
16083| [23173] Apache Struts error message cross-site scripting
16084| [22942] Apache Tomcat directory listing denial of service
16085| [22858] Apache Multi-Processing Module code allows denial of service
16086| [22602] RHSA-2005:582 updates for Apache httpd not installed
16087| [22520] Apache mod-auth-shadow "
16088| [22466] ApacheTop symlink
16089| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
16090| [22006] Apache HTTP Server byte-range filter denial of service
16091| [21567] Apache mod_ssl off-by-one buffer overflow
16092| [21195] Apache HTTP Server header HTTP request smuggling
16093| [20383] Apache HTTP Server htdigest buffer overflow
16094| [19681] Apache Tomcat AJP12 request denial of service
16095| [18993] Apache HTTP server check_forensic symlink attack
16096| [18790] Apache Tomcat Manager cross-site scripting
16097| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
16098| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
16099| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
16100| [17961] Apache Web server ServerTokens has not been set
16101| [17930] Apache HTTP Server HTTP GET request denial of service
16102| [17785] Apache mod_include module buffer overflow
16103| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
16104| [17473] Apache HTTP Server Satisfy directive allows access to resources
16105| [17413] Apache htpasswd buffer overflow
16106| [17384] Apache HTTP Server environment variable configuration file buffer overflow
16107| [17382] Apache HTTP Server IPv6 apr_util denial of service
16108| [17366] Apache HTTP Server mod_dav module LOCK denial of service
16109| [17273] Apache HTTP Server speculative mode denial of service
16110| [17200] Apache HTTP Server mod_ssl denial of service
16111| [16890] Apache HTTP Server server-info request has been detected
16112| [16889] Apache HTTP Server server-status request has been detected
16113| [16705] Apache mod_ssl format string attack
16114| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
16115| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
16116| [16230] Apache HTTP Server PHP denial of service
16117| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
16118| [15958] Apache HTTP Server authentication modules memory corruption
16119| [15547] Apache HTTP Server mod_disk_cache local information disclosure
16120| [15540] Apache HTTP Server socket starvation denial of service
16121| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
16122| [15422] Apache HTTP Server mod_access information disclosure
16123| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
16124| [15293] Apache for Cygwin "
16125| [15065] Apache-SSL has a default password
16126| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
16127| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
16128| [14751] Apache Mod_python output filter information disclosure
16129| [14125] Apache HTTP Server mod_userdir module information disclosure
16130| [14075] Apache HTTP Server mod_php file descriptor leak
16131| [13703] Apache HTTP Server account
16132| [13689] Apache HTTP Server configuration allows symlinks
16133| [13688] Apache HTTP Server configuration allows SSI
16134| [13687] Apache HTTP Server Server: header value
16135| [13685] Apache HTTP Server ServerTokens value
16136| [13684] Apache HTTP Server ServerSignature value
16137| [13672] Apache HTTP Server config allows directory autoindexing
16138| [13671] Apache HTTP Server default content
16139| [13670] Apache HTTP Server config file directive references outside content root
16140| [13668] Apache HTTP Server httpd not running in chroot environment
16141| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16142| [13664] Apache HTTP Server config file contains ScriptAlias entry
16143| [13663] Apache HTTP Server CGI support modules loaded
16144| [13661] Apache HTTP Server config file contains AddHandler entry
16145| [13660] Apache HTTP Server 500 error page not CGI script
16146| [13659] Apache HTTP Server 413 error page not CGI script
16147| [13658] Apache HTTP Server 403 error page not CGI script
16148| [13657] Apache HTTP Server 401 error page not CGI script
16149| [13552] Apache HTTP Server mod_cgid module information disclosure
16150| [13550] Apache GET request directory traversal
16151| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16152| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16153| [13429] Apache Tomcat non-HTTP request denial of service
16154| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16155| [13295] Apache weak password encryption
16156| [13254] Apache Tomcat .jsp cross-site scripting
16157| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16158| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16159| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16160| [12662] Apache HTTP Server rotatelogs denial of service
16161| [12554] Apache Tomcat stores password in plain text
16162| [12553] Apache HTTP Server redirects and subrequests denial of service
16163| [12552] Apache HTTP Server FTP proxy server denial of service
16164| [12551] Apache HTTP Server prefork MPM denial of service
16165| [12550] Apache HTTP Server weaker than expected encryption
16166| [12549] Apache HTTP Server type-map file denial of service
16167| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16168| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16169| [12091] Apache HTTP Server apr_password_validate denial of service
16170| [12090] Apache HTTP Server apr_psprintf code execution
16171| [11804] Apache HTTP Server mod_access_referer denial of service
16172| [11750] Apache HTTP Server could leak sensitive file descriptors
16173| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16174| [11703] Apache long slash path allows directory listing
16175| [11695] Apache HTTP Server LF (Line Feed) denial of service
16176| [11694] Apache HTTP Server filestat.c denial of service
16177| [11438] Apache HTTP Server MIME message boundaries information disclosure
16178| [11412] Apache HTTP Server error log terminal escape sequence injection
16179| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16180| [11195] Apache Tomcat web.xml could be used to read files
16181| [11194] Apache Tomcat URL appended with a null character could list directories
16182| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16183| [11126] Apache HTTP Server illegal character file disclosure
16184| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16185| [11124] Apache HTTP Server DOS device name denial of service
16186| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16187| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16188| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16189| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16190| [10499] Apache HTTP Server WebDAV HTTP POST view source
16191| [10457] Apache HTTP Server mod_ssl "
16192| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16193| [10414] Apache HTTP Server htdigest multiple buffer overflows
16194| [10413] Apache HTTP Server htdigest temporary file race condition
16195| [10412] Apache HTTP Server htpasswd temporary file race condition
16196| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16197| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16198| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16199| [10280] Apache HTTP Server shared memory scorecard overwrite
16200| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16201| [10241] Apache HTTP Server Host: header cross-site scripting
16202| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16203| [10208] Apache HTTP Server mod_dav denial of service
16204| [10206] HP VVOS Apache mod_ssl denial of service
16205| [10200] Apache HTTP Server stderr denial of service
16206| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16207| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16208| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16209| [10098] Slapper worm targets OpenSSL/Apache systems
16210| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16211| [9875] Apache HTTP Server .var file request could disclose installation path
16212| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16213| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16214| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16215| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16216| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16217| [9396] Apache Tomcat null character to threads denial of service
16218| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16219| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16220| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16221| [8932] Apache Tomcat example class information disclosure
16222| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16223| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16224| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16225| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16226| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16227| [8400] Apache HTTP Server mod_frontpage buffer overflows
16228| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16229| [8308] Apache "
16230| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16231| [8119] Apache and PHP OPTIONS request reveals "
16232| [8054] Apache is running on the system
16233| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16234| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16235| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16236| [7836] Apache HTTP Server log directory denial of service
16237| [7815] Apache for Windows "
16238| [7810] Apache HTTP request could result in unexpected behavior
16239| [7599] Apache Tomcat reveals installation path
16240| [7494] Apache "
16241| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16242| [7363] Apache Web Server hidden HTTP requests
16243| [7249] Apache mod_proxy denial of service
16244| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16245| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16246| [7059] Apache "
16247| [7057] Apache "
16248| [7056] Apache "
16249| [7055] Apache "
16250| [7054] Apache "
16251| [6997] Apache Jakarta Tomcat error message may reveal information
16252| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16253| [6970] Apache crafted HTTP request could reveal the internal IP address
16254| [6921] Apache long slash path allows directory listing
16255| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16256| [6527] Apache Web Server for Windows and OS2 denial of service
16257| [6316] Apache Jakarta Tomcat may reveal JSP source code
16258| [6305] Apache Jakarta Tomcat directory traversal
16259| [5926] Linux Apache symbolic link
16260| [5659] Apache Web server discloses files when used with php script
16261| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16262| [5204] Apache WebDAV directory listings
16263| [5197] Apache Web server reveals CGI script source code
16264| [5160] Apache Jakarta Tomcat default installation
16265| [5099] Trustix Secure Linux installs Apache with world writable access
16266| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16267| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16268| [4931] Apache source.asp example file allows users to write to files
16269| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16270| [4205] Apache Jakarta Tomcat delivers file contents
16271| [2084] Apache on Debian by default serves the /usr/doc directory
16272| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16273| [697] Apache HTTP server beck exploit
16274| [331] Apache cookies buffer overflow
16275|
16276| Exploit-DB - https://www.exploit-db.com:
16277| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
16278| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16279| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16280| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
16281| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
16282| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
16283| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
16284| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
16285| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
16286| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16287| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
16288| [29859] Apache Roller OGNL Injection
16289| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
16290| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
16291| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
16292| [29290] Apache / PHP 5.x Remote Code Execution Exploit
16293| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
16294| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
16295| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
16296| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
16297| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
16298| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
16299| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
16300| [27096] Apache Geronimo 1.0 Error Page XSS
16301| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
16302| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
16303| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
16304| [25986] Plesk Apache Zeroday Remote Exploit
16305| [25980] Apache Struts includeParams Remote Code Execution
16306| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
16307| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
16308| [24874] Apache Struts ParametersInterceptor Remote Code Execution
16309| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
16310| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
16311| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
16312| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
16313| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
16314| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
16315| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
16316| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
16317| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
16318| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
16319| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
16320| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
16321| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
16322| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
16323| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
16324| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
16325| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16326| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
16327| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
16328| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16329| [21719] Apache 2.0 Path Disclosure Vulnerability
16330| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16331| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
16332| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
16333| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
16334| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
16335| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
16336| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
16337| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
16338| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
16339| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
16340| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
16341| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
16342| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
16343| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
16344| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
16345| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
16346| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
16347| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
16348| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
16349| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
16350| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
16351| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
16352| [20558] Apache 1.2 Web Server DoS Vulnerability
16353| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
16354| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
16355| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
16356| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
16357| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
16358| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
16359| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
16360| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
16361| [19231] PHP apache_request_headers Function Buffer Overflow
16362| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
16363| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
16364| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
16365| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
16366| [18442] Apache httpOnly Cookie Disclosure
16367| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
16368| [18221] Apache HTTP Server Denial of Service
16369| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
16370| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
16371| [17691] Apache Struts < 2.2.0 - Remote Command Execution
16372| [16798] Apache mod_jk 1.2.20 Buffer Overflow
16373| [16782] Apache Win32 Chunked Encoding
16374| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
16375| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
16376| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
16377| [15319] Apache 2.2 (Windows) Local Denial of Service
16378| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
16379| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16380| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
16381| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
16382| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
16383| [12330] Apache OFBiz - Multiple XSS
16384| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
16385| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
16386| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
16387| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
16388| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
16389| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
16390| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
16391| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16392| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16393| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
16394| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
16395| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
16396| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
16397| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
16398| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
16399| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
16400| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
16401| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
16402| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
16403| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
16404| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
16405| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
16406| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
16407| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
16408| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
16409| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
16410| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
16411| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
16412| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
16413| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
16414| [466] htpasswd Apache 1.3.31 - Local Exploit
16415| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
16416| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
16417| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
16418| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
16419| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
16420| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
16421| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
16422| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
16423| [9] Apache HTTP Server 2.x Memory Leak Exploit
16424|
16425| OpenVAS (Nessus) - http://www.openvas.org:
16426| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
16427| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
16428| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16429| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
16430| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
16431| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16432| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16433| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
16434| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
16435| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
16436| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
16437| [900571] Apache APR-Utils Version Detection
16438| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
16439| [900496] Apache Tiles Multiple XSS Vulnerability
16440| [900493] Apache Tiles Version Detection
16441| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
16442| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
16443| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
16444| [870175] RedHat Update for apache RHSA-2008:0004-01
16445| [864591] Fedora Update for apache-poi FEDORA-2012-10835
16446| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
16447| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
16448| [864250] Fedora Update for apache-poi FEDORA-2012-7683
16449| [864249] Fedora Update for apache-poi FEDORA-2012-7686
16450| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
16451| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
16452| [855821] Solaris Update for Apache 1.3 122912-19
16453| [855812] Solaris Update for Apache 1.3 122911-19
16454| [855737] Solaris Update for Apache 1.3 122911-17
16455| [855731] Solaris Update for Apache 1.3 122912-17
16456| [855695] Solaris Update for Apache 1.3 122911-16
16457| [855645] Solaris Update for Apache 1.3 122912-16
16458| [855587] Solaris Update for kernel update and Apache 108529-29
16459| [855566] Solaris Update for Apache 116973-07
16460| [855531] Solaris Update for Apache 116974-07
16461| [855524] Solaris Update for Apache 2 120544-14
16462| [855494] Solaris Update for Apache 1.3 122911-15
16463| [855478] Solaris Update for Apache Security 114145-11
16464| [855472] Solaris Update for Apache Security 113146-12
16465| [855179] Solaris Update for Apache 1.3 122912-15
16466| [855147] Solaris Update for kernel update and Apache 108528-29
16467| [855077] Solaris Update for Apache 2 120543-14
16468| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
16469| [850088] SuSE Update for apache2 SUSE-SA:2007:061
16470| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
16471| [841209] Ubuntu Update for apache2 USN-1627-1
16472| [840900] Ubuntu Update for apache2 USN-1368-1
16473| [840798] Ubuntu Update for apache2 USN-1259-1
16474| [840734] Ubuntu Update for apache2 USN-1199-1
16475| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
16476| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
16477| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
16478| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
16479| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
16480| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
16481| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
16482| [835253] HP-UX Update for Apache Web Server HPSBUX02645
16483| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
16484| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
16485| [835236] HP-UX Update for Apache with PHP HPSBUX02543
16486| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
16487| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
16488| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
16489| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
16490| [835188] HP-UX Update for Apache HPSBUX02308
16491| [835181] HP-UX Update for Apache With PHP HPSBUX02332
16492| [835180] HP-UX Update for Apache with PHP HPSBUX02342
16493| [835172] HP-UX Update for Apache HPSBUX02365
16494| [835168] HP-UX Update for Apache HPSBUX02313
16495| [835148] HP-UX Update for Apache HPSBUX01064
16496| [835139] HP-UX Update for Apache with PHP HPSBUX01090
16497| [835131] HP-UX Update for Apache HPSBUX00256
16498| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
16499| [835104] HP-UX Update for Apache HPSBUX00224
16500| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
16501| [835101] HP-UX Update for Apache HPSBUX01232
16502| [835080] HP-UX Update for Apache HPSBUX02273
16503| [835078] HP-UX Update for ApacheStrong HPSBUX00255
16504| [835044] HP-UX Update for Apache HPSBUX01019
16505| [835040] HP-UX Update for Apache PHP HPSBUX00207
16506| [835025] HP-UX Update for Apache HPSBUX00197
16507| [835023] HP-UX Update for Apache HPSBUX01022
16508| [835022] HP-UX Update for Apache HPSBUX02292
16509| [835005] HP-UX Update for Apache HPSBUX02262
16510| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
16511| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
16512| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
16513| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
16514| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
16515| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
16516| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
16517| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
16518| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
16519| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
16520| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
16521| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
16522| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
16523| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
16524| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
16525| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
16526| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
16527| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
16528| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
16529| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
16530| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
16531| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
16532| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
16533| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
16534| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
16535| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
16536| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
16537| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
16538| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
16539| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
16540| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16541| [801942] Apache Archiva Multiple Vulnerabilities
16542| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
16543| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
16544| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
16545| [801284] Apache Derby Information Disclosure Vulnerability
16546| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
16547| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
16548| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
16549| [800680] Apache APR Version Detection
16550| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16551| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16552| [800677] Apache Roller Version Detection
16553| [800279] Apache mod_jk Module Version Detection
16554| [800278] Apache Struts Cross Site Scripting Vulnerability
16555| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
16556| [800276] Apache Struts Version Detection
16557| [800271] Apache Struts Directory Traversal Vulnerability
16558| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
16559| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16560| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16561| [103122] Apache Web Server ETag Header Information Disclosure Weakness
16562| [103074] Apache Continuum Cross Site Scripting Vulnerability
16563| [103073] Apache Continuum Detection
16564| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16565| [101023] Apache Open For Business Weak Password security check
16566| [101020] Apache Open For Business HTML injection vulnerability
16567| [101019] Apache Open For Business service detection
16568| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
16569| [100923] Apache Archiva Detection
16570| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16571| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16572| [100813] Apache Axis2 Detection
16573| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16574| [100795] Apache Derby Detection
16575| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
16576| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16577| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16578| [100514] Apache Multiple Security Vulnerabilities
16579| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16580| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16581| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16582| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16583| [72626] Debian Security Advisory DSA 2579-1 (apache2)
16584| [72612] FreeBSD Ports: apache22
16585| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
16586| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
16587| [71512] FreeBSD Ports: apache
16588| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
16589| [71256] Debian Security Advisory DSA 2452-1 (apache2)
16590| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
16591| [70737] FreeBSD Ports: apache
16592| [70724] Debian Security Advisory DSA 2405-1 (apache2)
16593| [70600] FreeBSD Ports: apache
16594| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
16595| [70235] Debian Security Advisory DSA 2298-2 (apache2)
16596| [70233] Debian Security Advisory DSA 2298-1 (apache2)
16597| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
16598| [69338] Debian Security Advisory DSA 2202-1 (apache2)
16599| [67868] FreeBSD Ports: apache
16600| [66816] FreeBSD Ports: apache
16601| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
16602| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
16603| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
16604| [66081] SLES11: Security update for Apache 2
16605| [66074] SLES10: Security update for Apache 2
16606| [66070] SLES9: Security update for Apache 2
16607| [65998] SLES10: Security update for apache2-mod_python
16608| [65893] SLES10: Security update for Apache 2
16609| [65888] SLES10: Security update for Apache 2
16610| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
16611| [65510] SLES9: Security update for Apache 2
16612| [65472] SLES9: Security update for Apache
16613| [65467] SLES9: Security update for Apache
16614| [65450] SLES9: Security update for apache2
16615| [65390] SLES9: Security update for Apache2
16616| [65363] SLES9: Security update for Apache2
16617| [65309] SLES9: Security update for Apache and mod_ssl
16618| [65296] SLES9: Security update for webdav apache module
16619| [65283] SLES9: Security update for Apache2
16620| [65249] SLES9: Security update for Apache 2
16621| [65230] SLES9: Security update for Apache 2
16622| [65228] SLES9: Security update for Apache 2
16623| [65212] SLES9: Security update for apache2-mod_python
16624| [65209] SLES9: Security update for apache2-worker
16625| [65207] SLES9: Security update for Apache 2
16626| [65168] SLES9: Security update for apache2-mod_python
16627| [65142] SLES9: Security update for Apache2
16628| [65136] SLES9: Security update for Apache 2
16629| [65132] SLES9: Security update for apache
16630| [65131] SLES9: Security update for Apache 2 oes/CORE
16631| [65113] SLES9: Security update for apache2
16632| [65072] SLES9: Security update for apache and mod_ssl
16633| [65017] SLES9: Security update for Apache 2
16634| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
16635| [64783] FreeBSD Ports: apache
16636| [64774] Ubuntu USN-802-2 (apache2)
16637| [64653] Ubuntu USN-813-2 (apache2)
16638| [64559] Debian Security Advisory DSA 1834-2 (apache2)
16639| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
16640| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
16641| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
16642| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
16643| [64443] Ubuntu USN-802-1 (apache2)
16644| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
16645| [64423] Debian Security Advisory DSA 1834-1 (apache2)
16646| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
16647| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
16648| [64251] Debian Security Advisory DSA 1816-1 (apache2)
16649| [64201] Ubuntu USN-787-1 (apache2)
16650| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
16651| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
16652| [63565] FreeBSD Ports: apache
16653| [63562] Ubuntu USN-731-1 (apache2)
16654| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
16655| [61185] FreeBSD Ports: apache
16656| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
16657| [60387] Slackware Advisory SSA:2008-045-02 apache
16658| [58826] FreeBSD Ports: apache-tomcat
16659| [58825] FreeBSD Ports: apache-tomcat
16660| [58804] FreeBSD Ports: apache
16661| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
16662| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
16663| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
16664| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
16665| [57335] Debian Security Advisory DSA 1167-1 (apache)
16666| [57201] Debian Security Advisory DSA 1131-1 (apache)
16667| [57200] Debian Security Advisory DSA 1132-1 (apache2)
16668| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
16669| [57145] FreeBSD Ports: apache
16670| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
16671| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
16672| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
16673| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
16674| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
16675| [56067] FreeBSD Ports: apache
16676| [55803] Slackware Advisory SSA:2005-310-04 apache
16677| [55519] Debian Security Advisory DSA 839-1 (apachetop)
16678| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
16679| [55355] FreeBSD Ports: apache
16680| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
16681| [55261] Debian Security Advisory DSA 805-1 (apache2)
16682| [55259] Debian Security Advisory DSA 803-1 (apache)
16683| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
16684| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
16685| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
16686| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
16687| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
16688| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
16689| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
16690| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
16691| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
16692| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
16693| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
16694| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
16695| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
16696| [54439] FreeBSD Ports: apache
16697| [53931] Slackware Advisory SSA:2004-133-01 apache
16698| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
16699| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
16700| [53878] Slackware Advisory SSA:2003-308-01 apache security update
16701| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
16702| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
16703| [53848] Debian Security Advisory DSA 131-1 (apache)
16704| [53784] Debian Security Advisory DSA 021-1 (apache)
16705| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
16706| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
16707| [53735] Debian Security Advisory DSA 187-1 (apache)
16708| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
16709| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
16710| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
16711| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
16712| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
16713| [53282] Debian Security Advisory DSA 594-1 (apache)
16714| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
16715| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
16716| [53215] Debian Security Advisory DSA 525-1 (apache)
16717| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
16718| [52529] FreeBSD Ports: apache+ssl
16719| [52501] FreeBSD Ports: apache
16720| [52461] FreeBSD Ports: apache
16721| [52390] FreeBSD Ports: apache
16722| [52389] FreeBSD Ports: apache
16723| [52388] FreeBSD Ports: apache
16724| [52383] FreeBSD Ports: apache
16725| [52339] FreeBSD Ports: apache+mod_ssl
16726| [52331] FreeBSD Ports: apache
16727| [52329] FreeBSD Ports: ru-apache+mod_ssl
16728| [52314] FreeBSD Ports: apache
16729| [52310] FreeBSD Ports: apache
16730| [15588] Detect Apache HTTPS
16731| [15555] Apache mod_proxy content-length buffer overflow
16732| [15554] Apache mod_include priviledge escalation
16733| [14771] Apache <= 1.3.33 htpasswd local overflow
16734| [14177] Apache mod_access rule bypass
16735| [13644] Apache mod_rootme Backdoor
16736| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
16737| [12280] Apache Connection Blocking Denial of Service
16738| [12239] Apache Error Log Escape Sequence Injection
16739| [12123] Apache Tomcat source.jsp malformed request information disclosure
16740| [12085] Apache Tomcat servlet/JSP container default files
16741| [11438] Apache Tomcat Directory Listing and File disclosure
16742| [11204] Apache Tomcat Default Accounts
16743| [11092] Apache 2.0.39 Win32 directory traversal
16744| [11046] Apache Tomcat TroubleShooter Servlet Installed
16745| [11042] Apache Tomcat DOS Device Name XSS
16746| [11041] Apache Tomcat /servlet Cross Site Scripting
16747| [10938] Apache Remote Command Execution via .bat files
16748| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
16749| [10773] MacOS X Finder reveals contents of Apache Web files
16750| [10766] Apache UserDir Sensitive Information Disclosure
16751| [10756] MacOS X Finder reveals contents of Apache Web directories
16752| [10752] Apache Auth Module SQL Insertion Attack
16753| [10704] Apache Directory Listing
16754| [10678] Apache /server-info accessible
16755| [10677] Apache /server-status accessible
16756| [10440] Check for Apache Multiple / vulnerability
16757|
16758| SecurityTracker - https://www.securitytracker.com:
16759| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
16760| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
16761| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
16762| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
16763| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16764| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16765| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16766| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
16767| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
16768| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
16769| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
16770| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
16771| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
16772| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
16773| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
16774| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
16775| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
16776| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
16777| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
16778| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
16779| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
16780| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
16781| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
16782| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
16783| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
16784| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16785| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
16786| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
16787| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
16788| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
16789| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
16790| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
16791| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
16792| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
16793| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
16794| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
16795| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
16796| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
16797| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
16798| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
16799| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
16800| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
16801| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
16802| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
16803| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
16804| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
16805| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
16806| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
16807| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
16808| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
16809| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
16810| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
16811| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
16812| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
16813| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
16814| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
16815| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
16816| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
16817| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
16818| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
16819| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
16820| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
