· 6 years ago · Jan 04, 2020, 08:53 AM
1####################################################################################################################################
2=====================================================================================================================================
3Hostname www.crayford.com ISP Paragon Internet Group Limited
4Continent Europe Flag
5GB
6Country United Kingdom Country Code GB
7Region Unknown Local time 04 Jan 2020 07:26 GMT
8City Unknown Postal Code Unknown
9IP Address 87.247.240.207 Latitude 51.496
10 Longitude -0.122
11======================================================================================================================================
12####################################################################################################################################
13> www.crayford.com
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18Name: www.crayford.com
19Address: 87.247.240.207
20>
21#####################################################################################################################################
22 Domain Name: CRAYFORD.COM
23 Registry Domain ID: 11000620_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.corporatedomains.com
25 Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
26 Updated Date: 2019-11-26T15:47:54Z
27 Creation Date: 1999-10-05T16:39:16Z
28 Registry Expiry Date: 2020-10-05T16:39:16Z
29 Registrar: CSC Corporate Domains, Inc.
30 Registrar IANA ID: 299
31 Registrar Abuse Contact Email: domainabuse@cscglobal.com
32 Registrar Abuse Contact Phone: 8887802723
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: NS1.NETNAMES.NET
35 Name Server: NS2.NETNAMES.NET
36 Name Server: NS5.NETNAMES.NET
37 Name Server: NS6.NETNAMES.NET
38 DNSSEC: unsigned
39#####################################################################################################################################
40Domain Name: crayford.com
41Registry Domain ID: 11000620_DOMAIN_COM-VRSN
42Registrar WHOIS Server: whois.corporatedomains.com
43Registrar URL: www.cscprotectsbrands.com
44Updated Date: 2019-11-26T10:47:54Z
45Creation Date: 1999-10-05T12:39:16Z
46Registrar Registration Expiration Date: 2020-10-05T16:39:16Z
47Registrar: CSC CORPORATE DOMAINS, INC.
48Sponsoring Registrar IANA ID: 299
49Registrar Abuse Contact Email: domainabuse@cscglobal.com
50Registrar Abuse Contact Phone: +1.8887802723
51Domain Status: ok http://www.icann.org/epp#ok
52Registry Registrant ID:
53Registrant Name: Trevor Spink
54Registrant Organization: Eonic Associates LLP
55Registrant Street: 11 Heskett Park
56Registrant City: Pembury
57Registrant State/Province: Kent
58Registrant Postal Code: TN2 4JF
59Registrant Country: GB
60Registrant Phone: +44.1892534044
61Registrant Phone Ext:
62Registrant Fax:
63Registrant Fax Ext:
64Registrant Email: domains@eonic.co.uk
65Registry Admin ID:
66Admin Name: Trevor Spink
67Admin Organization: Eonic Associates LLP
68Admin Street: 11 Heskett Park
69Admin City: Pembury
70Admin State/Province: Kent
71Admin Postal Code: TN2 4JF
72Admin Country: GB
73Admin Phone: +44.1892534044
74Admin Phone Ext:
75Admin Fax:
76Admin Fax Ext:
77Admin Email: domains@eonic.co.uk
78Registry Tech ID:
79Tech Name: NetNames Hostmaster
80Tech Organization: Netnames Ltd
81Tech Street: 37th Floor
82Tech City: London
83Tech State/Province: London
84Tech Postal Code: E14 5LQ
85Tech Country: GB
86Tech Phone: +44.2070159370
87Tech Phone Ext:
88Tech Fax: +44.2070159375
89Tech Fax Ext:
90Tech Email: hostmaster@netnames.net
91Name Server: dns1.cscdns.net
92Name Server: dns2.cscdns.net
93DNSSEC: unsigned
94####################################################################################################################################
95[+] Target : www.crayford.com
96
97[+] IP Address : 87.247.240.207
98
99[+] Headers :
100
101[+] Date : Sat, 04 Jan 2020 07:32:06 GMT
102[+] Server : Apache
103[+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
104[+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
105[+] Pragma : no-cache
106[+] Set-Cookie : PHPSESSID=gn2r2r4lh96og6l893qsudjhb3; expires=Sat, 04-Jan-2020 08:32:07 GMT; Max-Age=3600; path=/
107[+] Keep-Alive : timeout=5, max=100
108[+] Connection : Keep-Alive
109[+] Transfer-Encoding : chunked
110[+] Content-Type : text/html; charset=UTF-8
111
112[+] SSL Certificate Information :
113
114[+] organizationalUnitName : Domain Control Validated
115[+] commonName : crayford.com
116[+] countryName : US
117[+] stateOrProvinceName : Arizona
118[+] localityName : Scottsdale
119[+] organizationName : Starfield Technologies, Inc.
120[+] organizationalUnitName : http://certs.starfieldtech.com/repository/
121[+] commonName : Starfield Secure Certificate Authority - G2
122[+] Version : 3
123[+] Serial Number : 9F0CBAED2E2EA0F2
124[+] Not Before : Jun 10 08:58:15 2019 GMT
125[+] Not After : Jun 12 12:27:03 2020 GMT
126[+] OCSP : ('http://ocsp.starfieldtech.com/',)
127[+] subject Alt Name : (('DNS', 'crayford.com'), ('DNS', 'www.crayford.com'))
128[+] CA Issuers : ('http://certificates.starfieldtech.com/repository/sfig2.crt',)
129[+] CRL Distribution Points : ('http://crl.starfieldtech.com/sfig2s1-149.crl',)
130
131[+] Whois Lookup :
132
133[+] NIR : None
134[+] ASN Registry : ripencc
135[+] ASN : 198047
136[+] ASN CIDR : 87.247.240.0/21
137[+] ASN Country Code : GB
138[+] ASN Date : 2006-02-03
139[+] ASN Description : UKWEB-EQX, GB
140[+] cidr : 87.247.240.0/21
141[+] name : UK-PARAGON-20060203
142[+] handle : PAR487-RIPE
143[+] range : 87.247.240.0 - 87.247.247.255
144[+] description : None
145[+] country : GB
146[+] state : None
147[+] city : None
148[+] address : 113 - 114 Buckingham Avenue
149SL1 4PF
150Slough
151UNITED KINGDOM
152[+] postal_code : None
153[+] emails : None
154[+] created : 2006-02-03T12:53:28Z
155[+] updated : 2017-07-06T09:37:09Z
156
157[+] Crawling Target...
158
159[+] Looking for robots.txt........[ Found ]
160[+] Extracting robots Links.......[ 4 ]
161[+] Looking for sitemap.xml.......[ Found ]
162[+] Extracting sitemap Links......[ 51 ]
163[+] Extracting CSS Links..........[ 2 ]
164[+] Extracting Javascript Links...[ 10 ]
165[+] Extracting Internal Links.....[ 2 ]
166[+] Extracting External Links.....[ 3 ]
167[+] Extracting Images.............[ 11 ]
168
169[+] Total Links Extracted : 82
170
171[+] Dumping Links in /opt/FinalRecon/dumps/www.crayford.com.dump
172[+] Completed!
173####################################################################################################################################
174[i] Scanning Site: https://www.crayford.com
175
176
177
178B A S I C I N F O
179====================
180
181
182[+] Site Title: Crayford - The Home of Greyhound Racing
183[+] IP address: 87.247.240.207
184[+] Web Server: Apache
185[+] CMS: Could Not Detect
186[+] Cloudflare: Not Detected
187[+] Robots File: Found
188
189-------------[ contents ]----------------
190User-agent: *
191
192Disallow: /inc/
193Disallow: /edit/
194Allow: /edit/files/
195Allow: /edit/resized_images/
196
197Sitemap: https://www.crayford.com/sitemap.xml
198-----------[end of contents]-------------
199
200
201
202W H O I S L O O K U P
203========================
204
205 Domain Name: CRAYFORD.COM
206 Registry Domain ID: 11000620_DOMAIN_COM-VRSN
207 Registrar WHOIS Server: whois.corporatedomains.com
208 Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
209 Updated Date: 2019-11-26T15:47:54Z
210 Creation Date: 1999-10-05T16:39:16Z
211 Registry Expiry Date: 2020-10-05T16:39:16Z
212 Registrar: CSC Corporate Domains, Inc.
213 Registrar IANA ID: 299
214 Registrar Abuse Contact Email: domainabuse@cscglobal.com
215 Registrar Abuse Contact Phone: 8887802723
216 Domain Status: ok https://icann.org/epp#ok
217 Name Server: NS1.NETNAMES.NET
218 Name Server: NS2.NETNAMES.NET
219 Name Server: NS5.NETNAMES.NET
220 Name Server: NS6.NETNAMES.NET
221 DNSSEC: unsigned
222 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
223>>> Last update of whois database: 2020-01-04T07:32:12Z <<<
224
225For more information on Whois status codes, please visit https://icann.org/epp
226
227
228
229The Registry database contains ONLY .COM, .NET, .EDU domains and
230Registrars.
231
232
233
234
235G E O I P L O O K U P
236=========================
237
238[i] IP Address: 87.247.240.207
239[i] Country: United Kingdom
240[i] State:
241[i] City:
242[i] Latitude: 51.4964
243[i] Longitude: -0.1224
244
245
246
247
248H T T P H E A D E R S
249=======================
250
251
252[i] HTTP/1.1 200 OK
253[i] Date: Sat, 04 Jan 2020 07:32:23 GMT
254[i] Server: Apache
255[i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
256[i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
257[i] Pragma: no-cache
258[i] Set-Cookie: PHPSESSID=vshqa840db3tv6giub3hoevie0; expires=Sat, 04-Jan-2020 08:32:23 GMT; Max-Age=3600; path=/
259[i] Connection: close
260[i] Content-Type: text/html; charset=UTF-8
261
262
263
264
265D N S L O O K U P
266===================
267
268crayford.com. 21599 IN SOA ns1.netnames.net. hostmaster.cscdns.net. 2018073005 10800 1800 3600000 86400
269crayford.com. 21599 IN NS ns1.netnames.net.
270crayford.com. 21599 IN NS ns2.netnames.net.
271crayford.com. 21599 IN NS ns5.netnames.net.
272crayford.com. 21599 IN NS ns6.netnames.net.
273crayford.com. 3599 IN MX 0 crayford-com.mail.protection.outlook.com.
274crayford.com. 21599 IN MX 10 aspmx.l.google.com.
275crayford.com. 21599 IN MX 20 alt1.aspmx.l.google.com.
276crayford.com. 21599 IN MX 20 alt2.aspmx.l.google.com.
277crayford.com. 21599 IN MX 30 alt3.aspmx.l.google.com.
278crayford.com. 21599 IN MX 30 alt4.aspmx.l.google.com.
279crayford.com. 3599 IN TXT "MS=ms27798742"
280crayford.com. 21599 IN TXT "google-site-verification=ILUjDEama5jsX4LgyLaYhBKpv31cFzwHXm6bGL5Jw4c"
281crayford.com. 21599 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU8ylYQj7PG+nWw7EDVNcG7Z4nVnHH7wHUirLjwIvoSMzFih27UngGheubYMkICj24uy0SzPUvYc2XiDMzNjDtFX0DW3502PwWA0XGo2HftJZzUHYYm+ht9LjE60G1S1hq6+JWnGJhHkyu7OhEHauPkDtspVnlJOyGuepBKLoXqQIDAQAB"
282crayford.com. 21599 IN TXT "v=spf1 a mx include:spf.ladbrokes.co.uk -all include:spf.protection.outlook.com -all"
283crayford.com. 21599 IN A 87.247.240.207
284
285
286
287
288S U B N E T C A L C U L A T I O N
289====================================
290
291Address = 87.247.240.207
292Network = 87.247.240.207 / 32
293Netmask = 255.255.255.255
294Broadcast = not needed on Point-to-Point links
295Wildcard Mask = 0.0.0.0
296Hosts Bits = 0
297Max. Hosts = 1 (2^0 - 0)
298Host Range = { 87.247.240.207 - 87.247.240.207 }
299
300
301
302N M A P P O R T S C A N
303============================
304
305Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-04 07:32 UTC
306Nmap scan report for crayford.com (87.247.240.207)
307Host is up (0.073s latency).
308rDNS record for 87.247.240.207: crayford.servers.prgn.misp.co.uk
309
310PORT STATE SERVICE
31121/tcp open ftp
31222/tcp open ssh
31323/tcp filtered telnet
31480/tcp open http
315110/tcp open pop3
316143/tcp open imap
317443/tcp open https
3183389/tcp filtered ms-wbt-server
319
320Nmap done: 1 IP address (1 host up) scanned in 1.51 seconds
321
322
323
324S U B - D O M A I N F I N D E R
325==================================
326
327
328[i] Total Subdomains Found : 1
329
330[+] Subdomain: www.crayford.com
331[-] IP: 87.247.240.207
332######################################################################################################################################
333[+] Starting At 2020-01-04 02:32:37.747316
334[+] Collecting Information On: https://www.crayford.com/
335[#] Status: 200
336--------------------------------------------------
337[#] Web Server Detected: Apache
338[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
339- Date: Sat, 04 Jan 2020 07:32:36 GMT
340- Server: Apache
341- Expires: Thu, 19 Nov 1981 08:52:00 GMT
342- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
343- Pragma: no-cache
344- Set-Cookie: PHPSESSID=let5ml019823sbgvb8t05prj43; expires=Sat, 04-Jan-2020 08:32:36 GMT; Max-Age=3600; path=/
345- Keep-Alive: timeout=5, max=100
346- Connection: Keep-Alive
347- Transfer-Encoding: chunked
348- Content-Type: text/html; charset=UTF-8
349--------------------------------------------------
350[#] Finding Location..!