16821| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
16822| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
16823| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
16824| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
16825| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
16826| [1024096] Apache mod_proxy_http May Return Results for a Different Request
16827| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
16828| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
16829| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
16830| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
16831| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
16832| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
16833| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
16834| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
16835| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
16836| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
16837| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
16838| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
16839| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
16840| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16841| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
16842| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
16843| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
16844| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
16845| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
16846| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
16847| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
16848| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
16849| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
16850| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
16851| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
16852| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
16853| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
16854| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
16855| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
16856| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
16857| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
16858| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
16859| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
16860| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
16861| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
16862| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
16863| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
16864| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
16865| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
16866| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
16867| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
16868| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
16869| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
16870| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
16871| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
16872| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
16873| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
16874| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
16875| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
16876| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
16877| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
16878| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
16879| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
16880| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
16881| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
16882| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
16883| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
16884| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
16885| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
16886| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
16887| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
16888| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
16889| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
16890| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
16891| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
16892| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
16893| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
16894| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
16895| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
16896| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
16897| [1008920] Apache mod_digest May Validate Replayed Client Responses
16898| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
16899| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
16900| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
16901| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
16902| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
16903| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
16904| [1008030] Apache mod_rewrite Contains a Buffer Overflow
16905| [1008029] Apache mod_alias Contains a Buffer Overflow
16906| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
16907| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
16908| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
16909| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
16910| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
16911| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
16912| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
16913| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
16914| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
16915| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
16916| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
16917| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
16918| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
16919| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
16920| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
16921| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
16922| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
16923| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
16924| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
16925| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
16926| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
16927| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
16928| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
16929| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
16930| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
16931| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
16932| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
16933| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
16934| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
16935| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
16936| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
16937| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
16938| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
16939| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
16940| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
16941| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
16942| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
16943| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
16944| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16945| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
16946| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
16947| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
16948| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
16949| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
16950| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
16951| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
16952| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
16953| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
16954| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
16955| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
16956| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
16957| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
16958| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
16959| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
16960| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
16961| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
16962|
16963| OSVDB - http://www.osvdb.org:
16964| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
16965| [96077] Apache CloudStack Global Settings Multiple Field XSS
16966| [96076] Apache CloudStack Instances Menu Display Name Field XSS
16967| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
16968| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
16969| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
16970| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
16971| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
16972| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
16973| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
16974| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
16975| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
16976| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16977| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
16978| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
16979| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
16980| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
16981| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
16982| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
16983| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
16984| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
16985| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
16986| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
16987| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
16988| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
16989| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
16990| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
16991| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
16992| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
16993| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
16994| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
16995| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
16996| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
16997| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
16998| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
16999| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
17000| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
17001| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
17002| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
17003| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
17004| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
17005| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
17006| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
17007| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
17008| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
17009| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
17010| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
17011| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
17012| [94279] Apache Qpid CA Certificate Validation Bypass
17013| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
17014| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
17015| [94042] Apache Axis JAX-WS Java Unspecified Exposure
17016| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
17017| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
17018| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
17019| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
17020| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
17021| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
17022| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
17023| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
17024| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
17025| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
17026| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
17027| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
17028| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
17029| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
17030| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
17031| [93541] Apache Solr json.wrf Callback XSS
17032| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
17033| [93521] Apache jUDDI Security API Token Session Persistence Weakness
17034| [93520] Apache CloudStack Default SSL Key Weakness
17035| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
17036| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
17037| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
17038| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
17039| [93515] Apache HBase table.jsp name Parameter XSS
17040| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
17041| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
17042| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
17043| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
17044| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
17045| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
17046| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
17047| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
17048| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
17049| [93252] Apache Tomcat FORM Authenticator Session Fixation
17050| [93172] Apache Camel camel/endpoints/ Endpoint XSS
17051| [93171] Apache Sling HtmlResponse Error Message XSS
17052| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
17053| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
17054| [93168] Apache Click ErrorReport.java id Parameter XSS
17055| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
17056| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
17057| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
17058| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
17059| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
17060| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
17061| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
17062| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
17063| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
17064| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
17065| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
17066| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
17067| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
17068| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
17069| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
17070| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
17071| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
17072| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
17073| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
17074| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
17075| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
17076| [93144] Apache Solr Admin Command Execution CSRF
17077| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
17078| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
17079| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
17080| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
17081| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
17082| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
17083| [92748] Apache CloudStack VM Console Access Restriction Bypass
17084| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
17085| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
17086| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
17087| [92706] Apache ActiveMQ Debug Log Rendering XSS
17088| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
17089| [92270] Apache Tomcat Unspecified CSRF
17090| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
17091| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
17092| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
17093| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
17094| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
17095| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
17096| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
17097| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
17098| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
17099| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
17100| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
17101| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
17102| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
17103| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
17104| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
17105| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
17106| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
17107| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
17108| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
17109| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
17110| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
17111| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
17112| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
17113| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
17114| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
17115| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
17116| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
17117| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
17118| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
17119| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
17120| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
17121| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
17122| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
17123| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
17124| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
17125| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
17126| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
17127| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
17128| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
17129| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
17130| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
17131| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
17132| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
17133| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
17134| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
17135| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
17136| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
17137| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
17138| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
17139| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
17140| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
17141| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17142| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17143| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17144| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17145| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17146| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17147| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17148| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17149| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17150| [86901] Apache Tomcat Error Message Path Disclosure
17151| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17152| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17153| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17154| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17155| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17156| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17157| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17158| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17159| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17160| [85430] Apache mod_pagespeed Module Unspecified XSS
17161| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17162| [85249] Apache Wicket Unspecified XSS
17163| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17164| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17165| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17166| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17167| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17168| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17169| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17170| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17171| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17172| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17173| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17174| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17175| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17176| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17177| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17178| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17179| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17180| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17181| [83339] Apache Roller Blogger Roll Unspecified XSS
17182| [83270] Apache Roller Unspecified Admin Action CSRF
17183| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17184| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17185| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17186| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17187| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17188| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17189| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17190| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17191| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17192| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17193| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17194| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17195| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17196| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17197| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17198| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17199| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17200| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17201| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17202| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17203| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17204| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17205| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17206| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17207| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17208| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17209| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17210| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17211| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17212| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17213| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17214| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17215| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17216| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17217| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17218| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17219| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17220| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17221| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17222| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17223| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17224| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17225| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17226| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17227| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17228| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17229| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17230| [77593] Apache Struts Conversion Error OGNL Expression Injection
17231| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17232| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17233| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17234| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17235| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17236| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17237| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17238| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17239| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17240| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17241| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17242| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17243| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17244| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17245| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17246| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17247| [74725] Apache Wicket Multi Window Support Unspecified XSS
17248| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17249| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17250| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17251| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17252| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17253| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17254| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17255| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17256| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17257| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17258| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17259| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17260| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17261| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17262| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17263| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17264| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17265| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17266| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17267| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17268| [73154] Apache Archiva Multiple Unspecified CSRF
17269| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17270| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17271| [72238] Apache Struts Action / Method Names <
17272| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17273| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17274| [71557] Apache Tomcat HTML Manager Multiple XSS
17275| [71075] Apache Archiva User Management Page XSS
17276| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
17277| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
17278| [70924] Apache Continuum Multiple Admin Function CSRF
17279| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
17280| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
17281| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
17282| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
17283| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
17284| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
17285| [69520] Apache Archiva Administrator Credential Manipulation CSRF
17286| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
17287| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
17288| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
17289| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
17290| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
17291| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
17292| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
17293| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
17294| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
17295| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
17296| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
17297| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
17298| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
17299| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
17300| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
17301| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
17302| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
17303| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
17304| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
17305| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
17306| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
17307| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
17308| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
17309| [65054] Apache ActiveMQ Jetty Error Handler XSS
17310| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
17311| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
17312| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
17313| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
17314| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
17315| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
17316| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
17317| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
17318| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
17319| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
17320| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
17321| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
17322| [63895] Apache HTTP Server mod_headers Unspecified Issue
17323| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
17324| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
17325| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
17326| [63140] Apache Thrift Service Malformed Data Remote DoS
17327| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
17328| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
17329| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
17330| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
17331| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
17332| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
17333| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
17334| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
17335| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
17336| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
17337| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
17338| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
17339| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
17340| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
17341| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
17342| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
17343| [60678] Apache Roller Comment Email Notification Manipulation DoS
17344| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
17345| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
17346| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
17347| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
17348| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
17349| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
17350| [60232] PHP on Apache php.exe Direct Request Remote DoS
17351| [60176] Apache Tomcat Windows Installer Admin Default Password
17352| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
17353| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
17354| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
17355| [59944] Apache Hadoop jobhistory.jsp XSS
17356| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
17357| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
17358| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
17359| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
17360| [59019] Apache mod_python Cookie Salting Weakness
17361| [59018] Apache Harmony Error Message Handling Overflow
17362| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
17363| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
17364| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
17365| [59010] Apache Solr get-file.jsp XSS
17366| [59009] Apache Solr action.jsp XSS
17367| [59008] Apache Solr analysis.jsp XSS
17368| [59007] Apache Solr schema.jsp Multiple Parameter XSS
17369| [59006] Apache Beehive select / checkbox Tag XSS
17370| [59005] Apache Beehive jpfScopeID Global Parameter XSS
17371| [59004] Apache Beehive Error Message XSS
17372| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
17373| [59002] Apache Jetspeed default-page.psml URI XSS
17374| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
17375| [59000] Apache CXF Unsigned Message Policy Bypass
17376| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
17377| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
17378| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
17379| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
17380| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
17381| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
17382| [58993] Apache Hadoop browseBlock.jsp XSS
17383| [58991] Apache Hadoop browseDirectory.jsp XSS
17384| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
17385| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
17386| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
17387| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
17388| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
17389| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
17390| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
17391| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
17392| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
17393| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
17394| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
17395| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
17396| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
17397| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
17398| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
17399| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
17400| [58974] Apache Sling /apps Script User Session Management Access Weakness
17401| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
17402| [58931] Apache Geronimo Cookie Parameters Validation Weakness
17403| [58930] Apache Xalan-C++ XPath Handling Remote DoS
17404| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
17405| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
17406| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
17407| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
17408| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
17409| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
17410| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
17411| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
17412| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
17413| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
17414| [58805] Apache Derby Unauthenticated Database / Admin Access
17415| [58804] Apache Wicket Header Contribution Unspecified Issue
17416| [58803] Apache Wicket Session Fixation
17417| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
17418| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
17419| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
17420| [58799] Apache Tapestry Logging Cleartext Password Disclosure
17421| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
17422| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
17423| [58796] Apache Jetspeed Unsalted Password Storage Weakness
17424| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
17425| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
17426| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
17427| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
17428| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
17429| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
17430| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
17431| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
17432| [58775] Apache JSPWiki preview.jsp action Parameter XSS
17433| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17434| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
17435| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
17436| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
17437| [58770] Apache JSPWiki Group.jsp group Parameter XSS
17438| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
17439| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
17440| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
17441| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
17442| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
17443| [58763] Apache JSPWiki Include Tag Multiple Script XSS
17444| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
17445| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
17446| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
17447| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
17448| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
17449| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
17450| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
17451| [58755] Apache Harmony DRLVM Non-public Class Member Access
17452| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
17453| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
17454| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
17455| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
17456| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
17457| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
17458| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
17459| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
17460| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
17461| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
17462| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
17463| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
17464| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
17465| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
17466| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
17467| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
17468| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
17469| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
17470| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
17471| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
17472| [58725] Apache Tapestry Basic String ACL Bypass Weakness
17473| [58724] Apache Roller Logout Functionality Failure Session Persistence
17474| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
17475| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
17476| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
17477| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
17478| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
17479| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
17480| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
17481| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
17482| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
17483| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
17484| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
17485| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
17486| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
17487| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
17488| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
17489| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
17490| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
17491| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
17492| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
17493| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
17494| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
17495| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
17496| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
17497| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
17498| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
17499| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
17500| [58687] Apache Axis Invalid wsdl Request XSS
17501| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
17502| [58685] Apache Velocity Template Designer Privileged Code Execution
17503| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
17504| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
17505| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
17506| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
17507| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
17508| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
17509| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
17510| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
17511| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
17512| [58667] Apache Roller Database Cleartext Passwords Disclosure
17513| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
17514| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
17515| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
17516| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
17517| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
17518| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
17519| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
17520| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
17521| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
17522| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
17523| [56984] Apache Xerces2 Java Malformed XML Input DoS
17524| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
17525| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
17526| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
17527| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
17528| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
17529| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
17530| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
17531| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
17532| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
17533| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
17534| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
17535| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
17536| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
17537| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