351[#] status: success
352[#] country: United Kingdom
353[#] countryCode: GB
354[#] region: ENG
355[#] regionName: England
356[#] city: Slough
357[#] zip: SL1
358[#] lat: 51.5228
359[#] lon: -0.629228
360[#] timezone: Europe/London
361[#] isp: Paragon Internet Group Limited
362[#] org: Paragon Internet Group Limited
363[#] as: AS198047 Paragon Internet Group Limited
364[#] query: 87.247.240.207
365--------------------------------------------------
366[x] Didn't Detect WAF Presence on: https://www.crayford.com/
367--------------------------------------------------
368[#] Starting Reverse DNS
369[-] Failed ! Fail
370--------------------------------------------------
371[!] Scanning Open Port
372[#] 21/tcp open ftp
373[#] 22/tcp open ssh
374[#] 80/tcp open http
375[#] 110/tcp open pop3
376[#] 143/tcp open imap
377[#] 443/tcp open https
378[#] 465/tcp open smtps
379[#] 587/tcp open submission
380[#] 993/tcp open imaps
381[#] 995/tcp open pop3s
382--------------------------------------------------
383[+] Getting SSL Info
384{'OCSP': ('http://ocsp.starfieldtech.com/',),
385 'caIssuers': ('http://certificates.starfieldtech.com/repository/sfig2.crt',),
386 'crlDistributionPoints': ('http://crl.starfieldtech.com/sfig2s1-149.crl',),
387 'issuer': ((('countryName', 'US'),),
388 (('stateOrProvinceName', 'Arizona'),),
389 (('localityName', 'Scottsdale'),),
390 (('organizationName', 'Starfield Technologies, Inc.'),),
391 (('organizationalUnitName',
392 'http://certs.starfieldtech.com/repository/'),),
393 (('commonName', 'Starfield Secure Certificate Authority - G2'),)),
394 'notAfter': 'Jun 12 12:27:03 2020 GMT',
395 'notBefore': 'Jun 10 08:58:15 2019 GMT',
396 'serialNumber': '9F0CBAED2E2EA0F2',
397 'subject': ((('organizationalUnitName', 'Domain Control Validated'),),
398 (('commonName', 'crayford.com'),)),
399 'subjectAltName': (('DNS', 'crayford.com'), ('DNS', 'www.crayford.com')),
400 'version': 3}
401-----BEGIN CERTIFICATE-----
402MIIGYzCCBUugAwIBAgIJAJ8Muu0uLqDyMA0GCSqGSIb3DQEBCwUAMIHGMQswCQYD
403VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEl
404MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEzMDEGA1UECxMq
405aHR0cDovL2NlcnRzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMTQwMgYD
406VQQDEytTdGFyZmllbGQgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy
407MB4XDTE5MDYxMDA4NTgxNVoXDTIwMDYxMjEyMjcwM1owOjEhMB8GA1UECxMYRG9t
408YWluIENvbnRyb2wgVmFsaWRhdGVkMRUwEwYDVQQDEwxjcmF5Zm9yZC5jb20wggEi
409MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzPcCzGa4Z702ackrmnzEkPvRC
4107IPEdJ9++f2wFMDDM7ILjISisw+TGPEG04cGkisS3xc8q3ab/FvZFnHvdpBpY3zu
411tzzQsv35DTOA69kVfq4odgv8w0Lhe9/+3IWvSF8cbsd9OX+aKdacpAfml1XWO+Hy
412KoXUi+MDKkmBiledO3IMo/SdvKEhpD5wjplERU2TK7FgHrQyeLcrvVtmig35nk2l
413JaTunrP96YkS6ThDt0Y9NMBLMWGxFGz9Ms8buAf7TiwcST2W2Gj07kFyjTu66fmv
414raYDsExNSNiKRjGiLyJ9h5WQ1vfmR8jgC86b8Ru+gqZUmT/bDmGtbfl0SJJ1AgMB
415AAGjggLdMIIC2TAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr
416BgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDov
417L2NybC5zdGFyZmllbGR0ZWNoLmNvbS9zZmlnMnMxLTE0OS5jcmwwYwYDVR0gBFww
418WjBOBgtghkgBhv1uAQcXATA/MD0GCCsGAQUFBwIBFjFodHRwOi8vY2VydGlmaWNh
419dGVzLnN0YXJmaWVsZHRlY2guY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATCBggYI
420KwYBBQUHAQEEdjB0MCoGCCsGAQUFBzABhh5odHRwOi8vb2NzcC5zdGFyZmllbGR0
421ZWNoLmNvbS8wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jZXJ0aWZpY2F0ZXMuc3RhcmZp
422ZWxkdGVjaC5jb20vcmVwb3NpdG9yeS9zZmlnMi5jcnQwHwYDVR0jBBgwFoAUJUWB
423aFAmOD07LSy+zWrZtj2zZmMwKQYDVR0RBCIwIIIMY3JheWZvcmQuY29tghB3d3cu
424Y3JheWZvcmQuY29tMB0GA1UdDgQWBBQmsAWycnrSIx/EXjzoxHaF404IHTCCAQQG
425CisGAQQB1nkCBAIEgfUEgfIA8AB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3
426zQ7IDdwQAAABa0CcEZoAAAQDAEcwRQIgIDwNHK8FOCJhmPrDxaYrY8tB5Dbo+Tsv
427SuOFk9G4RWECIQDkgeMj0FYbQhAyckJm/AqvsSpxsBfRrI+LQ7S+buyV5QB2AF6n
428c/nfVsDntTZIfdBJ4DJ6kZoMhKESEoQYdZaBcUVYAAABa0CcGFUAAAQDAEcwRQIg
429BN5Kay6Wukf7WvmUYVIxhrrsErENioCFQduDTb/NGfwCIQCBdAYWlprMEUGvR/Id
430CbQOGTLEm3afiyH6Za4r4iV+qDANBgkqhkiG9w0BAQsFAAOCAQEAZTP37HBD371M
431LosiXCAoGrjGbHBihA3Wm83aQSQTQVjeV+nHaS4BM/EgF8kkUhNPY9TSxj8quwP0
432fW3xrGtyPmPszoAwOcRhrEtfDaDjrfwEzhLxG8LBEFdkBdkLvdTMoN1IYAJFIjcW
433oIAc3upl1nF0XEfDLkXXbzlDz9LGqB6sKd8XPfMLrLH+PrD8Yb2voXBm8rKJ4v7v
434ibQT8UUFKgV7bj7PkP+D7ZwX9v75LgjkrqMJ+4EoKZBgt7+LBr9DM5SMfgEse5W1
435cKqy629Sv8D+h6ozTND560EEpojyoDyHS5R7kde2ZLXYtSFQRjBi7a43R/q947Hx
436XkNJdyrtgQ==
437-----END CERTIFICATE-----
438
439--------------------------------------------------
440[+] Collecting Information Disclosure!
441[#] Detecting sitemap.xml file
442[!] sitemap.xml File Found: https://www.crayford.com//sitemap.xml
443[#] Detecting robots.txt file
444[!] robots.txt File Found: https://www.crayford.com//robots.txt
445[#] Detecting GNU Mailman
446[!] GNU Mailman App Detected: https://www.crayford.com//mailman/admin
447[!] version: 2.1.29
448--------------------------------------------------
449[+] Crawling Url Parameter On: https://www.crayford.com/
450--------------------------------------------------
451[#] Searching Html Form !
452[-] No Html Form Found!?
453--------------------------------------------------
454[-] No DOM Paramter Found!?
455--------------------------------------------------
456[!] 1 Internal Dynamic Parameter Discovered
457[+] https://www.crayford.com///css/screen.css?v=1578123156
458--------------------------------------------------
459[!] 1 External Dynamic Parameter Discovered
460[#] http://validator.w3.org/check?uri=referer
461--------------------------------------------------
462[!] 79 Internal links Discovered
463[+] https://www.crayford.com///img/ui/fav.ico
464[+] https://www.crayford.com///js/libs/fancybox2/jquery.fancybox.css
465[+] https://www.crayford.com///
466[+] https://www.crayford.com///contact.html
467[+] https://www.crayford.com////www.facebook.com/crayford.racing
468[+] https://www.crayford.com////twitter.com/crayforddogs
469[+] https://www.crayford.com///about.html
470[+] https://www.crayford.com///bookings.html
471[+] https://www.crayford.com///book-a-restaurant.html
472[+] https://www.crayford.com///book-a-party-pack.html
473[+] https://www.crayford.com///book-a-brunch.html
474[+] https://www.crayford.com///celebration-packages.html
475[+] https://www.crayford.com///bookings-terms-and-conditions.html
476[+] https://www.crayford.com///corporate-events.html
477[+] https://www.crayford.com///advertising.html
478[+] https://www.crayford.com///dining.html
479[+] https://www.crayford.com///drinks-lists.html
480[+] https://www.crayford.com///special-offers.html
481[+] https://www.crayford.com///racing-information.html
482[+] https://www.crayford.com///beginners-guide.html
483[+] https://www.crayford.com///opening-daystimes.html
484[+] https://www.crayford.com///trial-results.html
485[+] https://www.crayford.com///race-results.html
486[+] https://www.crayford.com///advance-race-cards.html
487[+] https://www.crayford.com///dog-and-bitch-of-the-month.html
488[+] https://www.crayford.com///race-videos.html
489[+] https://www.crayford.com///links.html
490[+] https://www.crayford.com///our-trainers.html
491[+] https://www.crayford.com///responsible-betting.html
492[+] https://www.crayford.com///greyhound-homing.html
493[+] https://www.crayford.com///christmas-racing-schedule.html
494[+] https://www.crayford.com///become-a-greyhound-owner.html
495[+] https://www.crayford.com///news.html
496[+] https://www.crayford.com///contact.html
497[+] https://www.crayford.com///join-our-team.html
498[+] https://www.crayford.com/dining.html
499[+] http://www.crayford.com/book-a-party-pack.html
500[+] https://www.crayford.com///celebration-packages.html
501[+] https://www.crayford.com/dining.html
502[+] https://www.crayford.com///moneyspinner.html
503[+] https://www.crayford.com///special-offers.html
504[+] https://www.crayford.com///beginners-guide.html
505[+] https://www.crayford.com///advance-race-cards.html
506[+] https://www.crayford.com///pick-6-jackpot.html
507[+] https://www.crayford.com///news/moneyspinner-dates-for-2020.html
508[+] https://www.crayford.com///news/access-policy-statement.html
509[+] https://www.crayford.com///
510[+] https://www.crayford.com///bookings.html
511[+] https://www.crayford.com///book-a-restaurant.html
512[+] https://www.crayford.com///book-a-party-pack.html
513[+] https://www.crayford.com///book-a-brunch.html
514[+] https://www.crayford.com///celebration-packages.html
515[+] https://www.crayford.com///bookings-terms-and-conditions.html
516[+] https://www.crayford.com///corporate-events.html
517[+] https://www.crayford.com///advertising.html
518[+] https://www.crayford.com///racing-information.html
519[+] https://www.crayford.com///beginners-guide.html
520[+] https://www.crayford.com///opening-daystimes.html
521[+] https://www.crayford.com///trial-results.html
522[+] https://www.crayford.com///race-results.html
523[+] https://www.crayford.com///advance-race-cards.html
524[+] https://www.crayford.com///dog-and-bitch-of-the-month.html
525[+] https://www.crayford.com///race-videos.html
526[+] https://www.crayford.com///links.html
527[+] https://www.crayford.com///our-trainers.html
528[+] https://www.crayford.com///responsible-betting.html
529[+] https://www.crayford.com///greyhound-homing.html
530[+] https://www.crayford.com///christmas-racing-schedule.html
531[+] https://www.crayford.com///become-a-greyhound-owner.html
532[+] https://www.crayford.com///about.html
533[+] https://www.crayford.com///
534[+] https://www.crayford.com///sitemap.xml
535[+] https://www.crayford.com///privacy-policy.html
536[+] https://www.crayford.com///cookie-policy.html
537[+] https://www.crayford.com////www.globalgraphics.co.uk/
538[+] https://www.crayford.com///cookie-policy.html
539[+] https://www.crayford.com///cookie-policy.html
540[+] https://www.crayford.com///privacy-policy.html
541[+] https://www.crayford.com///cookie-policy.html
542--------------------------------------------------
543[!] 2 External links Discovered
544[#] https://www.tripadvisor.co.uk/Attraction_Review-g3205121-d2522669-Reviews-Crayford_Greyhound_Track-Crayford_Greater_London_England.html
545[#] https://www.begambleaware.org
546--------------------------------------------------
547[#] Mapping Subdomain..
548[!] Found 2 Subdomain
549- crayford.com
550- www.crayford.com
551--------------------------------------------------
552[!] Done At 2020-01-04 02:32:58.745188
553####################################################################################################################################
554[INFO] ------TARGET info------
555[*] TARGET: https://www.crayford.com/
556[*] TARGET IP: 87.247.240.207
557[INFO] NO load balancer detected for www.crayford.com...
558[*] DNS servers: ns1.netnames.net.
559[*] TARGET server: Apache
560[*] CC: GB
561[*] Country: United Kingdom
562[*] RegionCode: ENG
563[*] RegionName: England
564[*] City: Slough
565[*] ASN: AS198047
566[*] BGP_PREFIX: 87.247.240.0/21
567[*] ISP: UKWEB-EQX Paragon Internet Group Limited, GB
568[INFO] SSL/HTTPS certificate detected
569[*] Issuer: issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", OU = http://certs.starfieldtech.com/repository/, CN = Starfield Secure Certificate Authority - G2
570[*] Subject: subject=OU = Domain Control Validated, CN = crayford.com
571[INFO] DNS enumeration:
572[*] ftp.crayford.com 191.235.166.165
573[*] mail.crayford.com 64.85.1.8
574[INFO] Possible abuse mails are:
575[*] abuse@crayford.com
576[*] abuse@www.crayford.com
577[INFO] NO PAC (Proxy Auto Configuration) file FOUND
578[ALERT] robots.txt file FOUND in http://www.crayford.com/robots.txt
579[INFO] Checking for HTTP status codes recursively from http://www.crayford.com/robots.txt
580[INFO] Status code Folders
581[*] 200 http://www.crayford.com/edit/
582[*] 200 http://www.crayford.com/inc/
583[INFO] Starting FUZZing in http://www.crayford.com/FUzZzZzZzZz...