17538| [55056] Apache Tomcat Cross-application TLD File Manipulation
17539| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
17540| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
17541| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
17542| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
17543| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
17544| [54589] Apache Jserv Nonexistent JSP Request XSS
17545| [54122] Apache Struts s:a / s:url Tag href Element XSS
17546| [54093] Apache ActiveMQ Web Console JMS Message XSS
17547| [53932] Apache Geronimo Multiple Admin Function CSRF
17548| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
17549| [53930] Apache Geronimo /console/portal/ URI XSS
17550| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
17551| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
17552| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
17553| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
17554| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
17555| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
17556| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
17557| [53380] Apache Struts Unspecified XSS
17558| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
17559| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
17560| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
17561| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
17562| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
17563| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
17564| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
17565| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
17566| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
17567| [51151] Apache Roller Search Function q Parameter XSS
17568| [50482] PHP with Apache php_value Order Unspecified Issue
17569| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
17570| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
17571| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
17572| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
17573| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
17574| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
17575| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
17576| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
17577| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
17578| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
17579| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
17580| [47096] Oracle Weblogic Apache Connector POST Request Overflow
17581| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
17582| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
17583| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
17584| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
17585| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
17586| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
17587| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
17588| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
17589| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
17590| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
17591| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
17592| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
17593| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
17594| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
17595| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
17596| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
17597| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
17598| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
17599| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
17600| [43452] Apache Tomcat HTTP Request Smuggling
17601| [43309] Apache Geronimo LoginModule Login Method Bypass
17602| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
17603| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
17604| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
17605| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
17606| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
17607| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
17608| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
17609| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
17610| [42091] Apache Maven Site Plugin Installation Permission Weakness
17611| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
17612| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
17613| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
17614| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
17615| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
17616| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
17617| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
17618| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
17619| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
17620| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
17621| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
17622| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
17623| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
17624| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
17625| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
17626| [40262] Apache HTTP Server mod_status refresh XSS
17627| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
17628| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
17629| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
17630| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
17631| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
17632| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
17633| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
17634| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
17635| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
17636| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
17637| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
17638| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
17639| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
17640| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
17641| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
17642| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
17643| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
17644| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
17645| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
17646| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
17647| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
17648| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
17649| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
17650| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
17651| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
17652| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
17653| [36080] Apache Tomcat JSP Examples Crafted URI XSS
17654| [36079] Apache Tomcat Manager Uploaded Filename XSS
17655| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
17656| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
17657| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
17658| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
17659| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
17660| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
17661| [34881] Apache Tomcat Malformed Accept-Language Header XSS
17662| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
17663| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
17664| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
17665| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
17666| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
17667| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
17668| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
17669| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
17670| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
17671| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
17672| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
17673| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
17674| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
17675| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
17676| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
17677| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
17678| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
17679| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
17680| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
17681| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
17682| [32724] Apache mod_python _filter_read Freed Memory Disclosure
17683| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
17684| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
17685| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
17686| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
17687| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
17688| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
17689| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
17690| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
17691| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
17692| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
17693| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
17694| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
17695| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
17696| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
17697| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
17698| [24365] Apache Struts Multiple Function Error Message XSS
17699| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
17700| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
17701| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
17702| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
17703| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
17704| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
17705| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
17706| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
17707| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
17708| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
17709| [22459] Apache Geronimo Error Page XSS
17710| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
17711| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
17712| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
17713| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
17714| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
17715| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
17716| [21021] Apache Struts Error Message XSS
17717| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
17718| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
17719| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
17720| [20439] Apache Tomcat Directory Listing Saturation DoS
17721| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
17722| [20285] Apache HTTP Server Log File Control Character Injection
17723| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
17724| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
17725| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
17726| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
17727| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
17728| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
17729| [19821] Apache Tomcat Malformed Post Request Information Disclosure
17730| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
17731| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
17732| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
17733| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
17734| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
17735| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
17736| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
17737| [18233] Apache HTTP Server htdigest user Variable Overfow
17738| [17738] Apache HTTP Server HTTP Request Smuggling
17739| [16586] Apache HTTP Server Win32 GET Overflow DoS
17740| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
17741| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
17742| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
17743| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
17744| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
17745| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
17746| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
17747| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
17748| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
17749| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
17750| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
17751| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
17752| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
17753| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
17754| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
17755| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
17756| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
17757| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
17758| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
17759| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
17760| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
17761| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
17762| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
17763| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
17764| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
17765| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
17766| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
17767| [13304] Apache Tomcat realPath.jsp Path Disclosure
17768| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
17769| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
17770| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
17771| [12848] Apache HTTP Server htdigest realm Variable Overflow
17772| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
17773| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
17774| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
17775| [12557] Apache HTTP Server prefork MPM accept Error DoS
17776| [12233] Apache Tomcat MS-DOS Device Name Request DoS
17777| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
17778| [12231] Apache Tomcat web.xml Arbitrary File Access
17779| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
17780| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
17781| [12178] Apache Jakarta Lucene results.jsp XSS
17782| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
17783| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
17784| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
17785| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
17786| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
17787| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
17788| [10471] Apache Xerces-C++ XML Parser DoS
17789| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
17790| [10068] Apache HTTP Server htpasswd Local Overflow
17791| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
17792| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
17793| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
17794| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
17795| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
17796| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
17797| [9717] Apache HTTP Server mod_cookies Cookie Overflow
17798| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
17799| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
17800| [9714] Apache Authentication Module Threaded MPM DoS
17801| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
17802| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
17803| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
17804| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
17805| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
17806| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
17807| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
17808| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
17809| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
17810| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
17811| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
17812| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
17813| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
17814| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
17815| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
17816| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
17817| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
17818| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
17819| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
17820| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
17821| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
17822| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
17823| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
17824| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
17825| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
17826| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
17827| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
17828| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
17829| [9208] Apache Tomcat .jsp Encoded Newline XSS
17830| [9204] Apache Tomcat ROOT Application XSS
17831| [9203] Apache Tomcat examples Application XSS
17832| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
17833| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
17834| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
17835| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
17836| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
17837| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
17838| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
17839| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
17840| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
17841| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
17842| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
17843| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
17844| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
17845| [7611] Apache HTTP Server mod_alias Local Overflow
17846| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
17847| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
17848| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
17849| [6882] Apache mod_python Malformed Query String Variant DoS
17850| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
17851| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
17852| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
17853| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
17854| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
17855| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
17856| [5526] Apache Tomcat Long .JSP URI Path Disclosure
17857| [5278] Apache Tomcat web.xml Restriction Bypass
17858| [5051] Apache Tomcat Null Character DoS
17859| [4973] Apache Tomcat servlet Mapping XSS
17860| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
17861| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
17862| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
17863| [4568] mod_survey For Apache ENV Tags SQL Injection
17864| [4553] Apache HTTP Server ApacheBench Overflow DoS
17865| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
17866| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
17867| [4383] Apache HTTP Server Socket Race Condition DoS
17868| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
17869| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
17870| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
17871| [4231] Apache Cocoon Error Page Server Path Disclosure
17872| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
17873| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
17874| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
17875| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
17876| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
17877| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
17878| [3322] mod_php for Apache HTTP Server Process Hijack
17879| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
17880| [2885] Apache mod_python Malformed Query String DoS
17881| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
17882| [2733] Apache HTTP Server mod_rewrite Local Overflow
17883| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
17884| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
17885| [2149] Apache::Gallery Privilege Escalation
17886| [2107] Apache HTTP Server mod_ssl Host: Header XSS
17887| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
17888| [1833] Apache HTTP Server Multiple Slash GET Request DoS
17889| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
17890| [872] Apache Tomcat Multiple Default Accounts
17891| [862] Apache HTTP Server SSI Error Page XSS
17892| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
17893| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
17894| [845] Apache Tomcat MSDOS Device XSS
17895| [844] Apache Tomcat Java Servlet Error Page XSS
17896| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
17897| [838] Apache HTTP Server Chunked Encoding Remote Overflow
17898| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
17899| [775] Apache mod_python Module Importing Privilege Function Execution
17900| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
17901| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
17902| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
17903| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
17904| [637] Apache HTTP Server UserDir Directive Username Enumeration
17905| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
17906| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
17907| [562] Apache HTTP Server mod_info /server-info Information Disclosure
17908| [561] Apache Web Servers mod_status /server-status Information Disclosure
17909| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
17910| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
17911| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
17912| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
17913| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
17914| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
17915| [376] Apache Tomcat contextAdmin Arbitrary File Access
17916| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
17917| [222] Apache HTTP Server test-cgi Arbitrary File Access
17918| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
17919| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
17920|_
17921445/tcp closed microsoft-ds
17922465/tcp open ssl/smtp Exim smtpd 4.92
17923| vulners:
17924| cpe:/a:exim:exim:4.92:
17925| CVE-2019-15846 10.0 https://vulners.com/cve/CVE-2019-15846
17926| CVE-2019-13917 10.0 https://vulners.com/cve/CVE-2019-13917
17927|_ CVE-2019-16928 7.5 https://vulners.com/cve/CVE-2019-16928
17928| vulscan: VulDB - https://vuldb.com:
17929| [141327] Exim up to 4.92.1 Backslash privilege escalation
17930| [138827] Exim up to 4.92 Expansion Code Execution
17931| [135932] Exim up to 4.92 privilege escalation
17932| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
17933|
17934| MITRE CVE - https://cve.mitre.org:
17935| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
17936| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
17937| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
17938| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
17939| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
17940| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
17941| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
17942| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
17943| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
17944| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
17945| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
17946| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
17947| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
17948| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
17949| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
17950| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
17951|
17952| SecurityFocus - https://www.securityfocus.com/bid/:
17953| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
17954| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
17955| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
17956| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
17957| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
17958| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
17959| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
17960| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
17961| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
17962| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
17963| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
17964| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
17965| [45308] Exim Crafted Header Remote Code Execution Vulnerability
17966| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
17967| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
17968| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
17969| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
17970| [17110] sa-exim Unauthorized File Access Vulnerability
17971| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
17972| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
17973| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
17974| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
17975| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
17976| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
17977| [6314] Exim Internet Mailer Format String Vulnerability
17978| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
17979| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
17980| [2828] Exim Format String Vulnerability
17981| [1859] Exim Buffer Overflow Vulnerability
17982|
17983| IBM X-Force - https://exchange.xforce.ibmcloud.com:
17984| [84758] Exim sender_address parameter command execution
17985| [84015] Exim command execution
17986| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
17987| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
17988| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
17989| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
17990| [67455] Exim DKIM processing code execution
17991| [67299] Exim dkim_exim_verify_finish() format string
17992| [65028] Exim open_log privilege escalation
17993| [63967] Exim config file privilege escalation
17994| [63960] Exim header buffer overflow
17995| [59043] Exim mail directory privilege escalation
17996| [59042] Exim MBX symlink
17997| [52922] ikiwiki teximg plugin information disclosure
17998| [34265] Exim spamd buffer overflow
17999| [25286] Sa-exim greylistclean.cron file deletion
18000| [22687] RHSA-2005:025 updates for exim not installed
18001| [18901] Exim dns_build_reverse buffer overflow
18002| [18764] Exim spa_base64_to_bits function buffer overflow
18003| [18763] Exim host_aton buffer overflow
18004| [16079] Exim require_verify buffer overflow
18005| [16077] Exim header_check_syntax buffer overflow
18006| [16075] Exim sender_verify buffer overflow
18007| [13067] Exim HELO or EHLO command heap overflow
18008| [10761] Exim daemon.c format string
18009| [8194] Exim configuration file -c command-line argument buffer overflow
18010| [7738] Exim allows attacker to hide commands in localhost names using pipes
18011| [6671] Exim "
18012| [1893] Exim MTA allows local users to gain root privileges
18013|
18014| Exploit-DB - https://www.exploit-db.com:
18015| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
18016| [15725] Exim 4.63 Remote Root Exploit
18017| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
18018| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
18019| [796] Exim <= 4.42 Local Root Exploit
18020| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
18021|
18022| OpenVAS (Nessus) - http://www.openvas.org:
18023| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
18024|
18025| SecurityTracker - https://www.securitytracker.com:
18026| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
18027| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
18028| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
18029| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
18030| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
18031| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
18032| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
18033| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
18034| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
18035| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
18036| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
18037| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
18038|
18039| OSVDB - http://www.osvdb.org:
18040| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
18041| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
18042| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
18043| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
18044| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
18045| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
18046| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
18047| [70696] Exim log.c open_log() Function Local Privilege Escalation
18048| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
18049| [69685] Exim string_format Function Remote Overflow
18050| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
18051| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
18052| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
18053| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
18054| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
18055| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
18056| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
18057| [12726] Exim -be Command Line Option host_aton Function Local Overflow
18058| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
18059| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
18060| [10032] libXpm CreateXImage Function Integer Overflow
18061| [7160] Exim .forward :include: Option Privilege Escalation
18062| [6479] Vexim COOKIE Authentication Credential Disclosure
18063| [6478] Vexim Multiple Parameter SQL Injection
18064| [5930] Exim Parenthesis File Name Filter Bypass
18065| [5897] Exim header_syntax Function Remote Overflow
18066| [5896] Exim sender_verify Function Remote Overflow
18067| [5530] Exim Localhost Name Arbitrary Command Execution
18068| [5330] Exim Configuration File Variable Overflow
18069| [1855] Exim Batched SMTP Mail Header Format String
18070|_
180711167/tcp open r1soft-cdp R1Soft Continuous Data Protection Agent (name: NOTFOUND)
18072| vulscan: VulDB - https://vuldb.com:
18073| [7020] SonicWALL Continuous Data Protection 6.x 'label delAppl - Username' cross site scripting
18074| [7019] SonicWALL Continuous Data Protection 6.x 'label delAppl - Username' cross site scripting
18075| [7018] SonicWALL Continuous Data Protection 6.x 'label delAppl - Username' cross site scripting
18076| [47807] IBM Tivoli Continuous Data Protection For Files 3.1.4.0 login/FilepathLogin.html cross site scripting
18077| [139448] Magento up to 2.1.17/2.2.8/2.3.1 Metadata HTTP Request information disclosure
18078| [134515] PharStreamWrapper up to 2.1.0/3.1.0 on TYPO3 Protection Mechanism PharMetaDataInterceptor privilege escalation
18079| [134075] Symantec Endpoint Protection up to 12.1 RU6 MP9/14.2 on Mac CSV Data Injection privilege escalation
18080| [131694] Open Ticket Request System 5.0.31/6.0.13 Agent Preferences Table Data Loss denial of service
18081| [127093] VMware vSphere Data Protection up to 6.0.8/6.1.9 OS Command Injection privilege escalation
18082| [127092] VMware vSphere Data Protection up to 6.0.8/6.1.9 Java Management Client Private Key information disclosure
18083| [127091] VMware vSphere Data Protection up to 6.0.8/6.1.9 URL Open Redirect
18084| [127090] VMware vSphere Data Protection up to 6.0.8/6.1.9 Code Execution
18085| [126410] Dell EMC Integrated Data Protection Appliance 2.0/2.1/2.2 Default Credentials weak authentication
18086| [126003] Arcserve Unified Data Protection up to 6.5 Update 4 domain.jsp cross site scripting
18087| [126002] Arcserve Unified Data Protection up to 6.5 Update 4 UdpHttpService XML External Entity
18088| [126001] Arcserve Updates up to 6.5 Data Protection FullUpdateSettings.xml Update information disclosure
18089| [126000] Arcserve Unified Data Protection up to 6.5 Update 4 EdgeServiceImpl information disclosure
18090| [122759] Dell EMC Data Protection Advisor REST API XML Request XML External Entity
18091| [112246] Trend Micro Smart Protection Server up to 3.2 Database Encryption privilege escalation
18092| [108262] EMC Data Protection Advisor up to 6.2.x DPA Application Service privilege escalation
18093| [106746] EMC Data Protection Advisor 6.3.x/6.4.x Default Credentials weak authentication
18094| [103372] EMC Data Protection Advisor up to 6.3 directory traversal
18095| [103371] EMC Data Protection Advisor up to 6.3 sql injection
18096| [102062] VMware vSphere Data Protection 5.5.x /5.8.x/6.0.x/6.1.x Credential Storage weak encryption
18097| [102061] VMware vSphere Data Protection 5.5.x /5.8.x/6.0.x/6.1.x Deserialization privilege escalation
18098| [96089] EMC Data Protection Advisor directory traversal
18099| [94620] VMware vSphere Data Protection 5.5.x/5.8.x/6.0.x/6.1.x SSH Key weak authentication
18100| [88034] NTT DATA TERASOLUNA Server Framework up to 2.0.6.1 File Extension Protection privilege escalation
18101| [87773] Symantec Critical System Protection/Data Center Security privilege escalation
18102| [87772] Symantec Critical System Protection/Data Center Security Management Server directory traversal
18103| [87771] Symantec Critical System Protection/Data Center Security Management Server directory traversal
18104| [87770] Symantec Critical System Protection/Data Center Security Management Server sql injection
18105| [82402] SAP HANA Data Provisioning Agent privilege escalation
18106| [82401] SAP HANA Data Provisioning Agent Crash denial of service
18107| [81029] IBM Tivoli Storage Manager for Virtual Environments Data Protection URL privilege escalation
18108| [80028] IBM Tivoli Storage Manager for Virtual Environments up to 7.1 Data Protection Extension information disclosure
18109| [80027] IBM Tivoli Storage Manager for Virtual Environments up to 7.1 Data Protection Extension Command privilege escalation
18110| [68961] VMware vSphere Data Protection up to 5.5.8/5.7 SSL Certificate weak authentication
18111| [68049] VMware vSphere Data Protection up to 5.5.6 Java API Password information disclosure
18112| [66792] IBM Tivoli Storage FlashCopy Manager Data Protection unknown vulnerability
18113| [12322] Symantec Endpoint Protection Manager 11/12 SQL Database sql injection
18114| [11280] EMC Data Protection Manager Appliance 3.2.4.1/3.5 cross site scripting
18115| [11279] EMC Data Protection Manager Appliance 3.2.4.1/3.5 SSL/TLS Handshake NULL Pointer Dereference privilege escalation
18116| [10317] Apple iOS up to 6.1.4 Data Protection weak authentication
18117| [63257] EMC Data Protection Advisor up to 5.8 directory traversal
18118| [6966] RSA Data Protection Manager Appliance up to 3.2 cross site scripting
18119| [6965] RSA Data Protection Manager Appliance up to 3.2 Account weak authentication
18120| [6353] Apple iOS up to 5.1.1 Mail Attachment Data Protection weak authentication
18121| [60617] EMC Data Protection Advisor up to 5.5 Integer denial of service
18122| [60616] EMC Data Protection Advisor up to 5.5 DPA_Utilities.cProcessAuthenticationData denial of service
18123| [44781] IBM Tivoli Storage Manager Client up to 5.4.1.1 Data Protection dsmcat.exe memory corruption
18124| [37778] McAfee ePolicy Orchestrator/ProtectionPilot Management Agent Integer memory corruption
18125| [37777] McAfee ePolicy Orchestrator/ProtectionPilot Management Agent Heap-based memory corruption
18126| [37776] McAfee ePolicy Orchestrator/ProtectionPilot Management Agent Stack-based memory corruption
18127| [37775] McAfee ePolicy Orchestrator/ProtectionPilot Management Agent Stack-Based memory corruption
18128| [3034] Oracle Database 10.2.1/10.2.2/10.2.3 Intelligent Agent denial of service
18129|
18130| MITRE CVE - https://cve.mitre.org:
18131| [CVE-2009-1334] Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter.
18132| [CVE-2007-5819] IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.
18133| [CVE-2006-4128] Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message.
18134| [CVE-2006-3457] Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.
18135| [CVE-2013-4869] Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and the IM & Presence Service in Cisco Unified Presence Server through 9.1(2) use the same CTI and database-encryption key across different customers' installations, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key, aka Bug IDs CSCsc69187 and CSCui01756. NOTE: the vendor has provided a statement that the "hard-coded static encryption key is considered a hardening issue rather than a vulnerability, and as such, has a CVSS score of 0/0."
18136| [CVE-2013-1196] The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Directory Agent, Application Networking Manager (ANM), Prime Network Control System, Prime LAN Management Solution (LMS), Prime Collaboration, Unified Provisioning Manager, Network Services Manager, Prime Data Center Network Manager (DCNM), and Quad does not properly validate input, which allows local users to obtain root privileges via unspecified vectors, aka Bug IDs CSCug29384, CSCug13866, CSCug29400, CSCug29406, CSCug29411, CSCug29413, CSCug29416, CSCug29418, CSCug29422, CSCug29425, and CSCug29426, a different issue than CVE-2013-1125.
18137| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
18138| [CVE-2013-0284] Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communicating with servers operated by New Relic, which allows remote attackers to obtain sensitive information (database credentials and SQL statements) by sniffing the network and deserializing the data.
18139| [CVE-2012-5851] html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a crafted string, aka rdar problem 12019108.
18140| [CVE-2012-4616] Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecified vectors.
18141| [CVE-2012-4613] EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 does not properly restrict the number of authentication attempts by a user account, which makes it easier for local users to bypass intended access restrictions via a brute-force attack.
18142| [CVE-2012-4612] Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
18143| [CVE-2012-4588] McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1 record all invalid usernames presented in failed login attempts, and place them on a list of accounts that an administrator may wish to unlock, which allows remote attackers to cause a denial of service (excessive list size in the EMM Database) via a long sequence of login attempts with different usernames.
18144| [CVE-2012-4559] Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
18145| [CVE-2012-3888] The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data.
18146| [CVE-2012-3746] UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem.
18147| [CVE-2012-3734] Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
18148| [CVE-2012-3731] Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors.
18149| [CVE-2012-2191] IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
18150| [CVE-2012-2006] Unspecified vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to modify data or cause a denial of service via unknown vectors.
18151| [CVE-2012-1462] The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file containing an invalid block of data at the beginning. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ZIP parser implementations.
18152| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
18153| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
18154| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
18155| [CVE-2012-0407] Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
18156| [CVE-2012-0406] The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password.
18157| [CVE-2012-0289] Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
18158| [CVE-2011-4061] Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.
18159| [CVE-2011-2397] The Agent service in Iron Mountain Connected Backup 8.4 allows remote attackers to execute arbitrary code via a crafted opcode 13 request that triggers use of the LaunchCompoundFileAnalyzer class to send request data to the System.getRunTime.exec method.
18160| [CVE-2011-2201] The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
18161| [CVE-2011-1742] EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information by reading this file.
18162| [CVE-2011-1718] The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 before SP3 CR2 does not properly handle multi-line headers, which allows remote authenticated users to conduct impersonation attacks and gain privileges via crafted data.
18163| [CVE-2011-1433] The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.
18164| [CVE-2011-1420] EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
18165| [CVE-2011-0994] Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.
18166| [CVE-2010-5162] ** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute.
18167| [CVE-2010-4413] Unspecified vulnerability in the Scheduler Agent component in Oracle Database Server 11.1.0.7 and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
18168| [CVE-2010-3870] The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.
18169| [CVE-2010-3389] The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
18170| [CVE-2010-3261] Directory traversal vulnerability in RSA Authentication Agent 7.0 before P2 for Web allows remote attackers to read unspecified data via unknown vectors.
18171| [CVE-2010-3073] SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
18172| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
18173| [CVE-2009-5117] The Web Post Protection feature in McAfee Host Data Loss Prevention (DLP) 3.x before 3.0.100.10 and 9.x before 9.0.0.422, when HTTP Capture mode is enabled, allows local users to obtain sensitive information from web traffic by reading unspecified files.