584[INFO] Status code Folders
585[ALERT] Look in the source code. It may contain passwords
586[INFO] Links found from https://www.crayford.com/ http://87.247.240.207/:
587[*] http://87.247.240.207/cgi-sys/defaultwebpage.cgi
588[*] https://twitter.com/crayforddogs
589[*] https://www.begambleaware.org/
590[*] https://www.crayford.com/
591[*] https://www.crayford.com/about.html
592[*] https://www.crayford.com/advance-race-cards.html
593[*] https://www.crayford.com/advertising.html
594[*] https://www.crayford.com/become-a-greyhound-owner.html
595[*] https://www.crayford.com/beginners-guide.html
596[*] https://www.crayford.com/book-a-brunch.html
597[*] https://www.crayford.com/book-a-party-pack.html
598[*] https://www.crayford.com/book-a-restaurant.html
599[*] https://www.crayford.com/bookings.html
600[*] https://www.crayford.com/bookings-terms-and-conditions.html
601[*] https://www.crayford.com/celebration-packages.html
602[*] https://www.crayford.com/christmas-racing-schedule.html
603[*] https://www.crayford.com/contact.html
604[*] https://www.crayford.com/cookie-policy.html
605[*] https://www.crayford.com/corporate-events.html
606[*] https://www.crayford.com/dining.html
607[*] https://www.crayford.com/dog-and-bitch-of-the-month.html
608[*] https://www.crayford.com/drinks-lists.html
609[*] https://www.crayford.com/greyhound-homing.html
610[*] https://www.crayford.com/join-our-team.html
611[*] https://www.crayford.com/links.html
612[*] https://www.crayford.com/moneyspinner.html
613[*] https://www.crayford.com/news/access-policy-statement.html
614[*] https://www.crayford.com/news.html
615[*] https://www.crayford.com/news/moneyspinner-dates-for-2020.html
616[*] https://www.crayford.com/opening-daystimes.html
617[*] https://www.crayford.com/our-trainers.html
618[*] https://www.crayford.com/pick-6-jackpot.html
619[*] https://www.crayford.com/privacy-policy.html
620[*] https://www.crayford.com/race-results.html
621[*] https://www.crayford.com/race-videos.html
622[*] https://www.crayford.com/racing-information.html
623[*] https://www.crayford.com/responsible-betting.html
624[*] https://www.crayford.com/sitemap.xml
625[*] https://www.crayford.com/special-offers.html
626[*] https://www.crayford.com/trial-results.html
627[*] https://www.facebook.com/crayford.racing
628[*] https://www.globalgraphics.co.uk/
629[*] https://www.tripadvisor.co.uk/Attraction_Review-g3205121-d2522669-Reviews-Crayford_Greyhound_Track-Crayford_Greater_London_England.html
630[*] http://validator.w3.org/check?uri=referer
631[*] http://www.crayford.com/book-a-party-pack.html
632[INFO] GOOGLE has Track https://www.crayford.com › trial-results about http://www.crayford.com/
633[INFO] BING shows 87.247.240.207 is shared with 14 hosts/vhosts
634[INFO] Shodan detected the following opened ports on 87.247.240.207:
635[*] 0
636[*] 1
637[*] 110
638[*] 143
639[*] 2
640[*] 2077
641[*] 2079
642[*] 2082
643[*] 2083
644[*] 2086
645[*] 2087
646[*] 2095
647[*] 2096
648[*] 21
649[*] 214
650[*] 22
651[*] 25
652[*] 4
653[*] 443
654[*] 465
655[*] 5
656[*] 587
657[*] 6
658[*] 80
659[*] 993
660[*] 995
661[INFO] ------VirusTotal SECTION------
662[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
663[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
664[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
665[INFO] ------Alexa Rank SECTION------
666[INFO] Percent of Visitors Rank in Country:
667[INFO] Percent of Search Traffic:
668[INFO] Percent of Unique Visits:
669[INFO] Total Sites Linking In:
670[*] Total Sites
671[INFO] Useful links related to www.crayford.com - 87.247.240.207:
672[*] https://www.virustotal.com/pt/ip-address/87.247.240.207/information/
673[*] https://www.hybrid-analysis.com/search?host=87.247.240.207
674[*] https://www.shodan.io/host/87.247.240.207
675[*] https://www.senderbase.org/lookup/?search_string=87.247.240.207
676[*] https://www.alienvault.com/open-threat-exchange/ip/87.247.240.207
677[*] http://pastebin.com/search?q=87.247.240.207
678[*] http://urlquery.net/search.php?q=87.247.240.207
679[*] http://www.alexa.com/siteinfo/www.crayford.com
680[*] http://www.google.com/safebrowsing/diagnostic?site=www.crayford.com
681[*] https://censys.io/ipv4/87.247.240.207
682[*] https://www.abuseipdb.com/check/87.247.240.207
683[*] https://urlscan.io/search/#87.247.240.207
684[*] https://github.com/search?q=87.247.240.207&type=Code
685[INFO] Useful links related to AS198047 - 87.247.240.0/21:
686[*] http://www.google.com/safebrowsing/diagnostic?site=AS:198047
687[*] https://www.senderbase.org/lookup/?search_string=87.247.240.0/21
688[*] http://bgp.he.net/AS198047
689[*] https://stat.ripe.net/AS198047
690[INFO] Date: 04/01/20 | Time: 02:33:43
691[INFO] Total time: 1 minute(s) and 0 second(s)
692####################################################################################################################################
693Trying "crayford.com"
694Trying "crayford.com"
695;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34436
696;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 0, ADDITIONAL: 16
697
698;; QUESTION SECTION:
699;crayford.com. IN ANY
700
701;; ANSWER SECTION:
702crayford.com. 43200 IN A 87.247.240.207
703crayford.com. 3600 IN TXT "v=spf1 a mx include:spf.ladbrokes.co.uk -all include:spf.protection.outlook.com -all"
704crayford.com. 3600 IN TXT "google-site-verification=ILUjDEama5jsX4LgyLaYhBKpv31cFzwHXm6bGL5Jw4c"
705crayford.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU8ylYQj7PG+nWw7EDVNcG7Z4nVnHH7wHUirLjwIvoSMzFih27UngGheubYMkICj24uy0SzPUvYc2XiDMzNjDtFX0DW3502PwWA0XGo2HftJZzUHYYm+ht9LjE60G1S1hq6+JWnGJhHkyu7OhEHauPkDtspVnlJOyGuepBKLoXqQIDAQAB"
706crayford.com. 3600 IN TXT "MS=ms27798742"
707crayford.com. 3600 IN MX 0 crayford-com.mail.protection.outlook.com.
708crayford.com. 3600 IN MX 20 alt2.aspmx.l.google.com.
709crayford.com. 3600 IN MX 10 aspmx.l.google.com.
710crayford.com. 3600 IN MX 20 alt1.aspmx.l.google.com.
711crayford.com. 3600 IN MX 30 alt4.aspmx.l.google.com.
712crayford.com. 3600 IN MX 30 alt3.aspmx.l.google.com.
713crayford.com. 21600 IN SOA ns1.netnames.net. hostmaster.cscdns.net. 2018073005 10800 1800 3600000 86400
714crayford.com. 43200 IN NS ns2.netnames.net.
715crayford.com. 43200 IN NS ns6.netnames.net.
716crayford.com. 43200 IN NS ns1.netnames.net.
717crayford.com. 43200 IN NS ns5.netnames.net.