18174| [CVE-2009-4326] The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
18175| [CVE-2009-3027] VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5
18176| [CVE-2009-2752] IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
18177| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
18178| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
18179| [CVE-2008-5099] Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through 1.0.3 displays the value of the OpenBoot PROM (OBP) security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l" command, a different vulnerability than CVE-2008-4992.
18180| [CVE-2008-4801] Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM)
18181| [CVE-2008-3684] Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service in the server in EMC Documentum ApplicationXtender Workflow, possibly 5.40 SP1 and earlier, allows remote attackers to execute arbitrary code via crafted packet data to TCP port 2606.
18182| [CVE-2008-2122] IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from closed sockets.
18183| [CVE-2008-2026] Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in RSA Authentication Agent 5.3.0.258, and other versions before 5.3.3.378, allows remote attackers to inject arbitrary web script or HTML via a URL-encoded postdata parameter. NOTE: this is different than CVE-2005-1118, but it might be the same as CVE-2008-1470.
18184| [CVE-2008-1855] FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
18185| [CVE-2008-1470] Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID RSA Authentication Agent 5.3, and possibly earlier, allows remote attackers to conduct cross-site scripting (XSS) attacks via the postdata parameter, due to an incomplete fix for CVE-2005-1118.
18186| [CVE-2008-1438] Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.
18187| [CVE-2007-5502] The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness.
18188| [CVE-2007-5282] Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library Standard and Web Edition 04-00 and 04-01, might allow remote attackers to cause a denial of service (agent process crash) via invalid data from clients other than Cosminexus Manager.
18189| [CVE-2007-3825] Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve products, and BrightStor Enterprise Backup, allow remote attackers to execute arbitrary code by sending certain data to unspecified RPC procedures.
18190| [CVE-2007-3216] Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2) rxsSetUserInfo, (3) rxsRenameUser, (4) rxsSetMessageLogSettings, (5) rxsExportData, (6) rxsSetServerOptions, (7) rxsRenameFile, (8) rxsACIManageSend, (9) rxsExportUser, (10) rxsImportUser, (11) rxsMoveUserData, (12) rxsUseLicenseIni, (13) rxsLicGetSiteId, (14) rxsGetLogFileNames, (15) rxsGetBackupLog, (16) rxsBackupComplete, (17) rxsSetDataProtectionSecurityData, (18) rxsSetDefaultConfigName, (19) rxsGetMessageLogSettings, (20) rxsHWDiskGetTotal, (21) rxsHWDiskGetFree, (22) rxsGetSubDirs, (23) rxsGetServerDBPathName, (24) rxsSetServerOptions, (25) rxsDeleteFile, (26) rxsACIManageSend, (27) rxcReadBackupSetList, (28) rxcWriteConfigInfo, (29) rxcSetAssetManagement, (30) rxcWriteFileListForRestore, (31) rxcReadSaveSetProfile, (32) rxcInitSaveSetProfile, (33) rxcAddSaveSetNextAppList, (34) rxcAddSaveSetNextFilesPathList, (35) rxcAddNextBackupSetIncWildCard, (36) rxcGetRevisions, (37) rxrAddMovedUser, (38) rxrSetClientVersion, or (39) rxsSetDataGrowthScheduleAndFilter commands.
18191| [CVE-2007-2385] The Yahoo! UI framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18192| [CVE-2007-2384] The Script.aculo.us framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18193| [CVE-2007-2383] The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18194| [CVE-2007-2382] The Moo.fx framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18195| [CVE-2007-2381] The MochiKit framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18196| [CVE-2007-2380] The Microsoft Atlas framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18197| [CVE-2007-2379] The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18198| [CVE-2007-2378] The Google Web Toolkit (GWT) framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18199| [CVE-2007-2377] The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18200| [CVE-2007-2376] The Dojo framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
18201| [CVE-2007-2136] Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed.
18202| [CVE-2007-2109] Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) Rules Manager and Expression Filter components (DB02) and (2) Oracle Streams (DB06). Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a race condition in the RLMGR_TRUNCATE_MAINT trigger in the Rules Manager and Expression Filter components changing the AUTHID of a package from DEFINER to CURRENT_USER after a TRUNCATE call, and DB06 is for SQL injection in the DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER procedure, which is later passed to the DBMS_APPLY_ADM_INTERNAL.ALTER_APPLY procedure, aka "Oracle Streams".
18203| [CVE-2007-0695] Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
18204| [CVE-2007-0169] Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allow remote attackers to execute arbitrary code via RPC requests with crafted data for opnums (1) 0x2F and (2) 0x75 in the (a) Message Engine RPC service, or opnum (3) 0xCF in the Tape Engine service.
18205| [CVE-2007-0168] The Tape Engine service in Computer Associates (CA) BrightStor ARCserve Backup 9.01 through 11.5, Enterprise Backup 10.5, and CA Server/Business Protection Suite r2 allows remote attackers to execute arbitrary code via certain data in opnum 0xBF in an RPC request, which is directly executed.
18206| [CVE-2007-0068] IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
18207| [CVE-2006-7037] Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to (1) bypass password protection by replacing the password field with a hash of a known password, (2) modify timestamps to avoid detection of modifications, (3) remove locks by removing the "is-locked" attribute, and (4) view locked data, which is stored in plaintext.
18208| [CVE-2006-6476] FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation).
18209| [CVE-2006-5274] Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
18210| [CVE-2006-5273] Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
18211| [CVE-2006-5272] Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.
18212| [CVE-2006-5271] Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.
18213| [CVE-2006-4430] The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
18214| [CVE-2006-4201] Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent via unspecified vectors related to authentication and input validation.
18215| [CVE-2006-1872] Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07.
18216| [CVE-2006-0960] uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778.
18217| [CVE-2005-4737] IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.
18218| [CVE-2005-4726] MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain.
18219| [CVE-2005-4525] SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch.
18220| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
18221| [CVE-2005-3886] Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.
18222| [CVE-2005-3441] Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.
18223| [CVE-2005-3390] The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
18224| [CVE-2005-3105] The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
18225| [CVE-2005-3048] Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
18226| [CVE-2005-3010] Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php.
18227| [CVE-2005-2711] ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.
18228| [CVE-2005-1471] Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.
18229| [CVE-2005-1118] Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter.
18230| [CVE-2005-0082] The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.
18231| [CVE-2005-0039] Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.
18232| [CVE-2004-2357] The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
18233| [CVE-2004-1112] The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
18234| [CVE-2003-1449] Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.
18235| [CVE-2003-0449] Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
18236| [CVE-2003-0130] The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
18237| [CVE-2002-1230] NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
18238| [CVE-2001-0903] Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.
18239| [CVE-2001-0107] Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang.
18240| [CVE-2000-1244] Computer Associates InoculateIT Agent for Exchange Server does not recognize an e-mail virus attachment if the SMTP header is missing the "From" field, which allows remote attackers to bypass virus protection.
18241| [CVE-1999-1404] IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
18242|
18243| SecurityFocus - https://www.securityfocus.com/bid/:
18244| [56601] Dell SonicWALL Continuous Data Protection (CDP) Multiple HTML Injection Vulnerabilities
18245| [34513] IBM Tivoli Continuous Data Protection for Files Cross Site Scripting Vulnerability
18246| [26293] IBM Tivoli Continuous Data Protection for Files Insecure Default Permissions Vulnerability
18247| [103376] EMC Data Protection Advisor Local Hardcoded Credentials Information Disclosure Vulnerability
18248| [102363] VMware vSphere Data Protection CVE-2017-15549 Arbitrary File Upload Vulnerability
18249| [102358] VMware vSphere Data Protection CVE-2017-15550 Directory Traversal Vulnerability
18250| [102352] VMware vSphere Data Protection CVE-2017-15548 Authentication Bypass Vulnerability
18251| [101008] EMC Data Protection Advisor CVE-2017-10955 Remote Command Injection Vulnerability
18252| [100846] EMC Data Protection Advisor CVE-2017-8013 Hardcoded Password Information Disclosure Vulnerability
18253| [99487] EMC Data Protection Advisor Directory Traversal and SQL Injection Vulnerabilities
18254| [98939] VMware vSphere Data Protection CVE-2017-4914 Command Execution Vulnerability
18255| [98936] VMware vSphere Data Protection CVE-2017-4917 Information Disclosure Vulnerability
18256| [97156] PuTTY 'ssh_agent_channel_data()' Function Integer Overflow Vulnerability
18257| [95833] EMC Data Protection Advisor CVE-2016-8211 Directory Traversal Vulnerability
18258| [94990] VMware vSphere Data Protection CVE-2016-7456 Authentication Bypass Vulnerability
18259| [74845] Arcserve Unified Data Protection CVE-2015-4068 Multiple Directory Traversal Vulnerabilities
18260| [74838] Arcserve Unified Data Protection CVE-2015-4069 Multiple Information Disclosure Vulnerabilities
18261| [72367] VMware vSphere Data Protection CVE-2014-4632 Certificate Validation Security Bypass Vulnerability
18262| [70709] VMware vSphere Data Protection CVE-2014-4624 Information Disclosure Vulnerability
18263| [68228] EMC RSA BSAFE Toolkits and RSA Data Protection Manager Predictable Random Number Generator Weakness
18264| [68198] G Data Total Protection CVE-2014-3752 Local Arbitrary Code Execution Vulnerability
18265| [63867] EMC RSA Data Protection Manager Appliance CVE-2013-3288 Cross Site Scripting Vulnerability
18266| [57046] EMC Data Protection Advisor CVE-2012-4616 Directory Traversal Vulnerability
18267| [56740] Safend Data Protector Agent Multiple Local Security Vulnerabilities
18268| [56508] EMC RSA Data Protection Manager CVE-2012-4613 Authentication Bypass Vulnerability
18269| [56506] EMC RSA Data Protection Manager CVE-2012-4612 Cross Site Scripting Vulnerability
18270| [53164] RETIRED: EMC Data Protection Advisor Multiple Denial of Service Vulnerabilities
18271| [52833] EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
18272| [48912] EMC Data Protection Advisor Account Credentials Local Information Disclosure Vulnerability
18273| [47036] EMC Data Protection Advisor Collector for Solaris SPARC Insecure File Permissions Vulnerability
18274| [45845] Oracle Database Server CVE-2010-4413 Remote Scheduler Agent Vulnerability
18275| [19495] HP OpenView Storage Data Protector Backup Agent Remote Arbitrary Command Execution Vulnerability
18276| [19248] Symantec On-Demand Protection Encrypted Data Information Disclosure Vulnerability
18277| [15977] Sygate Protection Agent Local Unauthorized Access Vulnerability
18278| [11659] Cisco Security Agent Buffer Overflow Protection Bypass Vulnerability
18279| [7915] Progress Database DBAgent InstallDir Local Privilege Elevation Vulnerability
18280| [3722] Microsoft Excel Spreadsheet Data Password Protection Bypass Vulnerability
18281|
18282| IBM X-Force - https://exchange.xforce.ibmcloud.com:
18283| [49872] IBM Tivoli Continuous Data Protection for Files reason parameter cross-site scripting
18284| [38215] IBM Tivoli Continuous Data Protection for Files weak security
18285| [80810] EMC Data Protection Advisor Web UI directory traversal
18286| [80521] Safend Data Protector Agent service paths privilege escalation
18287| [80519] Wave Safend Data Protector Agent log file information disclosure
18288| [80059] EMC RSA Data Protection Manager security bypass
18289| [80058] RSA Data Protection Manager cross-site scripting
18290| [75315] HP Insight Management Agents data manipulation
18291| [74484] EMC Data Protection Advisor DPA denial of service
18292| [74482] EMC Data Protection Advisor DPA denial of service
18293| [68873] EMC Data Protection Advisor credentials information disclosure
18294| [66323] EMC Data Protection Advisor Collector permissions privilege escalation
18295| [64759] Oracle Database Scheduler Agent unspecified
18296| [64414] OCF Resource Agents SAPDatabase privilege escalation
18297| [42108] Microsoft Malware Protection Engine data structure denial of service
18298| [32928] Agent Manager database connection failure
18299| [28348] HP OpenView Storage Data Protector Backup Agent command execution
18300| [23730] Sygate Protection Agent smcgui.exe gain access
18301| [22775] IBM DB2 Universal Database db2agents denial of service
18302| [20098] RSA Authentication Agent postdata parameter cross-site scripting
18303| [18037] Cisco Security Agent (CSA) bypass buffer overflow protection
18304| [12301] Progress Database _dbagent allows attacker to gain privileges
18305| [5457] Sniffer Agent transfers data in plaintext
18306|
18307| Exploit-DB - https://www.exploit-db.com:
18308| [30211] EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet RCE
18309| [18688] EMC Data Protection Advisor 5.8.1 - Denial of Service
18310| [31131] PK-Designs PKs Movie Database 3.0.3 'index.php' SQL Injection and Cross-Site Scripting Vulnerabilities
18311| [31082] Liferay Enterprise Portal 4.3.6 User-Agent HTTP Header Cross Site Scripting Vulnerability
18312| [31050] Firebird <= 2.0.3 Relational Database 'protocol.cpp' XDR Protocol Remote Memory Corruption Vulnerability
18313| [31010] Oracle Database 10 g XML DB XDB.XDB_PITRIG_PKG Package PITRIG_TRUNCATE Function Overflow
18314| [30809] Sentinel Protection Server 7.x/Keys Server 1.0.3 Directory Traversal Vulnerability
18315| [30773] Microsoft Jet Database Engine MDB File Parsing Remote Buffer Overflow Vulnerability
18316| [30746] Computer Associates SiteMinder Web Agent Smpwservices.FCC Cross Site Scripting Vulnerability
18317| [30599] WebBatch webbatch.exe dumpinputdata Variable Remote Information Disclosure
18318| [30567] Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
18319| [30493] Microsoft XML Core Services <= 6.0 SubstringData Integer Overflow Vulnerability
18320| [30469] Red Hat CloudForms Management Engine 5.1 - agent/linuxpkgs Path Traversal
18321| [30295] Oracle Database SQL Compiler Views Unauthorized Manipulation
18322| [30224] Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
18323| [30163] Blue Coat Systems K9 Web Protection 32.36 Remote Buffer Overflow Vulnerability
18324| [30153] My Databook diary.php year Parameter XSS
18325| [30152] My Databook diary.php delete Parameter SQL Injection
18326| [30039] Multiple Personal Firewall Products - Local Protection Mechanism Bypass Vulnerability
18327| [30024] LibEXIF 0.6.x - Exif_Data_Load_Data_Entry Remote Integer Overflow Vulnerability
18328| [30008] Cisco Prime Data Center Network Manager - Arbitrary File Upload
18329| [29978] Campsite 2.6.1 DatabaseObject.php g_documentRoot Parameter Remote File Inclusion
18330| [29970] Campsite 2.6.1 ArticleData.php g_documentRoot Parameter Remote File Inclusion
18331| [29931] ManageEngine Password Manager Pro Build 5401 Database Remote Unauthorized Access Vulnerability
18332| [29920] Uptime Agent 5.0.1 - Stack Overflow Vulnerability
18333| [29866] PHP-Nuke 8.0 .3.3b SQL Injection Protection Bypass and Multiple SQL Injection Vulnerabilities
18334| [29860] ZoneAlarm 6.1.744.001/6.5.737.000 Vsdatant.SYS Driver Local Denial of Service Vulnerability
18335| [29812] DesktopCentral AgentLogUpload Arbitrary File Upload
18336| [29767] Zyxel Router 3.40 Zynos SMB Data Handling Denial of Service Vulnerability
18337| [29695] Comodo Firewall Pro 2.4.x - Local Protection Mechanism Bypass Vulnerability
18338| [29653] Active Calendar 1.2 data/mysqlevents.php css Parameter XSS
18339| [29652] Active Calendar 1.2 data/y_3.php css Parameter XSS
18340| [29651] Active Calendar 1.2 data/y_2.php css Parameter XSS
18341| [29650] Active Calendar 1.2 data/m_4.php css Parameter XSS
18342| [29649] Active Calendar 1.2 data/m_3.php css Parameter XSS
18343| [29648] Active Calendar 1.2 data/m_2.php css Parameter XSS
18344| [29647] Active Calendar 1.2 data/js.php css Parameter XSS
18345| [29646] Active Calendar 1.2 data/flatevents.php css Parameter XSS
18346| [29567] Adobe ColdFusion 6/7 User_Agent Error Page Cross-Site Scripting Vulnerability
18347| [29078] 20/20 Applications Data Shed 1.0 listings.asp Multiple Parameter SQL Injection
18348| [29077] 20/20 Applications Data Shed 1.0 f-email.asp itemID Parameter SQL Injection
18349| [29054] Image gallery with Access Database default.asp Multiple Parameter SQL Injection
18350| [29053] Image gallery with Access Database dispimage.asp id Parameter SQL Injection
18351| [28973] HP Data Protector Cell Request Service Buffer Overflow
18352| [28968] Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
18353| [28899] NewP News Publishing System 1.0 Class.Database.PHP Remote File Include Vulnerability
18354| [28872] Actionpoll 1.1.1 db/PollDB.php CONFIG_DATAREADERWRITER Parameter Remote File Inclusion
18355| [28871] Actionpoll 1.1.1 db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion
18356| [28809] HP LoadRunner magentproc.exe Overflow
18357| [28464] VisualShapers EzContents 2.0.3 Headeruserdata.PHP SQL Injection Vulnerability
18358| [28416] Mambo EstateAgent 1.0.2 Component mosConfig_absolute_path Remote File Include Vulnerability
18359| [28334] Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
18360| [28332] Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
18361| [28303] X-Scripts X-Protection 1.10 Protect.PHP SQL Injection Vulnerability
18362| [28244] Microsoft Internet Explorer 6.0 DataSourceControl Denial of Service Vulnerability
18363| [28196] Microsoft Internet Explorer 6.0 DirectAnimation.DAUserData Denial of Service Vulnerability
18364| [28194] Microsoft Internet Explorer 6 RDS.DataControl Denial of Service Vulnerability
18365| [28175] Sophos Web Protection Appliance - Multiple Vulnerabilities
18366| [28097] Dating Agent 4.7.1 - Multiple Input Validation Vulnerabilities
18367| [27764] LibTiff 3.x TIFFFetchData Integer Overflow Vulnerability
18368| [27704] Cogent DataHub HTTP Server Buffer Overflow
18369| [27400] HP Data Protector Arbitrary Remote Command Execution
18370| [27271] HP Data Protector CMD Install Service Vulnerability (msf)
18371| [27140] Exiv2 - Corrupted EXIF Data Denial of Service Vulnerability
18372| [27093] EZDatabase 2.1.1 Index.PHP Cross-Site Scripting Vulnerability
18373| [27090] CounterPath eyeBeam 1.1 build 3010n SIP Header Data Remote Buffer Overflow Vulnerability (2)
18374| [27089] CounterPath eyeBeam 1.1 build 3010n SIP Header Data Remote Buffer Overflow Vulnerability (1)
18375| [27080] EZDatabaseRemote 2.0 PHP Script Code Execution Vulnerability
18376| [26990] MyBB 1.0 Globa.PHP Cookie Data SQL Injection Vulnerability
18377| [26984] IceWarp Universal WebMail /mail/include.html - Crafted HTTP_USER_AGENT Arbitrary File Access
18378| [26854] ezDatabase 2.1.2 index.php db_id Parameter SQL Injection
18379| [26853] ezDatabase 2.1.2 index.php p Parameter Local File Inclusion
18380| [26551] OTRS 2.0 AgentTicketPlain Action Multiple Parameter SQL Injection
18381| [26505] Codegrrl Protection.PHP Unspecified Code Execution Vulnerability
18382| [26445] Comersus BackOffice 4.x/5.0/6.0 /comersus/database/comersus.mdb Direct Request Database Disclosure
18383| [26398] RSA ACE Agent 5.x Image Cross-Site Scripting Vulnerability
18384| [26393] phpMyAdmin 2.x server_databases.php XSS
18385| [26311] IceWarp Web Mail 5.5.1 calendar_w.html createdataCX Parameter XSS
18386| [26310] IceWarp Web Mail 5.5.1 calendar_m.html createdataCX Parameter XSS
18387| [26309] IceWarp Web Mail 5.5.1 calendar_d.html createdataCX Parameter XSS
18388| [26271] Apple Safari 1.x/2.0.1 Data URI Memory Corruption Vulnerability
18389| [26097] Jax PHP Scripts 1.0/1.34/2.14/3.31 jnl_records User Database Disclosure
18390| [26058] MySQL AB Eventum 1.x get_jsrs_data.php F Parameter XSS
18391| [26035] Advanced Guestbook 2.2/2.3 User-Agent HTML Injection Vulnerability
18392| [25848] PAFaq beta4 Database Unauthorized Access Vulnerability
18393| [25752] PHPMailer 1.7 Data() Function Remote Denial of Service Vulnerability
18394| [25661] Keyvan1 ImageGallery Database Download Vulnerability
18395| [25613] Oracle 9i/10g Database Fine Grained Audit Logging Failure Vulnerability
18396| [25550] Claroline 1.5/1.6 user_access_details.php data Parameter XSS
18397| [25453] Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (2)
18398| [25452] Oracle 10g Database SUBSCRIPTION_NAME Remote SQL Injection Vulnerability (1)
18399| [25421] RSA Security RSA Authentication Agent For Web 5.2 - Remote Cross-Site Scripting Vulnerability
18400| [25397] Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
18401| [25396] Oracle 8.x/9.x/10.x Database Multiple SQL Injection Vulnerabilities
18402| [25252] betaparticle blog 2.0/3.0 dbBlogMX.mdb Direct Request Database Disclosure
18403| [25237] RunCMS 1.1 Database Configuration Information Disclosure Vulnerability
18404| [25195] Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities
18405| [25119] BibORB 1.3.2 Add Database Description Parameter XSS
18406| [25100] CitrusDB 0.3.6 uploadcc.php Arbitrary Database Injection
18407| [25099] CitrusDB 0.3.6 importcc.php Arbitrary Database Injection
18408| [25072] CitrusDB 0.1/0.2/0.3 Credit Card Data Remote Information Disclosure Vulnerability
18409| [25053] Siteman 1.1 User Database Privilege Escalation Vulnerability (2)
18410| [25052] Siteman 1.1 User Database Privilege Escalation Vulnerability (1)
18411| [24932] Sophos Web Protection Appliance 3.7.8.1 - Multiple Vulnerabilities
18412| [24678] IBM DB2 Universal Database Information Disclosure Vulnerability
18413| [24567] Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability
18414| [24533] RTTucson Quotations Database Script (Auth Bypass) SQL Injection Vulnerability
18415| [24522] RTTucson Quotations Database - Multiple Vulnerabilities
18416| [24444] DataLife Engine preview.php PHP Code Injection
18417| [24438] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability
18418| [24397] Compulsive Media CNU5 News.mdb Database Disclosure Vulnerability
18419| [24385] Zixforum ZixForum.mdb Database Disclosure Vulnerability
18420| [24384] PHP-Fusion Database Backup Information Disclosure Vulnerability
18421| [24362] Internet Security Systems BlackICE PC Protection 3.6 Firewall.INI Local Buffer Overrun Vulnerability
18422| [24335] Oracle9i Database Default Library Directory Privilege Escalation Vulnerability
18423| [24317] XLineSoft ASPRunner 1.0/2.x Database Direct Request Information Disclosure
18424| [24195] WinAgents TFTP Server 3.0 - Remote Buffer Overrun Vulnerability
18425| [24165] Firebird 1.0 - Remote Pre-Authentication Database Name Buffer Overrun Vulnerability
18426| [24069] Microsoft Internet Explorer 6.0 Meta Data Foreign Domain Spoofing Vulnerability
18427| [24039] NewsTraXor Website Management Script 2.9 beta Database Disclosure Vulnerability
18428| [23902] Roger Wilco Server 1.4.1 UDP Datagram Handling Denial of Service Vulnerability
18429| [23656] Oracle 9.x Database Parameter/Statement Buffer Overflow Vulnerabilities
18430| [23649] Microsoft SQL Server Database Link Crawling Command Execution
18431| [23598] IBM Net.Data 7.0/7.2 db2www Error Message Cross-Site Scripting Vulnerability
18432| [23584] McAfee ePolicy Orchestrator 1.x/2.x/3.0 Agent HTTP POST Buffer Mismanagement Vulnerability
18433| [23552] Sun J2EE/RI 1.4,Sun JDK 1.4.2 JDBC Database Insecure Default Policy Vulnerabilities
18434| [23516] ASP-Nuke 1.0/1.2/1.3 - Remote User Database Access Vulnerability
18435| [23515] ASPApp PortalAPP 0 Remote User Database Access Vulnerability
18436| [23359] MyBB DyMy User Agent Plugin (newreply.php) - SQL Injection Vulnerability
18437| [23325] BRS WebWeaver 1.06 httpd `User-Agent` Remote Denial of Service Vulnerability
18438| [23323] Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)
18439| [23290] HP Data Protector DtbClsLogin Buffer Overflow
18440| [23258] Oracle Database Server 9.0.x Oracle Binary Local Buffer Overflow Vulnerability
18441| [23228] SLocate 2.6 User-Supplied Database Heap Overflow Vulnerability
18442| [23203] IBM System Director Agent DLL Injection
18443| [23124] NullSoft Winamp 2.81/2.91/3.0/3.1 MIDI Plugin IN_MIDI.DLL Track Data Size Buffer Overflow Vulnerability
18444| [23077] MySQL (Linux) Database Privilege Elevation Zeroday Exploit
18445| [23005] FCKEditor ASP 2.6.8 - File Upload Protection Bypass
18446| [22983] HP Compaq Insight Management Agent 5.0 Format String Vulnerability
18447| [22939] GNU GNATS 3.113 .1_6 Queue-PR Database Command Line Option Buffer Overflow Vulnerability
18448| [22827] Compaq Web-Based Management Agent Remote File Verification Vulnerability
18449| [22825] Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Vulnerability
18450| [22823] Compaq Web-Based Management Agent Access Violation Denial of Service Vulnerability
18451| [22822] Compaq Web-Based Management Agent Remote Stack Overflow Denial of Service Vulnerability
18452| [22787] NFR Agent FSFUI Record File Upload RCE
18453| [22775] FreeWnn 1.1.1 JServer Logging Option Data Corruption Vulnerability
18454| [22773] Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability
18455| [22747] MaxWebPortal 1.30 Remote Database Disclosure
18456| [22727] Computer Associates Unicenter Asset Manager Stored Secret Data Decryption Weakness
18457| [22715] WebChat 2.0 Users.PHP Database Username Disclosure Weakness
18458| [22714] Oracle Database Client System Analyzer Arbitrary File Upload
18459| [22707] Novell Groupwise Internet Agent LDAP BIND Request Overflow Vulnerability
18460| [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability
18461| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
18462| [22531] SAP Database 7.3/7.4 SDBINST Race Condition Vulnerability
18463| [22513] MPCSoftWeb 1.0 Database Disclosure Vulnerability
18464| [22433] Monkey HTTP Daemon 0.4/0.5/0.6 Excessive POST Data Buffer Overflow Vulnerability
18465| [22371] Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability
18466| [22306] HP Operations Agent Opcode coda.exe 0x34 Buffer Overflow
18467| [22305] HP Operations Agent Opcode coda.exe 0x8c Buffer Overflow
18468| [22301] Aladdin Knowledge System Ltd - PrivAgent.ocx ChooseFilePath BOF
18469| [22258] Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities
18470| [22201] List Site Pro 2.0 User Database Delimiter Injection Vulnerability
18471| [22116] N/X Web Content Management System 2002 Prerelease 1 datasets.php c_path Parameter LFI
18472| [22069] Oracle Database Authentication Protocol Security Bypass
18473| [22058] Pserv 2.0 User-Agent HTTP Header Buffer Overflow Vulnerability (2)
18474| [22057] Pserv 2.0 User-Agent HTTP Header Buffer Overflow Vulnerability (1)
18475| [21996] Lotus Domino 5.0.8-9 Non-existent NSF Database Banner Information Disclosure
18476| [21917] BlackIce Server Protection 3.5/BlackICE Defender 2.9 Auto Block DoS Weakness
18477| [21912] Killer Protection 1.0 Information Disclosure Vulnerability
18478| [21845] Windows Escalate UAC Protection Bypass
18479| [21823] Trillian 0.74 IRC Oversized Data Block Buffer Overflow Vulnerability
18480| [21721] Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability
18481| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
18482| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
18483| [21531] Caldera OpenServer 5.0.x XSCO Color Database File Heap Overflow Vulnerability
18484| [21474] OpenBB 1.0 .0 RC3 BBCode Cross Agent HTML Injection Vulnerability
18485| [21458] grsecurity Kernel Patch 1.9.4 Linux Kernel Memory Protection Weakness
18486| [21374] IBM Informix Web Datablade 4.1x Page Request SQL Injection Vulnerability
18487| [21360] Sun Solaris 2.6/7.0/8 XSun Color Database File Heap Overflow Vulnerability
18488| [21312] ReBB 1.0 Image Tag Cross-Agent Scripting Vulnerability
18489| [21308] Snitz Forums 2000 3.0/3.1/3.3 Image Tag Cross-Agent Scripting Vulnerability
18490| [21304] Ikonboard 2.17/3.0/3.1 Image Tag Cross-Agent Scripting Vulnerability
18491| [21301] OpenBB 1.0.x Image Tag Cross-Agent Scripting Vulnerability
18492| [21209] Ultimate Bulletin Board 5.4/6.0/6.2 Cross-Agent Scripting Vulnerability
18493| [21208] YaBB 9.1.2000 Cross-Agent Scripting Vulnerability
18494| [21168] EasyNews 1.5 NewsDatabase/Template Modification Vulnerability
18495| [21160] ibm informix web datablade 3.x/4.1 - Directory Traversal vulnerability
18496| [21117] Progress Database 8.3/9.1 - Multiple Buffer Overflow Vulnerability
18497| [21029] Softek MailMarshal 4,Trend Micro ScanMail 1.0 SMTP Attachment Protection Bypass
18498| [21027] Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability
18499| [21011] 3Com SuperStack II PS Hub 40 TelnetD Weak Password Protection Vulnerability
18500| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
18501| [20867] ARCservIT 6.61/6.63 Client asagent.tmp Arbitrary File Overwrite Vulnerability
18502| [20807] datawizard webxq 2.1.204 - Directory Traversal vulnerability
18503| [20651] datawizards ftpxq 2.0.93 - Directory Traversal vulnerability
18504| [20531] IBM HTTP Server 1.3 AfpaCache/WebSphereNet.Data DoS Vulnerability
18505| [20472] IBM DB2 Universal Database for Linux 6.1/Windows NT 6.1 Known Default Password Vulnerability
18506| [20470] IBM DB2 Universal Database for Windows NT 6.1/7.1 SQL DoS Vulnerability
18507| [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability
18508| [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability
18509| [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
18510| [20447] WebCom datakommunikation Guestbook 0.1 rguest.exe Arbitrary File Access
18511| [20446] WebCom datakommunikation Guestbook 0.1 wguest.exe Arbitrary File Access
18512| [20441] IBM Net.Data 7.0 Path Disclosure Vulnerability
18513| [20440] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (4)"
18514| [20439] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (3)"
18515| [20438] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (2)"
18516| [20437] "Windows 3.11/95/NT 4.0/NT 3.5.1 ""Out Of Band"" Data Denial of Service (1)"
18517| [20401] Computer Associates InoculateIT 4.53 MS Exchange Agent Vulnerability
18518| [20216] Check Point Software Firewall-1 3.0/1 4.0/1 4.1 Session Agent Dictionary Attack (2)
18519| [20215] Check Point Software Firewall-1 3.0/1 4.0/1 4.1 Session Agent Dictionary Attack (1)
18520| [20214] Check Point Software Firewall-1 3.0/1 4.0 Session Agent Impersonation Vulnerability
18521| [20123] Symantec Web Gateway 5.0.3.18 (deptUploads_data.php groupid parameter) Blind SQLi
18522| [19967] Omnis Studio 2.4 Weak Database Field Encryption Vulnerability
18523| [19817] Data General DG/UX 5.4 inetd Service Exhaustion Denial of Service
18524| [19793] Magento eCommerce Local File Disclosure
18525| [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability
18526| [19491] BindView HackerShield 1.0/1.1 HackerShield AgentAdmin Password Vulnerability
18527| [19484] HP Data Protector Create New Folder Buffer Overflow
18528| [19461] Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (2)
18529| [19460] Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (1)
18530| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
18531| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
18532| [19422] BMC Software Patrol <= 3.2.5 Patrol SNMP Agent File Creation/Permission Vulnerability
18533| [19288] HP Data Protector Client EXEC_CMD Remote Code Execution
18534| [19228] Microsoft IIS 4.0,Microsoft JET 3.5/3.5.1 Database Engine VBA Vulnerability
18535| [19225] Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability
18536| [19146] DataLynx suGuard 1.0 Vulnerability
18537| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
18538| [19112] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(2)
18539| [19111] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(1)
18540| [19026] Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
18541| [18916] Symantec End Point Protection 11.x & Symantec Network Access Control 11.x LCE PoC
18542| [18889] Artiphp CMS 5.5.0 Database Backup Disclosure Exploit
18543| [18728] joomla component The Estate Agent (com_estateagent) SQL injection Vulnerability
18544| [18647] PHP Grade Book 1.9.4 Unauthenticated SQL Database Export
18545| [18521] HP Data Protector 6.1 EXEC_CMD Remote Code Execution
18546| [18441] Vastal I-Tech Agent Zone (search.php) Blind SQL Injection Vulnerability
18547| [18423] HP Diagnostics Server magentservice.exe Overflow
18548| [18093] Oracle XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure Exploit
18549| [18077] hp data protector media operations <= 6.20 - Directory Traversal
18550| [18052] Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC
18551| [18015] HP Power Manager 'formExportDataLogs' Buffer Overflow
18552| [18007] Oracle DataDirect Multiple Native Wire Protocol ODBC Drivers HOST Attribute Stack Based Buffer Overflow
18553| [17884] Cogent Datahub <= 7.1.1.63 - Remote Unicode Buffer Overflow Exploit
18554| [17840] Cogent DataHub <= 7.1.1.63 Source Disclosure
18555| [17839] Cogent DataHub <= 7.1.1.63 Integer Overflow
18556| [17838] Cogent DataHub <= 7.1.1.63 Stack Overflow
18557| [17648] HP Data Protector - Remote Root Shell (Linux Version)
18558| [17614] HP Data Protector Remote Shell for HP-UX
18559| [17513] Blue Coat Authentication and Authorization Agent (BCAAA) 5 Buffer Overflow
18560| [17503] ManageEngine ServiceDesk <= 8.0.0.12 Database Disclosure Exploit
18561| [17468] HP Data Protector 6.11 Remote Buffer Overflow + DEP Bypass
18562| [17461] HP Data Protector 6.20 EXEC_CMD Buffer Overflow Vulnerability
18563| [17458] HP Data Protector 6.20 - Multiple Vulnerabilities
18564| [17434] RealWin SCADA Server DATAC Login Buffer Overflow
18565| [17417] DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
18566| [17388] trend micro data loss prevention virtual appliance 5.5 - Directory Traversal
18567| [17382] Tele Data Contact Management Server Directory Traversal
18568| [17377] Polycom IP Phone Web Interface Data Diclosure Vulnerability
18569| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
18570| [17374] 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
18571| [17367] Dataface Local File Include
18572| [17352] 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
18573| [17345] HP Data Protector Client EXEC_SETUP Remote Code Execution PoC (ZDI-11-056)
18574| [17339] HP Data Protector Client EXEC_CMD Remote Code Execution PoC (ZDI-11-055)
18575| [17300] 7-Technologies IGSS <= 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow
18576| [17231] Parnian Opendata CMS SQL Injection Vulnerability
18577| [17178] Blue Hat Sensitive Database Disclosure Vulnerability SQLi
18578| [17155] Cisco Security Agent Management Console ?st_upload? RCE Exploit
18579| [17047] HP OpenView Network Node Manager getnnmdata.exe (Hostname) CGI Buffer Overflow
18580| [17042] HP OpenView Network Node Manager getnnmdata.exe (MaxAge) CGI Buffer Overflow
18581| [17040] HP OpenView Network Node Manager getnnmdata.exe (ICount) CGI Buffer Overflow
18582| [17025] DATAC RealWin Multiple Vulnerabilities