718
719;; ADDITIONAL SECTION:
720aspmx.l.google.com. 156 IN A 172.217.197.27
721alt1.aspmx.l.google.com. 156 IN A 64.233.186.27
722alt2.aspmx.l.google.com. 156 IN A 209.85.202.27
723alt3.aspmx.l.google.com. 156 IN A 172.253.120.27
724ns1.netnames.net. 3901 IN A 156.154.130.100
725ns2.netnames.net. 24945 IN A 156.154.131.100
726ns5.netnames.net. 37982 IN A 156.154.130.100
727ns6.netnames.net. 37982 IN A 156.154.131.100
728aspmx.l.google.com. 156 IN AAAA 2607:f8b0:400d:c0f::1a
729alt1.aspmx.l.google.com. 156 IN AAAA 2800:3f0:4003:c00::1b
730alt2.aspmx.l.google.com. 156 IN AAAA 2a00:1450:400b:c00::1b
731alt3.aspmx.l.google.com. 156 IN AAAA 2a00:1450:400c:c01::1a
732ns1.netnames.net. 35642 IN AAAA 2610:a1:1022::100
733ns2.netnames.net. 24945 IN AAAA 2610:a1:1023::100
734ns5.netnames.net. 24945 IN AAAA 2610:a1:1022::100
735ns6.netnames.net. 24945 IN AAAA 2610:a1:1023::100
736
737Received 1155 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 51 ms
738####################################################################################################################################
739; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace crayford.com any
740;; global options: +cmd
741. 85038 IN NS l.root-servers.net.
742. 85038 IN NS a.root-servers.net.
743. 85038 IN NS c.root-servers.net.
744. 85038 IN NS f.root-servers.net.
745. 85038 IN NS d.root-servers.net.
746. 85038 IN NS k.root-servers.net.
747. 85038 IN NS b.root-servers.net.
748. 85038 IN NS g.root-servers.net.
749. 85038 IN NS e.root-servers.net.
750. 85038 IN NS i.root-servers.net.
751. 85038 IN NS m.root-servers.net.
752. 85038 IN NS h.root-servers.net.
753. 85038 IN NS j.root-servers.net.
754. 85038 IN RRSIG NS 8 0 518400 20200117050000 20200104040000 33853 . GQesRY7r4lGoXkRm254AsjJYq2stXHJafVZreV98wXfaYeM1Z/RJEZqu pykaakR5gvRe4AvFyJ7coZoaHERFaIJ/eKQ8ewqas24/WMtnzuKpCLEf HF/OCfa3EhhB6J0RQiEQyuHFzdzL7DGhPGi80o6kB2wwoqqOA7E6xj/o 4IlIbu0TB70WStyNtT3WLi7WVkbzuJdoXgVRxuIQwlcfqvwwGH/5vSJA LcGo1ARr8FRXBh9anz9JWkbu5CXqF0Mf0uEoLuPr8oP0XoxBwi4Iy1SM wp8kGY/OI8mjcMRd8bI9JgUNyzLxGj0HQVxFKlUEEs0Af9GG/9m+1lAY RsIJog==
755;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 92 ms
756
757com. 172800 IN NS d.gtld-servers.net.
758com. 172800 IN NS e.gtld-servers.net.
759com. 172800 IN NS h.gtld-servers.net.
760com. 172800 IN NS b.gtld-servers.net.
761com. 172800 IN NS a.gtld-servers.net.
762com. 172800 IN NS g.gtld-servers.net.
763com. 172800 IN NS c.gtld-servers.net.
764com. 172800 IN NS j.gtld-servers.net.
765com. 172800 IN NS f.gtld-servers.net.
766com. 172800 IN NS m.gtld-servers.net.
767com. 172800 IN NS k.gtld-servers.net.
768com. 172800 IN NS l.gtld-servers.net.
769com. 172800 IN NS i.gtld-servers.net.
770com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
771com. 86400 IN RRSIG DS 8 1 86400 20200117050000 20200104040000 33853 . u84POFEcYQGpGKY7LdahyhPlTJI8qptp88BXoHLXU7TXxGsNeQgVRrZx nISI7lXhD6RRnbfQxqIFAPxJp4Y/BYgp51T87elRXjo4eVuo2Xs1W4FR fRPsLCa/HU0QH1RwJMsXoQ1nDZaVF1xljamXrZmZyiN595es2T2eteNw Irz1Cvijplesg48QP8SyXA2ZphwfuJDBWlBvZaDcF6mnPxrzn9HQ0E3B LprbERiNczAlhwGMIzZMYCox1RMR38okI8bwOLTBSXlKI0R05KGmWC9q KYBaYAxL96PA5yWgsWEytvCRZlFxb1EtDq6g/AdSeaMcePD7MBIZTBW+ xEsxdw==
772;; Received 1200 bytes from 2001:500:200::b#53(b.root-servers.net) in 73 ms
773
774crayford.com. 172800 IN NS ns2.netnames.net.
775crayford.com. 172800 IN NS ns1.netnames.net.
776crayford.com. 172800 IN NS ns5.netnames.net.
777crayford.com. 172800 IN NS ns6.netnames.net.
778CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
779CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200110054859 20200103043859 12163 com. TZL8iABz5guy+B98SxKG/exgyrO9nkukTXPhUXGBiKNPRWPJpQtqFO0J s94yfFzxCpPVDQxNyQvU69jPN8jOx+lwfjIxR+e0bpvSbndnYwo4pQrb u0s6Bd1M3tjN455ZdxYEWD0RzJyrLOYKqJJUmAZ9eVfMzKPiuexhdth2 ZoIrtwHcpVwwPBHj+62L1eTzCgftxIxsi+ayVbVPBQjvlw==
780BBRVF0LGVVO7DK74K904VUCVMSCH7RV8.com. 86400 IN NSEC3 1 1 0 - BBRVUMEE40KRBTTU66JBQQTAEKDED832 NS DS RRSIG
781BBRVF0LGVVO7DK74K904VUCVMSCH7RV8.com. 86400 IN RRSIG NSEC3 8 2 86400 20200108062448 20200101051448 12163 com. gVt8H44ajkWKFlTLFqk/CY4ax79ICzdRFiPDVls24rH0sO2PFHcYzaaq mXHm1vUxa73y/3ZVVDsQ8ErzjFriAimN5ILocQXM80J905r89v0wOzWU /0mssGCoQ2uGTJojlSINOUS+9u9BYzPkpCcmOQHCB17tIM5WvHVUwcxj dqP7aA4KwQ/W95/kGPch4xh9ylohlNo4vjuq9m6iVesweA==
782;; Received 674 bytes from 192.26.92.30#53(c.gtld-servers.net) in 107 ms
783
784crayford.com. 21600 IN SOA ns1.netnames.net. hostmaster.cscdns.net. 2018073005 10800 1800 3600000 86400
785crayford.com. 86400 IN NS ns1.netnames.net.
786crayford.com. 86400 IN NS ns2.netnames.net.
787crayford.com. 86400 IN NS ns5.netnames.net.
788crayford.com. 86400 IN NS ns6.netnames.net.
789crayford.com. 3600 IN MX 0 crayford-com.mail.protection.outlook.com.
790crayford.com. 86400 IN MX 10 aspmx.l.google.com.
791crayford.com. 86400 IN MX 20 alt1.aspmx.l.google.com.
792crayford.com. 86400 IN MX 20 alt2.aspmx.l.google.com.
793crayford.com. 86400 IN MX 30 alt3.aspmx.l.google.com.
794crayford.com. 86400 IN MX 30 alt4.aspmx.l.google.com.