18583| [16918] Zabbix Agent net.tcp.listen Command Injection
18584| [16915] Oracle VM Server Virtual Server Agent Command Injection
18585| [16866] Safari Archive Metadata Command Execution
18586| [16843] Borland InterBase jrd8_create_database() Buffer Overflow
18587| [16838] NetSupport Manager Agent Remote Buffer Overflow
18588| [16829] Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow
18589| [16800] Streamcast <= 0.9.75 HTTP User-Agent Buffer Overflow
18590| [16783] McAfee ePolicy Orchestrator / ProtectionPilot Overflow
18591| [16765] MaxDB WebDBM Database Parameter Overflow
18592| [16611] Winamp Ultravox Streaming Metadata (in_mp3.dll) Buffer Overflow
18593| [16583] Internet Explorer Data Binding Memory Corruption
18594| [16567] Internet Explorer Tabular Data Control ActiveX Memory Corruption
18595| [16537] Microsoft OWC Spreadsheet msDataSourceObject Memory Corruption
18596| [16452] AgentX++ Master AgentX::receive_agentx Stack Buffer Overflow
18597| [16447] Borland InterBase isc_attach_database() Buffer Overflow
18598| [16440] Firebird Relational Database isc_attach_database() Buffer Overflow
18599| [16437] Borland InterBase isc_create_database() Buffer Overflow
18600| [16432] Firebird Relational Database isc_create_database() Buffer Overflow
18601| [16420] Firebird Relational Database SVC_attach() Buffer Overflow
18602| [16415] CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
18603| [16405] CA BrightStor Universal Agent Overflow
18604| [16403] CA BrightStor Agent for Microsoft SQL Overflow
18605| [16391] EMC AlphaStor Agent Buffer Overflow
18606| [16385] DATAC RealWin SCADA Server Buffer Overflow
18607| [16384] DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
18608| [16383] DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow
18609| [16382] DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
18610| [16376] Novell NetIdentity Agent XTIERRPCPIPE Named Pipe Buffer Overflow
18611| [16358] Microsoft IIS ISAPI RSA WebAgent Redirect Overflow
18612| [16332] Veritas Backup Exec Windows Remote Agent Overflow
18613| [16287] Wyse Rapport Hagent Fake Hserver Command Execution
18614| [16261] PHP Exif Extension 'exif_read_data()' Function Remote DoS
18615| [16179] Rae Media Real Estate Multi Agent SQL Injection Vulnerability
18616| [16178] Rae Media Real Estate Single Agent SQL Injection Vulnerability
18617| [16139] Auto Database System 1.0 Infusion Addon SQL injection Vulnerability
18618| [16134] Model Agentur Script SQL Injection Vunerability
18619| [16128] jakcms 2.0 pro rc5 - Stored XSS via useragent http header injection
18620| [16117] Escort und Begleitservice Agentur Script SQL Injection Vunerability
18621| [16023] Panda Global Protection 2010 local Dos (unfiltered wcscpy())
18622| [16022] Panda Global Protection 2010 local Dos
18623| [15984] MS11-002: Microsoft Data Access Components Vulnerability
18624| [15940] HP Data Protector Manager 6.11 - Remote DoS in RDS Service
18625| [15937] NetSupport Manager Agent Remote Buffer Overflow
18626| [15898] Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability
18627| [15649] HP Data Protector Manager A.06.11 MMD NULL Pointer Dereference Denial of Service
18628| [15623] MemHT Portal 4.0.1 [user agent] Persistent Cross Site Scripting
18629| [15544] Web Wiz NewsPad Express Edition 1.03 Database File Disclosure Vulnerability
18630| [15464] Novell Groupwise Internet Agent IMAP LIST LSUB Command Remote Code Execution
18631| [15463] Novell Groupwise Internet Agent IMAP LIST Command Remote Code Execution
18632| [15461] G Data TotalCare 2011 0day Local Kernel Exploit
18633| [15444] G Data TotalCare 2011 NtOpenKey Race Condition Vulnerability
18634| [15378] "Sybase Advantage Data Architect - ""*.SQL"" Format Heap Oveflow"
18635| [15337] DATAC RealWin SCADA 1.06 Buffer Overflow Exploit
18636| [15307] HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS
18637| [15301] Altova DatabaseSpy 2011 Project File Handling Buffer Overflow Vulnerability
18638| [15264] PHP Hosting Directory 2.0 Database Disclosure Exploit (.py)
18639| [15260] Rocket Software UniData <= 7.2.7.3806 Denial of Service Vulnerabilities
18640| [15259] DATAC RealWin <= 2.0 (Build 6.1.8.10) Buffer Overflow Vulnerabilities
18641| [15249] Data/File upload and management Arbitrary File Upload Vulnerability
18642| [15244] Oracle Virtual Server Agent Command Injection
18643| [15214] HP Data Protector Media Operations NULL Pointer Dereference Remote DoS
18644| [15199] Cilem Haber 1.4.4 (Tr) - Database Disclosure Exploit (.py)
18645| [15056] MOAUB #20 - Java CMM readMabCurveData Stack Overflow
18646| [14974] HP Data Protector Media Operations 6.11 Multiple Modules NULL Pointer Dereference DoS
18647| [14585] kleeja 1.0.0RC6 Database Disclosure
18648| [14537] Oracle MySQL 'ALTER DATABASE' Remote Denial of Service Vulnerability
18649| [14379] Novell Groupwise Internet Agent Stack Overflow
18650| [14182] HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution
18651| [14181] HP OpenView NNM getnnmdata.exe CGI Invalid ICount Remote Code Execution
18652| [14180] HP OpenView NNM getnnmdata.exe CGI Invalid MaxAge Remote Code Execution
18653| [13886] IISWorks FileMan fileman.mdb Remote User Database Disclosure
18654| [13783] GREEZLE - Global Real Estate Agent Site Auth SQL Injection
18655| [13358] linux/x86 re-use of /bin/sh string in .rodata shellcode 16 bytes
18656| [12777] Realtor Real Estate Agent (news.php) SQL Injection Vulnerability
18657| [12773] Realtor Real Estate Agent (idproperty) SQL Injection Vulnerability
18658| [12574] Joomla Module Camp26 Visitor Data 1.1 - Remote code Execution
18659| [12274] Multiple Vendor AgentX++ Stack Buffer Overflow
18660| [12199] My School Script Data Base Download Vulnerability
18661| [12197] Mp3 MuZik Data Base Download Vulnerability
18662| [12088] Joomla Component Affiliate Feeds com_datafeeds Local File Inclusion Vulnerability
18663| [12032] Microsoft Internet Explorer Tabular Data Control ActiveX Remote Code Execution
18664| [11883] WebSiteBaker 2.8.1 DataBase Backup Disclosure
18665| [11786] Virtual PC Hypervisor Memory Protection Vulnerability
18666| [11612] osCSS 1.2.1 - Database Backups Disclosure
18667| [11611] Al Sat Scripti Database Download Vulnerability
18668| [11554] QuickDev 4 Php Database Disclosure Vulnerability
18669| [11517] Netzbrett Database Disclosure Vulnerability
18670| [11406] J.A.G (Just Another Guestbook) Database Disclosure Vulnerability
18671| [11399] myPHP Guestbook <= 2.0.4 Database Backup Dump Vulnerability
18672| [11366] Newsletter Tailor Database Backup Dump Vulnerability
18673| [11361] fipsForum 2.6 - Remote Database Disclosure Vulnerability
18674| [11344] WSN Guest Database Disclosure Vulnerability
18675| [11316] GCP 2.0 datasets provided as BioCASE web services
18676| [11142] Multiple Media Player HTTP DataHandler Overflow (Itunes, Quicktime, etc)
18677| [11116] Alwjeez Script Database Backup Exploit
18678| [11098] E-membres 1.0 - Remote Database Disclosure Vulnerability
18679| [11097] Egreetings 1.0 b - Remote Database Disclosure Vulnerability
18680| [11096] ABB 1.1 - Forum Remote Database Disclosure Vulnerability
18681| [11025] AWCM Database Disclosure Vulnerability
18682| [11023] Erolife AjxGaleri VT Database Disclosure Vulnerability
18683| [11005] KMSoft Guestbook 1.0 - Database Disclosure Vulnerability
18684| [10940] Football Pool 3.1 - Database Disclosure Vulnerability
18685| [10883] BlogWorx 1.0 Blog Database Disclosure Vulnerability
18686| [10823] UranyumSoft \xEDlan Servisi Database Disclosure Vulnerability
18687| [10796] ezscheduler Remote Database Disclosure Vulnerability
18688| [10795] ezguestbook Remote Database Disclosure Vulnerability
18689| [10794] WEB Calendar Remote Database Disclosure Vulnerability
18690| [10713] Esinti Web Design Gold Defter Database Disclosure Vulnerability
18691| [10686] CactuShop 6.0 - Database Disclosure Vulnerability
18692| [10639] Snitz Forums 2000 Database Disclosure Vulnerability
18693| [10638] Web Wiz Forums 9.64 - Database Disclosure Vulnerability
18694| [10637] Web Wiz NewsPad Database Disclosure Vulnerability
18695| [10576] Angelo-emlak 1.0 - Database Disclosure Vulnerability
18696| [10573] 8pixel.net 2009. Database Disclosure Vulnerability
18697| [10558] Toast Forums 1.8 - Database Disclosure Vulnerability
18698| [10514] dblog (dblog.mdb) Remote Database Disclosure Vulnerability
18699| [10483] GuestBookPro Script Remote Database Disclosure Vulnerability
18700| [10482] Codefixer Membership Remote Database Disclosure Vulnerability
18701| [10431] Zabbix Agent < 1.6.7 - Remote Bypass Vulnerability
18702| [10340] Multiple Symantec Products Intel Common Base Agent Remote Command Execution
18703| [10247] Micronet SP1910 Data Access Controller UI XSS & HTML Code Injection
18704| [10243] PHP MultiPart Form-Data Denial of Service PoC
18705| [10242] "PHP ""multipart/form-data"" Denial of Service Exploit (Python)"
18706| [10020] Borland InterBase 2007, 2007 sp2 jrd8_create_database Buffer Overflow
18707| [9934] Wyse Rapport Hagent Fake Hserver Command Execution
18708| [9905] Oracle Database 10.1.0.5 - 10.2.0.4 AUTH_SESSKEY length validation exploit
18709| [9681] efront <= 3.5.4 (database.php path) Remote File Inclusion Vulnerability
18710| [9572] DataLife Engine 8.2 dle_config_api Remote File Inclusion Vulnerability
18711| [9542] Linux Kernel 2.6 < 2.6.19 - (32bit) ip_append_data() ring0 Root Exploit
18712| [9493] Uebimiau Webmail 3.2.0-2.0 Arbitrary Database Disclosure Vuln
18713| [9475] asaher pro 1.0.4 - Remote Database Backup Vulnerability
18714| [9155] PHPGenealogy 2.0 (DataDirectory) RFI Vulnerability
18715| [9136] Mp3-Nator 2.0 (ListData.dat) Universal Buffer Overflow Exploit (SEH)
18716| [9115] Digitaldesign CMS 0.1 - Remote Database Disclosure Vulnerability
18717| [9073] YourTube <= 2.0 Arbitrary Database Disclosure Exploit
18718| [9007] HP Data Protector 4.00-SP1b43064 - Remote Memory Leak/Dos (meta)
18719| [9006] HP Data Protector 4.00-SP1b43064 Remote Memory Leak/Dos Exploit
18720| [8970] McAfee 3.6.0.608 naPolicyManager.dll ActiveX Arbitrary Data Write Vuln
18721| [8924] School Data Navigator (page) Local/Remote File Inclusion Vulnerability
18722| [8890] fipsCMS Light 2.1 (db.mdb) Remote Database Disclosure Vulnerability
18723| [8878] Web Directory PRO Remote Database Backup Vulnerability
18724| [8877] Host Directory PRO 2.1.0 - Remote Database Backup Vulnerability
18725| [8852] ASP Football Pool 2.3 - Remote Database Disclosure Vulnerability
18726| [8850] PAD Site Scripts 3.6 - Remote Arbitrary Database Backup Vulnerability
18727| [8849] R2 Newsletter Lite/Pro/Stats (admin.mdb) Database Disclosure Vuln
18728| [8758] ChinaGames (CGAgent.dll) ActiveX Remote Code Execution Exploit
18729| [8740] Dog Pedigree Online Database 1.0.1b Blind SQL Injection Exploit
18730| [8739] Dog Pedigree Online Database 1.0.1b Insecure Cookie Handling Vuln
18731| [8738] Dog Pedigree Online Database 1.0.1b Multiple SQL Injection Vulns
18732| [8705] DMXReady Registration Manager 1.1 Database Disclosure Vulnerability
18733| [8610] Ublog access version - Arbitrary Database Disclosure Exploit
18734| [8609] Uguestbook 1.0b (guestbook.mdb) Arbitrary Database Disclosure Exploit
18735| [8596] Winn ASP Guestbook 1.01b Remote Database Disclosure Exploit
18736| [8498] eLitius 1.0 Arbitrary Database Backup Exploit
18737| [8430] OpenBSD <= 4.5 IP datagram Null Pointer Deref DoS Exploit
18738| [8406] OpenBSD <= 4.5 (IP datagrams) Remote DoS Vulnerability
18739| [8377] Exjune Guestbook 2.0 - Remote Database Disclosure Exploit
18740| [8374] WebFileExplorer 3.1 (DB.MDB) Database Disclosure Vulnerability
18741| [8345] IBM DB2 < 9.5 pack 3a - Data Stream Denial of Service Exploit
18742| [8332] PrecisionID Datamatrix ActiveX Arbitrary File Overwrite Vuln
18743| [8281] Microsoft GdiPlus EMF GpFont.SetData Integer Overflow PoC
18744| [8073] pHNews Alpha 1 (genbackup.php) Database Disclosure Vulnerability
18745| [7991] GR Note 0.94 beta (Auth Bypass) Remote Database Backup Vulnerability
18746| [7922] Pligg 9.9.5 - CSRF Protection Bypass and Captcha Bypass
18747| [7816] DS-IPN.NET Digital Sales IPN Database Disclosure Vulnerability
18748| [7744] Virtual GuestBook 2.1 - Remote Database Disclosure Vulnerability
18749| [7741] dMx READY (25 Products) Remote Database Disclosure Vulnerability
18750| [7665] Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability
18751| [7599] ForumApp 3.3 - Remote Database Disclosure Vulnerability
18752| [7534] Emefa Guestbook 3.0 - Remote Database Disclosure Vulnerability
18753| [7526] myPHPscripts Login Session 2.0 XSS/Database Disclosure Vulns
18754| [7508] QuickerSite Easy CMS (QuickerSite.mdb) Database Disclosure Vulnerability
18755| [7499] BP Blog 6.0/7.0/8.0/9.0 - Remote Database Disclosure Vulnerability
18756| [7491] Nukedit 4.9.8 - Remote Database Disclosure Vulnerability
18757| [7481] WorkSimple 1.2.1 RFI / Sensitive Data Disclosure Vulnerabilities
18758| [7472] CodeAvalanche RateMySite (CARateMySite.mdb) Database Disclosure
18759| [7471] CodeAvalanche Articles (CAArticles.mdb) Database Disclosure Vuln
18760| [7470] CodeAvalanche FreeWallpaper Remote Database Disclosure Vulnerability
18761| [7469] CodeAvalanche FreeForAll (CAFFAPage.mdb) Database Disclosure Vuln
18762| [7468] CodeAvalanche Directory (CADirectory.mdb) Database Disclosure Vuln
18763| [7466] Forest Blog 1.3.2 (blog.mdb) Remote Database Disclosure Vulnerability
18764| [7450] CodeAvalanche FreeForum (CAForum.mdb) Database Disclosure Vulnerability
18765| [7449] iyzi Forum 1.0b3 (iyziforum.mdb) Database Disclosure Vulnerability
18766| [7446] ASPired2Quote (quote.mdb) Remote Database Disclosure Vulnerability
18767| [7445] Discussion Web 4 - Remote Database Disclosure Vulnerability
18768| [7442] TmaxSoft JEUS Alternate Data Streams File Disclosure Vulnerability
18769| [7440] ColdFusion Scripts Red_Reservations Database Disclosure Vulnerability
18770| [7438] VP-ASP Shopping Cart 6.50 Database Disclosure Vulnerability
18771| [7428] The Net Guys ASPired2Protect Database Disclosure Vulnerability
18772| [7427] The Net Guys ASPired2Poll Remote Database Disclosure Vulnerability
18773| [7420] MyCal Personal Events Calendar (mycal.mdb) Database Disclosure Vuln
18774| [7419] evCal Events Calendar Database Disclosure Vulnerability
18775| [7376] QMail Mailing List Manager 1.2 Database Disclosure Vulnerability
18776| [7372] Ikon AdManager 2.1 - Remote Database Disclosure Vulnerability
18777| [7371] Professional Download Assistant 0.1 Database Disclosure Vulnerability
18778| [7370] NatterChat 1.12 (natterchat112.mdb) Database Disclosure Vulnerability
18779| [7361] ASP PORTAL (xportal.mdb) Remote Database Disclosure Vulnerability
18780| [7360] ASP AutoDealer Remote Database Disclosure Vulnerability
18781| [7359] ASPTicker 1.0 (news.mdb) Remote Database Disclosure Vulnerability
18782| [7353] Cold BBS (cforum.mdb) Remote Database Disclosure Vulnerability
18783| [7340] Easy News Content Management (News.mdb) Database Disclosure Vuln
18784| [7338] User Engine Lite ASP (users.mdb) Database Disclosure Vulnerability
18785| [7332] ASP User Engine .NET Remote Database Disclosure Vulnerability
18786| [7325] Codefixer MailingListPro (MailingList.mdb) Database Disclosure Vuln
18787| [7324] Rapid Classified 3.1 (cldb.mdb) Database Disclosure Vulnerability
18788| [7318] PacPoll 4.0 (poll.mdb/poll97.mdb) Database Disclosure Vulnerability
18789| [7316] ASPPortal 3.2.5 (ASPPortal.mdb) Database Disclosure Vulnreability
18790| [7305] KTP Computer Customer Database CMS Blind SQL Injection Vulnerability
18791| [7304] KTP Computer Customer Database CMS Local File Inclusion Vulnerability
18792| [7303] Quick Tree View .NET 3.1 (qtv.mdb) Database Disclosure Vulnerability
18793| [7292] ASPThai.NET Forum 8.5 - Remote Database Disclosure Vulnerability
18794| [7260] BaSiC-CMS (acm2000.mdb) Remote Database Disclosure Vulnerability
18795| [7258] Ocean12 FAQ Manager Pro Database Disclosure Vulnerability
18796| [7247] Ocean12 Calendar Manager Gold Database Disclosure Vulnerability
18797| [7246] Ocean12 Poll Manager Pro Database Disclosure Vulnerability
18798| [7245] Ocean12 Membership Manager Pro Database Disclosure Vulnerability
18799| [7232] SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability
18800| [7206] PHP Classifieds Script Remote Database Disclosure Vulnerability
18801| [7180] VCalendar (VCalendar.mdb) Remote Database Disclosure Vulnerability
18802| [7177] Oracle Database Vault ptrace(2) Privilege Escalation Exploit
18803| [6872] MW6 DataMatrix ActiveX (DataMatrix.dll) Insecure Method Exploit
18804| [6855] MyKtools 2.4 Arbitrary Database Backup Vulnerability
18805| [6700] DFF PHP Framework API (Data Feed File) RFI Vulnerabilities
18806| [6456] Free PHP VX Guestbook 1.06 Arbitrary Database Backup Vulnerability
18807| [6390] IntegraMOD 1.4.x (Insecure Directory) Download Database Vulnerability
18808| [6371] Vastal I-Tech Agent Zone (ann_id) SQL Injection Vulnerability
18809| [6314] Thickbox Gallery 2.0 - (admins.php) Admin Data Disclosure Vulnerability
18810| [6080] php Help Agent <= 1.1 (content) Local File Inclusion Vulnerability
18811| [6033] AuraCMS <= 2.2.2 (pages_data.php) Arbitrary Edit/Add/Delete Exploit
18812| [5885] Scientific Image DataBase <= 0.41 - Blind SQL Injection Exploit
18813| [5552] PHPEasyData 1.5.4 (cat_id) Remote SQL Injection Vulnerability
18814| [5506] PHPizabi 0.848b C1 HFP3 - Database Information Disclosure Vuln
18815| [5465] 2532/Gigs <= 1.2.2 - Arbitrary Database Backup/Download Vulnerability
18816| [5452] lightneasy sqlite / no database <= 1.2.2 - Multiple Vulnerabilities
18817| [5425] LightNEasy 1.2 (no database) Remote Hash Retrieve Exploit
18818| [5395] Data Dynamics ActiveBar (Actbar3.ocx 3.2) Multiple Insecure Methods
18819| [5380] Blog PixelMotion (sauvBase.php) Arbitrary Database Backup Vulnerability
18820| [5367] PIGMy-SQL <= 1.4.1 (getdata.php id) Blind SQL Injection Exploit
18821| [5213] Versant Object Database <= 7.0.1.3 Commands Execution Exploit
18822| [5105] AuraCMS 2.2 (gallery_data.php) Remote SQL Injection Exploit
18823| [5095] PKs Movie Database 3.0.3 XSS / SQL Injection Vulnerabilities
18824| [5016] Mambo Component EstateAgent 0.1 - Remote SQL Injection Vulnerability
18825| [4932] Digital Data Communications (RtspVaPgCtrl) Remote BOF Exploit
18826| [4897] photokron <= 1.7 (update script) Remote Database Disclosure Exploit
18827| [4872] PHP Webquest 2.6 Get Database Credentials Vulnerability
18828| [4870] osData <= 2.08 Modules Php121 Local File Inclusion Vulnerability
18829| [4804] Hot or Not Clone by Jnshosts.com Database Backup Dump Vulnerability
18830| [4710] Lotfian.com DATABASE DRIVEN TRAVEL SITE SQL Injection Vuln
18831| [4634] IceBB 1.0-rc6 Remote Database Authentication Details Exploit
18832| [4240] VMware IntraProcessLogging.dll 5.5.3.42958 Arbitrary Data Write Exploit
18833| [4234] mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Code Execution
18834| [4218] PHP 5.2.3 win32std ext. safe_mode/disable_functions Protections Bypass
18835| [4208] Data Dynamics ActiveReport ActiveX (actrpt2.dll <= 2.5) Inscure Method
18836| [4190] Data Dynamics ActiveBar ActiveX (actbar3.ocx <= 3.1) Insecure Methods
18837| [4176] SecureBlackbox (PGPBBox.dll 5.1.0.112) Arbitary Data Write Exploit
18838| [4119] HP Digital Imaging (hpqxml.dll 2.0.0.133) Arbitary Data Write Exploit
18839| [4110] Avaxswf.dll 1.0.0.1 from Avax Vector ActiveX Arbitrary Data Write
18840| [4067] Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
18841| [3921] Clever Database Comparer ActiveX 2.2 - Remote Buffer Overflow PoC
18842| [3897] eTrust Antivirus Agent r8 Local Privilege Elevation Exploit
18843| [3508] Moodle <= 1.5.2 (moodledata) Remote Session Disclosure Vulnerability
18844| [3377] Oracle 9i/10g DBMS_METADATA.GET_DDL - SQL Injection Exploit (2)
18845| [3363] Oracle 9i/10g DBMS_METADATA.GET_DDL SQL Injection Exploit
18846| [3292] OPENi-CMS Site Protection Plugin Remote File Inclusion Vulnerability
18847| [3252] EQdkp <= 1.3.1 (Referer Spoof) Remote Database Backup Vulnerability
18848| [3226] PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability
18849| [3223] CVSTrac 2.0.0 Post-Attack Database Resurrection DoS Exploit
18850| [3016] Cahier de texte 2.2 Bypass General Access Protection Exploit
18851| [3001] Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability
18852| [2957] PHPFanBase 2.x (protection.php) Remote File Include Vulnerability
18853| [2879] MS Windows spoolss GetPrinterData() Remote DoS Exploit (0day)
18854| [2844] Cahier de texte 2.0 (Database Backup/Source Disclosure) Remote Exploit
18855| [2773] Estate Agent Manager <= 1.3 - (default.asp) Login Bypass Vulnerability
18856| [2675] PHPEasyData Pro 2.2.2 (index.php) Remote SQL Injection Exploit
18857| [2623] SourceForge <= 1.0.4 (database.php) Remote File Include Exploit
18858| [2576] Specimen Image Database (client.php) Remote File Include Vulnerability
18859| [2467] McAfee ePo 3.5.0 / ProtectionPilot 1.1.0 (Source) Remote Exploit
18860| [2352] webSPELL <= 4.01.01 Database Backup Download Vulnerability
18861| [2247] MercuryBoard <= 1.1.4 (User-Agent) Remote SQL Injection Exploit
18862| [2077] WMNews <= 0.2a (base_datapath) Remote Inclusion Vulnerability
18863| [1939] DataLife Engine <= 4.1 - Remote SQL Injection Exploit (php)
18864| [1938] DataLife Engine <= 4.1 - Remote SQL Injection Exploit (perl)
18865| [1896] aePartner <= 0.8.3 (dir[data]) Remote Include Vulnerability
18866| [1573] Guppy <= 4.5.11 (Delete Databases) Remote Denial of Service Exploit
18867| [1546] phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution (2)
18868| [1542] phpRPC Library <= 0.7 XML Data Decoding Remote Code Execution
18869| [1455] Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit
18870| [1442] ezDatabase <= 2.0 (db_id) Remote Command Execution Exploit
18871| [1407] MS Windows 2k Kernel APC Data-Free Local Escalation Exploit (MS05-055)
18872| [1389] MS Internet Explorer 6.0 (mshtml.dll datasrc) Denial of Service Vuln
18873| [1360] Appfluent Database IDS < 2.1.0.103 (Env Variable) Local Exploit
18874| [1260] MS Windows IIS SA WebAgent 5.2/5.3 Redirect Overflow Exploit (meta)
18875| [1226] phpMyFAQ <= 1.5.1 (User-Agent) Remote Shell Injection Exploit
18876| [1190] DameWare Mini Remote Control 4.0 < 4.9 (Client Agent) Remote Exploit
18877| [1189] vBulletin <= 3.0.8 Accessible Database Backup Searcher (update 3)
18878| [1130] CA BrightStor ARCserve Backup Agent (dbasqlr.exe) Remote Exploit
18879| [1108] Small HTTP Server <= 3.05.28 Arbitrary Data Execution Exploit
18880| [1080] phpBB 2.0.15 (highlight) Database Authentication Details Exploit
18881| [1068] PHP-Fusion <= 6.00.105 Accessible Database Backups Download Exploit
18882| [1067] TCP-IP Datalook <= 1.3 - Local Denial of Service Exploit
18883| [989] PhotoPost Arbitrary Data Remote Exploit
18884| [983] DataTrac Activity Console Denial of Service Exploit
18885| [951] MS Jet Database (msjet40.dll) Reverse Shell Exploit
18886| [933] Oracle Database PL/SQL Statement Multiple SQL Injection Exploits
18887| [932] Oracle Database Server <= 10.1.0.2 - Buffer Overflow Exploit
18888| [929] MS Jet Database (msjet40.dll) Reverse Shell Exploit
18889| [927] MS Jet Database (msjet40.dll) DB File Buffer Overflow Exploit
18890| [912] GetDataBack Data Recovery 2.31 - Local Exploit
18891| [860] Aztek Forum <= 4.0 [myadmin.php] Database Dumper Exploit
18892| [750] Veritas Backup Exec Agent 8.x/9.x Browser Overflow (c version)
18893| [403] IPD (Integrity Protection Driver) Local Exploit
18894| [332] Solaris 2.5.0/2.5.1 ps & chkey Data Buffer Exploit
18895| [288] Progress Database Server 8.3b (prodb) Local Root Exploit
18896| [106] IBM DB2 Universal Database 7.2 (db2licm) Local Exploit
18897| [95] Roger Wilco 1.x Client Data Buffer Overflow Exploit
18898| [83] MS Internet Explorer Object Data Remote Exploit (M03-032)
18899|
18900| OpenVAS (Nessus) - http://www.openvas.org:
18901| [802827] EMC Data Protection Advisor NULL Pointer Dereference Denial of Service Vulnerability
18902| [902902] SolarWinds Orion Data Storage Manager SQL Injection and XSS Vulnerabilities
18903| [902687] Microsoft Windows Data Access Components Remote Code Execution Vulnerability (2698365)
18904| [902562] McAfee SaaS Endpoint Protection ActiveX Controls Multiple Code Execution Vulnerabilities
18905| [902561] McAfee SaaS Endpoint Protection Version Detection (Windows)
18906| [902531] HP OpenView Storage Data Protector Unspecified Remote Code Execution Vulnerability
18907| [902528] DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
18908| [902477] CDE ToolTalk RPC Database Server Multiple Vulnerabilities
18909| [902454] HP Data Protector Multiple Remote Code Execution Vulnerabilities
18910| [902406] VLC Media Player AMV and NSV Data Processing Memory Corruption vulnerability (Win)
18911| [902352] Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site scripting Vulnerability
18912| [902343] PivotX 'Reset my password' Feature Data Manipulation Vulnerability
18913| [902281] Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
18914| [902124] Symantec Endpoint Protection Scan Bypass Vulnerability
18915| [902062] DataTrack System Multiple Vulnerabilities
18916| [902061] DataTrack System Version Detection
18917| [902043] Oracle Database 'XML DB component' Unspecified vulnerability
18918| [901122] Beanstalkd Job Data Remote Command Execution Vulnerability
18919| [901045] eFront 'database.php' Remote File Inclusion Vulnerability
18920| [900341] Novell NetIdentity Agent Pointer Dereference Remote Code Execution Vulnerability
18921| [900294] Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)
18922| [900291] HP Data Protector Manager RDS Service Denial of Service Vulnerability
18923| [900245] Microsoft Data Analyzer and IE Developer Tools ActiveX Control Vulnerability (980195)
18924| [900229] Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
18925| [900216] IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Linux)
18926| [900215] IBM DB2 Universal Database Multiple Vulnerabilities - Sept08 (Win)
18927| [900103] Blue Coat K9 Web Protection Multiple Buffer Overflow Vulnerabilities
18928| [881486] CentOS Update for qemu-guest-agent CESA-2012:1234 centos6
18929| [880940] CentOS Update for evolution28-evolution-data-server CESA-2009:0354 centos4 i386
18930| [864597] Fedora Update for glpi-data-injection FEDORA-2012-10661
18931| [864410] Fedora Update for libgdata FEDORA-2012-3932
18932| [863992] Fedora Update for perl-Data-FormValidator FEDORA-2011-11680
18933| [863481] Fedora Update for perl-Data-FormValidator FEDORA-2011-11756
18934| [863477] Fedora Update for perl-Data-FormValidator FEDORA-2011-11805
18935| [863423] Fedora Update for glpi-data-injection FEDORA-2011-9690
18936| [862815] Fedora Update for maniadrive-data FEDORA-2011-0329
18937| [862807] Fedora Update for maniadrive-data FEDORA-2011-0321
18938| [862578] Fedora Update for ocsinventory-agent FEDORA-2010-16314
18939| [862473] Fedora Update for ocsinventory-agent FEDORA-2010-16334
18940| [862472] Fedora Update for ocsinventory-agent FEDORA-2010-16335
18941| [861502] Fedora Update for evolution-data-server FEDORA-2007-0464
18942| [861372] Fedora Update for evolution-data-server FEDORA-2007-595
18943| [861201] Fedora Update for php-pear-Structures-DataGrid-DataSource-MDB2 FEDORA-2007-0847
18944| [861090] Fedora Update for evolution-data-server FEDORA-2007-485
18945| [861086] Fedora Update for evolution-data-server FEDORA-2007-484
18946| [861072] Fedora Update for evolution-data-server FEDORA-2007-594
18947| [850060] SuSE Update for evolution,evolution-data-server SUSE-SA:2007:042
18948| [841126] Ubuntu Update for libgdata USN-1547-1
18949| [840083] Ubuntu Update for evolution-data-server vulnerability USN-475-1
18950| [831701] Mandriva Update for libgdata MDVSA-2012:111 (libgdata)
18951| [831378] Mandriva Update for glpi-data-injection MDVA-2011:015 (glpi-data-injection)
18952| [831254] Mandriva Update for ocsinventory-agent MDVA-2010:234 (ocsinventory-agent)
18953| [831096] Mandriva Update for libgdata MDVA-2010:171 (libgdata)
18954| [831087] Mandriva Update for mmc-agent MDVA-2010:165-1 (mmc-agent)
18955| [831072] Mandriva Update for mmc-agent MDVA-2010:165 (mmc-agent)
18956| [831015] Mandriva Update for desktop-common-data MDVA-2010:135 (desktop-common-data)
18957| [830916] Mandriva Update for mmc-agent MDVA-2010:050-1 (mmc-agent)
18958| [830869] Mandriva Update for mmc-agent MDVA-2010:050 (mmc-agent)
18959| [830410] Mandriva Update for desktop-common-data MDVA-2008:026 (desktop-common-data)
18960| [830383] Mandriva Update for x11-data-xkbdata MDVA-2008:022 (x11-data-xkbdata)
18961| [830228] Mandriva Update for evolution-data-server MDKA-2007:130 (evolution-data-server)
18962| [830207] Mandriva Update for desktop-common-data MDKA-2007:042 (desktop-common-data)
18963| [830092] Mandriva Update for desktop-common-data MDKA-2007:006 (desktop-common-data)
18964| [830052] Mandriva Update for x11-data-xkbdata MDKA-2007:025 (x11-data-xkbdata)
18965| [802985] VERITAS Backup Exec Remote Agent Windows Servers BOF Vulnerability
18966| [802981] VERITAS Backup Exec Agent Browser Remote Buffer Overflow Vulnerability
18967| [802775] HP SNMP Agents Open Redirect and Cross-site Scripting Vulnerabilities (Linux)
18968| [802745] Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability
18969| [802735] IBM DB2 Tivoli Monitoring Agent Privilege Escalation Vulnerability (Linux)
18970| [802729] IBM DB2 Distributed Relational Database Architecture Request DoS Vulnerability
18971| [802565] Cogent OPC DataHub and Cascade DataHub XSS and CRLF Vulnerabilities
18972| [802539] Oracle Database Server 'RDBMS' component Denial of Service Vulnerability
18973| [802538] Oracle Database Server Multiple Unspecified Vulnerabilities - April 06
18974| [802528] Oracle Database Server Multiple Unspecified Vulnerabilities - Jan 08
18975| [802527] Oracle Database Server Multiple Unspecified Vulnerabilities
18976| [802526] Oracle Database Server and Application Server Multiple Unspecified Vulnerabilities
18977| [802525] Oracle Database Server and Application Server Multiple Unspecified Vulnerabilities
18978| [802524] Oracle Database Server and Application Server Ultra Search Component Unspecified Vulnerability
18979| [802523] Oracle Database Server MDSYS.MD Buffer Overflows and Denial of Service Vulnerabilities
18980| [802522] Oracle Database Server Multiple Components Multiple Vulnerabilities
18981| [802521] Oracle Database Server Multiple Vulnerabilities - July 06
18982| [802520] Oracle Database Server Multiple Vulnerabilities - Oct 06
18983| [802519] Oracle Database Server Upgrade and Downgrade Component Multiple Vulnerabilities
18984| [802460] SafeNet Sentinel Protection Installer Long Request DoS Vulnerability
18985| [802386] HP Diagnostics Server 'magentservice.exe' Buffer Overflow Vulnerability
18986| [802269] HP Data Protector Media Operations Heap Buffer Overflow Vulnerability
18987| [802247] Cogent DataHub Integer Overflow Vulnerability
18988| [802246] Cogent DataHub Unicode Buffer Overflow Vulnerability
18989| [802242] Symantec Endpoint Protection Manager XSS and CSRF Vulnerabilities
18990| [802037] Azeotech DAQFactory NETB Datagram Parsing Stack Buffer Overflow Vulnerability
18991| [801963] HP Data Protector Media Management Daemon Denial of Service Vulnerability
18992| [801950] Xataface Dataface '-action' Local File Inclusion Vulnerability
18993| [801946] HP Data Protector Client 'EXEC_CMD' Remote Code Execution Vulnerability
18994| [801918] Novell File Reporter 'NFRAgent.exe' XML Parsing Buffer Overflow Vulnerability
18995| [801899] Tele Data Contact Management Server Directory Traversal Vulnerability
18996| [801892] Adobe Flash Media Server XML Data Remote Denial of Service Vulnerability
18997| [801828] Wireshark ENTTEC DMX Data RLE Buffer Overflow Vulnerability (Win)
18998| [801579] HP Data Protector Manager Remote Denial of Service Vulnerability
18999| [801552] PGP Desktop Signed Data Spoofing Vulnerability
19000| [801488] Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability (947864)
19001| [801330] Microsoft Internet Explorer Cross Site Data Leakage Vulnerability
19002| [801329] Google Chrome Cross Site Data Leakage Vulnerability (Windows)
19003| [801101] Orca Browser 'javascript:' And 'data:' URI XSS Vulnerability
19004| [800899] QtWeb 'javascript:' And 'data:' URI XSS Vulnerability
19005| [800897] Maxthon 'javascript:' And 'data:' URI XSS Vulnerability
19006| [800890] Mozilla Firefox 'data:' URI XSS Vulnerability - Sep09 (Linux)
19007| [800889] Mozilla Firefox 'data:' URI XSS Vulnerability - Sep09 (Win)
19008| [800185] Zope Object Database ZEO Server Denial of Service Vulnerability
19009| [103497] ASP Content Management Database Information Disclosure Vulnerability
19010| [103496] Log1 CMS 'data.php' PHP Code Injection Vulnerability
19011| [103432] webgrind 'dataFile' Parameter Cross Site Scripting Vulnerability
19012| [103334] Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
19013| [103332] CMS Made Simple Remote Database Corruption Vulnerability
19014| [103253] Cogent DataHub Multiple Vulnerabilities
19015| [103250] MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities
19016| [103182] Trend Micro Data Loss Prevention Directory Traversal Vulnerability
19017| [103181] Trend Micro Data Loss Prevention Detection
19018| [100884] OTRS 'AgentTicketZoom' HTML Injection Vulnerability
19019| [100868] OCS Inventory NG Agent 'Backend.pm' Perl Module Handling Code Execution Vulnerability
19020| [100602] PHP Session Data Deserialization Arbitrary Code Execution Vulnerability
19021| [100581] PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability
19022| [100547] freeSSHd SSH2 Connection Data Remote Buffer Overflow Vulnerability
19023| [100479] Ingres Database Detection
19024| [100469] Open Media Collectors Database Multiple Local File Include Vulnerabilities
19025| [100468] Open Media Collectors Database Detection
19026| [100293] DataWizard FtpXQ Remote Denial of Service Vulnerability
19027| [100205] Cacti 'data_input.php' Cross Site Scripting Vulnerability
19028| [100141] NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure Vulnerability
19029| [90024] Windows Vulnerability in Microsoft Jet Database Engine
19030| [80088] Sybase ASA default database password
19031| [80053] DataWizard FTPXQ Default Accounts
19032| [80004] Firebase/Interbase database Server service detection
19033| [71856] Gentoo Security Advisory GLSA 201208-06 (libgdata)
19034| [71462] Debian Security Advisory DSA 2482-1 (libgdata)
19035| [66201] Fedora Core 11 FEDORA-2009-11034 (alienarena-data)
19036| [65872] SLES10: Security update for evolution-data-server
19037| [64380] Debian Security Advisory DSA 1828-1 (ocsinventory-agent)
19038| [64186] Debian Security Advisory DSA 1813-1 (evolution-data-server)
19039| [64055] CentOS Security Advisory CESA-2009:0354 (evolution-data-server)
19040| [64049] CentOS Security Advisory CESA-2009:0355 (evolution-data-server)
19041| [63649] Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server)
19042| [63618] Ubuntu USN-733-1 (evolution-data-server)
19043| [63598] Fedora Core 9 FEDORA-2009-2792 (evolution-data-server)
19044| [63597] Fedora Core 10 FEDORA-2009-2784 (evolution-data-server)
19045| [58837] FreeBSD Ports: evolution-data-server
19046| [58743] Gentoo Security Advisory GLSA 200711-04 (evolution-data-server)
19047| [58456] Gentoo Security Advisory GLSA 200707-03 (evolution-data-server)
19048| [58426] Debian Security Advisory DSA 1321-1 (evolution-data-server)
19049| [53070] FreeBSD Ports: razor-agents
19050| [20160] Cheops NG Agent Detection
19051| [18213] RSA Security RSA Authentication Agent For Web XSS
19052| [17323] aeNovo Database Content Disclosure Vulnerability
19053| [17296] Kill service with random data
19054| [16388] Credit Card Data Disclosure in CitrusDB
19055| [15900] CUPS Empty UDP Datagram DoS Vulnerability
19056| [14285] CVSTrac database plaintext password storage
19057| [11718] Lotus /./ database lock
19058| [11544] MonkeyWeb POST with too much data
19059| [11069] HTTP User-Agent overflow
19060| [10963] Compaq Web Based Management Agent Proxy Vulnerability
19061| [10847] SilverStream database structure
19062| [10629] Lotus Domino administration databases
19063| [10265] An SNMP Agent is running
19064| [10264] Default community names of the SNMP Agent
19065|
19066| SecurityTracker - https://www.securitytracker.com:
19067| [1022060] IBM Tivoli Continuous Data Protection for Files Input Validation Flaw Permits Cross-Site Scripting Attacks
19068| [1027922] EMC Data Protection Advisor Lets Remote Authenticated Users View Files on the Target System.
19069| [1027781] RSA Data Protection Manager Bugs Permit Cross-Site Scripting Attacks and Let Local Users Bypass Security Restrictions
19070| [1026956] EMC Data Protection Advisor Server and Collector Bugs Let Remote Users Deny Service
19071| [1026878] EMC Data Protection Advisor Null Pointer Dereference and Infinite Loop Let Remote Users Deny Service
19072| [1025859] EMC Data Protection Advisor Lets Local Users View Potentially Sensitive Information Including Passwords
19073| [1025253] EMC Data Protection Advisor Collector for Solaris File Permission Error Lets Remote Authenticated Users Gain Elevated Privileges
19074| [1025147] HP StorageWorks File Migration Agent Flaw Lets Remote Users Modify the Data Store
19075| [1024704] Novell GroupWise Internet Agent Buffer Overflows in Processing VCALENDAR Data Let Remote Users Execute Arbitrary Code
19076| [1023311] Symantec Backup Exec Continuous Protection Server Input Validation Flaw in VRTSweb Component Lets Remote Users Execute Arbitrary Code
19077| [1017006] CA Business Protection Suite Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code
19078| [1017005] CA Server Protection Suite Buffer Overflows in Backup Agent, Job Engine and Discovery Services Let Remote Users Execute Arbitrary Code
19079| [1016688] HP OpenView Storage Data Protector Input Validation Flaw in Backup Agents Lets Remote Users Execute Arbitrary Commands
19080| [1009175] Proofpoint Protection Server Grants Remote Users Access to the Underlying Database
19081| [1006986] Progress Database _dbagent Command Option Lets Local Users Execute Arbitrary Code With Root Privileges
19082| [1005436] Microsoft Data Engine/Desktop Engine (MSDE) Bugs Let Remote Authenticated Users Create/Delete/Execute Web Tasks With SQL Server Agent Privileges
19083| [1002792] High-bandwidth Digital Content Protection (HDCP) System Feasibly Allows A User to Decrypt Data and Clone Devices
19084| [1002669] Lotus Domino Web Server Default Navigation Protection Mechanisms Can Be Bypassed by Remote Users, Allowing Some Portions of the Database to be Viewed
19085|
19086| OSVDB - http://www.osvdb.org:
19087| [87640] SonicWALL Continuous Data Protection (CDP) 5040 System >
19088| [87639] SonicWALL Continuous Data Protection (CDP) 5040 Network >
19089| [87638] SonicWALL Continuous Data Protection (CDP) 5040 BMR >
19090| [53651] IBM Tivoli Continuous Data Protection for Files login/FilepathLogin.html reason Parameter XSS
19091| [41620] IBM Tivoli Continuous Data Protection for Files (CDP) Central Admin Global Directory Permission Weakness
19092| [90312] BlackBerry Enterprise Server Mobile Data System (MDS) Connection Service / Messaging Agent TIFF File Processing Arbitrary Code Execution
19093| [90189] newrelic_rpm Gem for Ruby Agent New Relic Server Data Transmission Information Disclosure
19094| [88724] EMC Data Protection Advisor Web UI Traversal Arbitrary File Access
19095| [88001] Safend Data Protector SDBagent / SDPagent Unquoted Path Local Privilege Escalation Weakness
19096| [87999] Safend Data Protector SDBagent / SDPagent Permission Weakness Local Privilege Escalation
19097| [87537] RSA Data Protection Manager Appliance / Software Server Unspecified XSS
19098| [87536] RSA Data Protection Manager Appliance Account Brute Force Weakness
19099| [85643] Apple iOS Mail Data Protection Email Attachment Access Restriction Weakness
19100| [84881] McAfee Host Data Loss Prevention (DLP) Web Post Protection Feature Local Information Disclosure
19101| [84307] AirDroid Application for Android JSON Data Pass Value Manipulation Multiple Login Protection Bypass
19102| [81669] HP Insight Management Agents Unspecified Data Manipulation
19103| [80815] EMC Data Protection Advisor DPA_Utilities Library Endless Loop Remote DoS
19104| [80814] EMC Data Protection Advisor DPA_Utilities.cProcessAuthenticationData Function AUTHENTICATECONNECTION Command NULL Pointer Dereference Remote DoS
19105| [78046] DataDirect SequeLink oaagent.exe GIOP Packet Parsing Remote Overflow
19106| [76867] RSA Data Protection Manager Session Termination Weakness
19107| [74136] EMC Data Protection Advisor Configuration File Cleartext Credentials Disclosure
19108| [71685] EMC Data Protection Advisor Collector on SPARC Unspecified Local Privilege Escalation
19109| [70676] Novell GroupWise Internet Agent Email Message VCALENDAR Data TZID Variable Remote Overflow
19110| [70548] Oracle Database Server Scheduler Agent Unspecified Remote Issue
19111| [69230] PHP utf8_decode Function UTF-8 Encoding / Data Crafted String Protection Mechanism Bypass
19112| [62615] Oracle Database DBMS_ASSERT Protection Bypass
19113| [49442] IBM Tivoli Storage Manager (TSM) Express for Microsoft SQL SQL CAD Data Protection (dsmcat.exe) Remote Overflow
19114| [44984] RSA Authentication Agent IISWebAgentIF.dll postdata Parameter URL-Encoded XSS
19115| [43844] RSA SecurID WebID RSA Authentication Agent (IISWebAgentIF.dll) postdata Variable Blacklist Bypass
19116| [39939] Oracle Database Agent Unauthenticated Remote Information Disclosure
19117| [39929] Oracle Database Streams DBMS_APPLY_USER_AGENT.SET_REGISTRATION_HANDLER Procedure SQL Injection
19118| [34020] IBM DB2 Universal Database Remote db2agents Crafted Termination DoS
19119| [27943] HP OpenView Storage Data Protector Backup Agents Unspecified Remote Command Execution
19120| [24855] Oracle Database Enterprise Manager Intelligent Agent Unspecified Local Issue
19121| [21937] Sygate Protection Agent smcgui.exe Management GUI Protection Local Bypass
19122| [20596] Oracle Database Intelligent Agent Unspecified Local Issue
19123| [20009] Linux Kernel mprotect.c PTE Protection Modification Data Corruption
19124| [13491] Ximian Evolution Mail User Agent handle_image Function Arbitrary Data Injection
19125| [13416] Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter)
19126| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
19127| [9668] IBM Tivoli OPC Tracker Agent localtracker Malformed Data Remote DoS
19128| [6283] Zope Image and File Update Data Protection Bypass
19129| [1706] IBM HTTP Server AfpaCache/WebSphereNet.Data user-agent Header Handling Remote DoS
19130|_
191312077/tcp open tsrmagt?
191322078/tcp open tpcsrvr?
191332080/tcp open autodesk-nlm?
191342082/tcp open infowave?
19135| fingerprint-strings:
19136| DNSStatusRequestTCP:
19137| HTTP/1.1 400 Bad Request
19138| Date: Sat, 14 Dec 2019 23:18:41 GMT
19139| Content-Type: text/html
19140| Content-Length: 154
19141| Connection: close
19142| Server: imunify360-webshield/1.8
19143| <html>
19144| <head><title>400 Bad Request</title></head>
19145| <body>
19146| <center><h1>400 Bad Request</h1></center>
19147| <hr><center>openresty</center>
19148| </body>
19149| </html>
19150| DNSVersionBindReqTCP:
19151| HTTP/1.1 400 Bad Request
19152| Date: Sat, 14 Dec 2019 23:18:40 GMT
19153| Content-Type: text/html
19154| Content-Length: 154
19155| Connection: close
19156| Server: imunify360-webshield/1.8
19157| <html>
19158| <head><title>400 Bad Request</title></head>
19159| <body>
19160| <center><h1>400 Bad Request</h1></center>
19161| <hr><center>openresty</center>
19162| </body>
19163| </html>
19164| Help:
19165| HTTP/1.1 400 Bad Request
19166| Date: Sat, 14 Dec 2019 23:18:42 GMT
19167| Content-Type: text/html
19168| Content-Length: 154
19169| Connection: close
19170| Server: imunify360-webshield/1.8
19171| <html>
19172| <head><title>400 Bad Request</title></head>
19173| <body>
19174| <center><h1>400 Bad Request</h1></center>
19175| <hr><center>openresty</center>
19176| </body>
19177| </html>
19178| SSLSessionReq:
19179| HTTP/1.1 400 Bad Request
19180| Date: Sat, 14 Dec 2019 23:18:43 GMT
19181| Content-Type: text/html
19182| Content-Length: 154
19183| Connection: close
19184| Server: imunify360-webshield/1.8
19185| <html>
19186| <head><title>400 Bad Request</title></head>
19187| <body>
19188| <center><h1>400 Bad Request</h1></center>
19189| <hr><center>openresty</center>
19190| </body>
19191| </html>
19192| TerminalServerCookie:
19193| HTTP/1.1 400 Bad Request
19194| Date: Sat, 14 Dec 2019 23:18:44 GMT
19195| Content-Type: text/html
19196| Content-Length: 154
19197| Connection: close
19198| Server: imunify360-webshield/1.8
19199| <html>
19200| <head><title>400 Bad Request</title></head>
19201| <body>
19202| <center><h1>400 Bad Request</h1></center>
19203| <hr><center>openresty</center>
19204| </body>
19205|_ </html>
192062083/tcp open ssl/radsec?
19207| fingerprint-strings:
19208| GetRequest:
19209| HTTP/1.1 200 OK
19210| Date: Sat, 14 Dec 2019 23:18:50 GMT
19211| Content-Type: text/html
19212| Content-Length: 20772
19213| Connection: close
19214| Server: imunify360-webshield/1.8
19215| Last-Modified: Saturday, 14-Dec-2019 23:18:50 GMT
19216| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19217| <!DOCTYPE html>
19218| <html lang="{ngx.var.captcha_lang or "en"}">
19219| <head>
19220| <meta charset="UTF-8">
19221| <title>Captcha</title>
19222| <link rel="stylesheet"
19223| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19224| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19225| crossorigin="anonymous">
19226| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19227| rel="icon" t
19228| HTTPOptions:
19229| HTTP/1.1 200 OK
19230| Date: Sat, 14 Dec 2019 23:18:52 GMT
19231| Content-Type: text/html
19232| Content-Length: 20772
19233| Connection: close
19234| Server: imunify360-webshield/1.8
19235| Last-Modified: Saturday, 14-Dec-2019 23:18:52 GMT
19236| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19237| <!DOCTYPE html>
19238| <html lang="{ngx.var.captcha_lang or "en"}">
19239| <head>
19240| <meta charset="UTF-8">
19241| <title>Captcha</title>
19242| <link rel="stylesheet"
19243| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19244| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19245| crossorigin="anonymous">
19246| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19247|_ rel="icon" t
192482086/tcp open gnunet?
19249| fingerprint-strings:
19250| GenericLines, NULL:
19251| HTTP/1.0 401 Access Denied
19252| Connection: close
19253| Content-Type: text/html; charset="utf-8"
19254| Date: Sat, 14 Dec 2019 23:18:07 GMT
19255| Cache-Control: no-cache, no-store, must-revalidate, private
19256| Pragma: no-cache
19257| X-Error-Message: Access Denied
19258| X-Frame-Options: SAMEORIGIN
19259| X-Content-Type-Options: nosniff
19260| Content-Length: 5012
19261| <!DOCTYPE html>
19262| <html lang="en" dir="ltr">
19263| <head>
19264| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
19265| <meta name="viewport" content="width=device-width, initial-scale=1.0">
19266| <meta name="google" content="notranslate" />
19267| <meta name="apple-itunes-app" content="app-id=1188352635" />
19268| <title>WHM Login</title>
19269|_ <link rel="shortcut icon" href="data:image/x-icon;base64,AAABAAEAICAAAAEAIADSAgAAFgAAAIlQTkcNChoKAAAADUlIRFIAAAAgAAAAIAgGAAAAc3p69AAAAplJREFUWIXt1j2IHGUYB/DfOzdnjIKFkECIVWIKvUFsIkRExa9KJCLaWAgWJx4DilZWgpDDiI0wiViIoGATP1CCEDYHSeCwU
192702087/tcp open ssl/eli?
19271| fingerprint-strings:
19272| GetRequest:
19273| HTTP/1.1 200 OK
19274| Date: Sat, 14 Dec 2019 23:18:52 GMT
19275| Content-Type: text/html
19276| Content-Length: 20772
19277| Connection: close
19278| Server: imunify360-webshield/1.8
19279| Last-Modified: Saturday, 14-Dec-2019 23:18:52 GMT
19280| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19281| <!DOCTYPE html>
19282| <html lang="{ngx.var.captcha_lang or "en"}">
19283| <head>
19284| <meta charset="UTF-8">
19285| <title>Captcha</title>
19286| <link rel="stylesheet"
19287| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19288| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19289| crossorigin="anonymous">
19290| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19291| rel="icon" t
19292| HTTPOptions:
19293| HTTP/1.1 200 OK
19294| Date: Sat, 14 Dec 2019 23:18:54 GMT
19295| Content-Type: text/html
19296| Content-Length: 20772
19297| Connection: close
19298| Server: imunify360-webshield/1.8
19299| Last-Modified: Saturday, 14-Dec-2019 23:18:54 GMT
19300| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19301| <!DOCTYPE html>
19302| <html lang="{ngx.var.captcha_lang or "en"}">
19303| <head>
19304| <meta charset="UTF-8">
19305| <title>Captcha</title>
19306| <link rel="stylesheet"
19307| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19308| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19309| crossorigin="anonymous">
19310| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19311|_ rel="icon" t
193122095/tcp open nbx-ser?
19313| fingerprint-strings:
19314| DNSStatusRequestTCP:
19315| HTTP/1.1 400 Bad Request
19316| Date: Sat, 14 Dec 2019 23:18:41 GMT
19317| Content-Type: text/html
19318| Content-Length: 154
19319| Connection: close
19320| Server: imunify360-webshield/1.8
19321| <html>
19322| <head><title>400 Bad Request</title></head>
19323| <body>
19324| <center><h1>400 Bad Request</h1></center>
19325| <hr><center>openresty</center>
19326| </body>
19327| </html>
19328| DNSVersionBindReqTCP:
19329| HTTP/1.1 400 Bad Request
19330| Date: Sat, 14 Dec 2019 23:18:40 GMT
19331| Content-Type: text/html
19332| Content-Length: 154
19333| Connection: close
19334| Server: imunify360-webshield/1.8
19335| <html>
19336| <head><title>400 Bad Request</title></head>
19337| <body>
19338| <center><h1>400 Bad Request</h1></center>
19339| <hr><center>openresty</center>
19340| </body>
19341| </html>
19342| Help:
19343| HTTP/1.1 400 Bad Request
19344| Date: Sat, 14 Dec 2019 23:18:42 GMT
19345| Content-Type: text/html
19346| Content-Length: 154
19347| Connection: close
19348| Server: imunify360-webshield/1.8
19349| <html>
19350| <head><title>400 Bad Request</title></head>
19351| <body>
19352| <center><h1>400 Bad Request</h1></center>
19353| <hr><center>openresty</center>
19354| </body>
19355| </html>
19356| SSLSessionReq:
19357| HTTP/1.1 400 Bad Request
19358| Date: Sat, 14 Dec 2019 23:18:43 GMT
19359| Content-Type: text/html
19360| Content-Length: 154
19361| Connection: close
19362| Server: imunify360-webshield/1.8
19363| <html>
19364| <head><title>400 Bad Request</title></head>
19365| <body>
19366| <center><h1>400 Bad Request</h1></center>
19367| <hr><center>openresty</center>
19368| </body>
19369| </html>
19370| TerminalServerCookie:
19371| HTTP/1.1 400 Bad Request
19372| Date: Sat, 14 Dec 2019 23:18:44 GMT
19373| Content-Type: text/html
19374| Content-Length: 154
19375| Connection: close
19376| Server: imunify360-webshield/1.8
19377| <html>
19378| <head><title>400 Bad Request</title></head>
19379| <body>
19380| <center><h1>400 Bad Request</h1></center>
19381| <hr><center>openresty</center>
19382| </body>
19383|_ </html>
193842096/tcp open ssl/nbx-dir?
19385| fingerprint-strings:
19386| GetRequest:
19387| HTTP/1.1 200 OK
19388| Date: Sat, 14 Dec 2019 23:18:52 GMT
19389| Content-Type: text/html
19390| Content-Length: 20772
19391| Connection: close
19392| Server: imunify360-webshield/1.8
19393| Last-Modified: Saturday, 14-Dec-2019 23:18:52 GMT
19394| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19395| <!DOCTYPE html>
19396| <html lang="{ngx.var.captcha_lang or "en"}">
19397| <head>
19398| <meta charset="UTF-8">
19399| <title>Captcha</title>
19400| <link rel="stylesheet"
19401| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19402| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19403| crossorigin="anonymous">
19404| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19405| rel="icon" t
19406| HTTPOptions:
19407| HTTP/1.1 200 OK
19408| Date: Sat, 14 Dec 2019 23:18:54 GMT
19409| Content-Type: text/html
19410| Content-Length: 20772
19411| Connection: close
19412| Server: imunify360-webshield/1.8
19413| Last-Modified: Saturday, 14-Dec-2019 23:18:54 GMT
19414| Cache-Control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
19415| <!DOCTYPE html>
19416| <html lang="{ngx.var.captcha_lang or "en"}">
19417| <head>
19418| <meta charset="UTF-8">
19419| <title>Captcha</title>
19420| <link rel="stylesheet"
19421| href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css"
19422| integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7"
19423| crossorigin="anonymous">
19424| <link href="data:image/x-icon;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQEAYAAABPYyMiAAAABmJLR0T///////8JWPfcAAAACXBIWXMAAABIAAAASABGyWs+AAAAF0lEQVRIx2NgGAWjYBSMglEwCkbBSAcACBAAAeaR9cIAAAAASUVORK5CYII="
19425|_ rel="icon" t
194262420/tcp open dslremote-mgmt?
194278889/tcp open tcpwrapped
1942852228/tcp open tcpwrapped
1942952229/tcp open tcpwrapped
1943052230/tcp open tcpwrapped
19431
19432Running (JUST GUESSING): Fortinet embedded (87%)
19433OS CPE: cpe:/h:fortinet:fortigate_100d
19434Aggressive OS guesses: Fortinet FortiGate 100D firewall (87%)
19435No exact OS matches for host (test conditions non-ideal).
19436
19437TRACEROUTE (using port 20/tcp)
19438HOP RTT ADDRESS
194391 153.40 ms 10.218.200.1
194402 ...
194413 155.18 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
194424 154.99 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
194435 158.57 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190)
194446 160.83 ms be3376.ccr21.sto01.atlas.cogentco.com (130.117.50.226)
194457 160.88 ms ae-11.edge4.Stockholm2.Level3.net (4.68.106.129)
194468 ...
194479 302.53 ms GTD-INTERNE.ear3.Miami2.Level3.net (4.15.156.162)
1944810 411.58 ms scl1.ae2.100.mia1.gtdinternet.com.63.196.190.in-addr.arpa (190.196.63.131)
1944911 ... 30
19450
19451NSE: Script Post-scanning.
19452Initiating NSE at 18:20
19453Completed NSE at 18:20, 0.00s elapsed
19454Initiating NSE at 18:20
19455Completed NSE at 18:20, 0.00s elapsed
19456#######################################################################################################################################
19457Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 18:20 EST
19458NSE: Loaded 47 scripts for scanning.
19459NSE: Script Pre-scanning.
19460Initiating NSE at 18:20
19461Completed NSE at 18:20, 0.00s elapsed
19462Initiating NSE at 18:20
19463Completed NSE at 18:20, 0.00s elapsed
19464Initiating Parallel DNS resolution of 1 host. at 18:20
19465Completed Parallel DNS resolution of 1 host. at 18:20, 0.02s elapsed
19466Initiating UDP Scan at 18:20
19467Scanning phis104123.dedicados.cl (201.148.104.123) [15 ports]
19468Completed UDP Scan at 18:20, 3.17s elapsed (15 total ports)
19469Initiating Service scan at 18:20
19470Scanning 13 services on phis104123.dedicados.cl (201.148.104.123)
19471Service scan Timing: About 7.69% done; ETC: 18:41 (0:19:36 remaining)
19472Completed Service scan at 18:22, 102.59s elapsed (13 services on 1 host)
19473Initiating OS detection (try #1) against phis104123.dedicados.cl (201.148.104.123)
19474Retrying OS detection (try #2) against phis104123.dedicados.cl (201.148.104.123)
19475Initiating Traceroute at 18:22
19476Completed Traceroute at 18:22, 7.17s elapsed
19477Initiating Parallel DNS resolution of 1 host. at 18:22
19478Completed Parallel DNS resolution of 1 host. at 18:22, 0.00s elapsed
19479NSE: Script scanning 201.148.104.123.
19480Initiating NSE at 18:22
19481Completed NSE at 18:22, 7.14s elapsed
19482Initiating NSE at 18:22
19483Completed NSE at 18:22, 1.11s elapsed
19484Nmap scan report for phis104123.dedicados.cl (201.148.104.123)
19485Host is up (0.15s latency).
19486
19487PORT STATE SERVICE VERSION
1948853/udp open|filtered domain
1948967/udp open|filtered dhcps
1949068/udp open|filtered dhcpc
1949169/udp open|filtered tftp
1949288/udp open|filtered kerberos-sec
19493123/udp open|filtered ntp
19494137/udp filtered netbios-ns
19495138/udp filtered netbios-dgm
19496139/udp open|filtered netbios-ssn
19497161/udp open|filtered snmp
19498162/udp open|filtered snmptrap
19499389/udp open|filtered ldap
19500500/udp open|filtered isakmp
19501|_ike-version: ERROR: Script execution failed (use -d to debug)
19502520/udp open|filtered route
195032049/udp open|filtered nfs
19504Too many fingerprints match this host to give specific OS details
19505
19506TRACEROUTE (using port 137/udp)
19507HOP RTT ADDRESS
195081 145.55 ms 10.218.200.1
195092 ... 3
195104 147.03 ms 10.218.200.1
195115 154.52 ms 10.218.200.1
195126 154.50 ms 10.218.200.1
195137 154.49 ms 10.218.200.1
195148 154.49 ms 10.218.200.1
195159 154.46 ms 10.218.200.1
1951610 148.87 ms 10.218.200.1
1951711 ... 18
1951819 146.24 ms 10.218.200.1
1951920 148.87 ms 10.218.200.1
1952021 ... 28
1952129 145.68 ms 10.218.200.1
1952230 146.43 ms 10.218.200.1
19523
19524NSE: Script Post-scanning.
19525Initiating NSE at 18:22
19526Completed NSE at 18:22, 0.00s elapsed
19527Initiating NSE at 18:22
19528Completed NSE at 18:22, 0.00s elapsed
19529#######################################################################################################################################
19530 Anonymous JTSEC #OpChili Full Recon #15