795crayford.com. 3600 IN TXT "MS=ms27798742"
796crayford.com. 86400 IN TXT "google-site-verification=ILUjDEama5jsX4LgyLaYhBKpv31cFzwHXm6bGL5Jw4c"
797crayford.com. 86400 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU8ylYQj7PG+nWw7EDVNcG7Z4nVnHH7wHUirLjwIvoSMzFih27UngGheubYMkICj24uy0SzPUvYc2XiDMzNjDtFX0DW3502PwWA0XGo2HftJZzUHYYm+ht9LjE60G1S1hq6+JWnGJhHkyu7OhEHauPkDtspVnlJOyGuepBKLoXqQIDAQAB"
798crayford.com. 86400 IN TXT "v=spf1 a mx include:spf.ladbrokes.co.uk -all include:spf.protection.outlook.com -all"
799crayford.com. 86400 IN A 87.247.240.207
800;; Received 814 bytes from 156.154.130.100#53(ns5.netnames.net) in 190 ms
801####################################################################################################################################
802[*] Performing General Enumeration of Domain: crayford.com
803[-] DNSSEC is not configured for crayford.com
804[*] SOA ns1.netnames.net 156.154.130.100
805[*] NS ns5.netnames.net 156.154.130.100
806[*] Bind Version for 156.154.130.100 UltraDNS Resolver
807[*] NS ns5.netnames.net 2610:a1:1022::100
808[*] Bind Version for 2610:a1:1022::100 UltraDNS Resolver
809[*] NS ns1.netnames.net 156.154.130.100
810[*] Bind Version for 156.154.130.100 UltraDNS Resolver
811[*] NS ns1.netnames.net 2610:a1:1022::100
812[*] Bind Version for 2610:a1:1022::100 UltraDNS Resolver
813[*] NS ns2.netnames.net 156.154.131.100
814[*] Bind Version for 156.154.131.100 UltraDNS Resolver
815[*] NS ns2.netnames.net 2610:a1:1023::100
816[*] Bind Version for 2610:a1:1023::100 UltraDNS Resolver
817[*] NS ns6.netnames.net 156.154.131.100
818[*] Bind Version for 156.154.131.100 UltraDNS Resolver
819[*] NS ns6.netnames.net 2610:a1:1023::100
820[*] Bind Version for 2610:a1:1023::100 UltraDNS Resolver
821[*] MX alt3.aspmx.l.google.com 172.253.120.27
822[*] MX alt4.aspmx.l.google.com 172.217.218.27
823[*] MX alt2.aspmx.l.google.com 209.85.202.26
824[*] MX alt1.aspmx.l.google.com 64.233.186.26
825[*] MX crayford-com.mail.protection.outlook.com 104.47.8.36
826[*] MX crayford-com.mail.protection.outlook.com 104.47.9.36
827[*] MX aspmx.l.google.com 209.85.201.26
828[*] MX alt3.aspmx.l.google.com 2a00:1450:400c:c01::1a
829[*] MX alt4.aspmx.l.google.com 2a00:1450:4013:c08::1b
830[*] MX alt2.aspmx.l.google.com 2a00:1450:400b:c00::1b
831[*] MX alt1.aspmx.l.google.com 2800:3f0:4003:c00::1a
832[*] A crayford.com 87.247.240.207
833[*] TXT crayford.com google-site-verification=ILUjDEama5jsX4LgyLaYhBKpv31cFzwHXm6bGL5Jw4c
834[*] TXT crayford.com MS=ms27798742
835[*] TXT crayford.com v=spf1 a mx include:spf.ladbrokes.co.uk -all include:spf.protection.outlook.com -all
836[*] TXT crayford.com v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU8ylYQj7PG+nWw7EDVNcG7Z4nVnHH7wHUirLjwIvoSMzFih27UngGheubYMkICj24uy0SzPUvYc2XiDMzNjDtFX0DW3502PwWA0XGo2HftJZzUHYYm+ht9LjE60G1S1hq6+JWnGJhHkyu7OhEHauPkDtspVnlJOyGuepBKLoXqQIDAQAB
837[*] Enumerating SRV Records
838[-] No SRV Records Found for crayford.com
839[+] 0 Records Found
840####################################################################################################################################
841[*] Processing domain crayford.com
842[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
843[+] Getting nameservers
844156.154.130.100 - ns5.netnames.net
845156.154.130.100 - ns1.netnames.net
846156.154.131.100 - ns2.netnames.net
847156.154.131.100 - ns6.netnames.net
848[-] Zone transfer failed
849
850[+] TXT records found
851"google-site-verification=ILUjDEama5jsX4LgyLaYhBKpv31cFzwHXm6bGL5Jw4c"
852"MS=ms27798742"
853"v=spf1 a mx include:spf.ladbrokes.co.uk -all include:spf.protection.outlook.com -all"
854"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU8ylYQj7PG+nWw7EDVNcG7Z4nVnHH7wHUirLjwIvoSMzFih27UngGheubYMkICj24uy0SzPUvYc2XiDMzNjDtFX0DW3502PwWA0XGo2HftJZzUHYYm+ht9LjE60G1S1hq6+JWnGJhHkyu7OhEHauPkDtspVnlJOyGuepBKLoXqQIDAQAB"
855
856[+] MX records found, added to target list
85730 alt3.aspmx.l.google.com.
85830 alt4.aspmx.l.google.com.
85920 alt2.aspmx.l.google.com.
86020 alt1.aspmx.l.google.com.
8610 crayford-com.mail.protection.outlook.com.
86210 aspmx.l.google.com.
863
864[*] Scanning crayford.com for A records
86587.247.240.207 - crayford.com
86640.97.120.200 - autodiscover.crayford.com
86752.96.10.248 - autodiscover.crayford.com
86852.96.16.168 - autodiscover.crayford.com
86940.97.120.152 - autodiscover.crayford.com
87040.97.199.120 - autodiscover.crayford.com
87140.97.121.24 - autodiscover.crayford.com
87252.96.22.184 - autodiscover.crayford.com
87340.97.120.216 - autodiscover.crayford.com
874191.235.166.165 - ftp.crayford.com
87564.85.1.8 - mail.crayford.com
87683.222.229.149 - stats.crayford.com
87787.247.240.207 - www.crayford.com
878
879####################################################################################################################################
880 AVAILABLE PLUGINS
881 -----------------
882
883 RobotPlugin
884 EarlyDataPlugin
885 CertificateInfoPlugin
886 OpenSslCcsInjectionPlugin
887 SessionResumptionPlugin
888 SessionRenegotiationPlugin
889 HeartbleedPlugin
890 CompressionPlugin
891 FallbackScsvPlugin
892 OpenSslCipherSuitesPlugin
893 HttpHeadersPlugin
894
895
896
897 CHECKING HOST(S) AVAILABILITY
898 -----------------------------
899
900 87.247.240.207:443 => 87.247.240.207
901
902
903
904
905 SCAN RESULTS FOR 87.247.240.207:443 - 87.247.240.207
906 ----------------------------------------------------
907
908 * SSLV3 Cipher Suites:
909 Server rejected all cipher suites.
910
911 * OpenSSL CCS Injection:
912 OK - Not vulnerable to OpenSSL CCS injection
913
914 * SSLV2 Cipher Suites:
915 Server rejected all cipher suites.
916
917 * TLSV1 Cipher Suites:
918 Forward Secrecy OK - Supported
919 RC4 OK - Not Supported
920
921 Preferred:
922 None - Server followed client cipher suite preference.
923 Accepted:
924 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
925 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
926 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
927 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
928 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
929 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
930 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
931 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
932 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
933
934 * TLSV1_1 Cipher Suites:
935 Forward Secrecy OK - Supported
936 RC4 OK - Not Supported
937
938 Preferred:
939 None - Server followed client cipher suite preference.
940 Accepted:
941 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
942 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
943 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
944 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
945 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
946 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
947 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
948 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
949 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
950
951 * TLS 1.2 Session Resumption Support:
952 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
953 With TLS Tickets: OK - Supported
954
955 * Certificate Information:
956 Content
957 SHA1 Fingerprint: 1a0e096d97f69fc86ae2475a3b4c1e9b730cfb88
958 Common Name: crayford.com
959 Issuer: Starfield Secure Certificate Authority - G2
960 Serial Number: 11460740679595892978
961 Not Before: 2019-06-10 08:58:15
962 Not After: 2020-06-12 12:27:03
963 Signature Algorithm: sha256
964 Public Key Algorithm: RSA
965 Key Size: 2048
966 Exponent: 65537 (0x10001)
967 DNS Subject Alternative Names: ['crayford.com', 'www.crayford.com']
968
969 Trust
970 Hostname Validation: FAILED - Certificate does NOT match 87.247.240.207
971 Android CA Store (9.0.0_r9): OK - Certificate is trusted
972 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
973 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
974 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
975 Windows CA Store (2019-05-27): OK - Certificate is trusted
976 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
977 Received Chain: crayford.com --> Starfield Secure Certificate Authority - G2
978 Verified Chain: crayford.com --> Starfield Secure Certificate Authority - G2 --> Starfield Root Certificate Authority - G2
979 Received Chain Contains Anchor: OK - Anchor certificate not sent
980 Received Chain Order: OK - Order is valid
981 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
982
983 Extensions
984 OCSP Must-Staple: NOT SUPPORTED - Extension not found
985 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
986
987 OCSP Stapling
988 OCSP Response Status: successful
989 Validation w/ Mozilla Store: OK - Response is trusted
990 Responder Id: C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, LLC", CN = Starfield Validation Authority - G2
991 Cert Status: good
992 Cert Serial Number: 9F0CBAED2E2EA0F2
993 This Update: Jan 4 03:16:04 2020 GMT
994 Next Update: Jan 5 15:16:04 2020 GMT
995
996 * Session Renegotiation:
997 Client-initiated Renegotiation: OK - Rejected
998 Secure Renegotiation: OK - Supported
999
1000 * TLSV1_3 Cipher Suites:
1001 Server rejected all cipher suites.
1002
1003 * Deflate Compression:
1004 OK - Compression disabled
1005
1006 * OpenSSL Heartbleed:
1007 OK - Not vulnerable to Heartbleed
1008
1009 * Downgrade Attacks:
1010 TLS_FALLBACK_SCSV: OK - Supported
1011
1012 * TLSV1_2 Cipher Suites:
1013 Forward Secrecy OK - Supported
1014 RC4 OK - Not Supported
1015
1016 Preferred:
1017 None - Server followed client cipher suite preference.
1018 Accepted:
1019 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1020 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1021 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1022 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1023 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1024 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1025 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1026 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1027 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1028 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1029 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1030 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1031 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1032 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1033 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1034 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1035 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1036 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1037 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1038 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1039 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1040 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1041
1042 * ROBOT Attack:
1043 OK - Not vulnerable
1044
1045
1046 SCAN COMPLETED IN 25.95 S
1047 -------------------------
1048#####################################################################################################################################
1049Domains still to check: 1
1050 Checking if the hostname crayford.com. given is in fact a domain...
1051
1052Analyzing domain: crayford.com.
1053 Checking NameServers using system default resolver...
1054 IP: 156.154.130.100 (United States)
1055 HostName: ns5.netnames.net Type: NS
1056 HostName: indom130.indomco.org Type: PTR
1057 IP: 156.154.130.100 (United States)
1058 HostName: ns5.netnames.net Type: NS
1059 HostName: indom130.indomco.org Type: PTR
1060 HostName: ns1.netnames.net Type: NS
1061 IP: 156.154.131.100 (United States)
1062 HostName: ns2.netnames.net Type: NS
1063 HostName: indom20.indomco.net Type: PTR
1064 IP: 156.154.131.100 (United States)
1065 HostName: ns2.netnames.net Type: NS
1066 HostName: indom20.indomco.net Type: PTR
1067 HostName: ns6.netnames.net Type: NS
1068
1069 Checking MailServers using system default resolver...
1070 IP: 172.253.120.27 (United States)
1071 HostName: alt3.aspmx.l.google.com Type: MX
1072 IP: 172.217.218.27 (United States)
1073 HostName: alt4.aspmx.l.google.com Type: MX
1074 IP: 209.85.202.26 (United States)
1075 HostName: alt2.aspmx.l.google.com Type: MX
1076 HostName: dg-in-f26.1e100.net Type: PTR
1077 IP: 64.233.186.26 (United States)
1078 HostName: alt1.aspmx.l.google.com Type: MX
1079 HostName: cb-in-f26.1e100.net Type: PTR
1080 IP: 104.47.9.36 (Austria)
1081 HostName: crayford-com.mail.protection.outlook.com Type: MX
1082 HostName: mail-ve1eur030036.inbound.protection.outlook.com Type: PTR
1083 IP: 104.47.8.36 (Netherlands)
1084 HostName: crayford-com.mail.protection.outlook.com Type: MX
1085 HostName: mail-am5eur030036.inbound.protection.outlook.com Type: PTR
1086 IP: 209.85.201.26 (United States)
1087 HostName: aspmx.l.google.com Type: MX
1088 HostName: qu-in-f26.1e100.net Type: PTR
1089
1090 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1091 No zone transfer found on nameserver 156.154.130.100
1092 No zone transfer found on nameserver 156.154.130.100
1093 No zone transfer found on nameserver 156.154.131.100
1094 No zone transfer found on nameserver 156.154.131.100
1095
1096 Checking SPF record...
1097
1098 Checking SPF record...
1099 New IP found: 195.217.141.131
1100 New IP found: 195.217.141.132
1101 New IP found: 195.217.141.133
1102 New IP found: 195.217.141.134
1103 New IP found: 129.41.78.93
1104 New IP found: 208.85.48.109
1105 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 207.126.144.0/20, but only the network IP
1106 New IP found: 207.126.144.0
1107 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 64.18.0.0/20, but only the network IP
1108 New IP found: 64.18.0.0
1109 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 74.125.148.0/22, but only the network IP
1110 New IP found: 74.125.148.0
1111 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 31.222.50.0/24, but only the network IP
1112 New IP found: 31.222.50.0
1113 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 31.222.51.0/24, but only the network IP
1114 New IP found: 31.222.51.0
1115 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 31.222.55.0/24, but only the network IP
1116 New IP found: 31.222.55.0
1117
1118 Checking SPF record...
1119 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.92.0.0/15, but only the network IP
1120 New IP found: 40.92.0.0
1121 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 40.107.0.0/16, but only the network IP
1122 New IP found: 40.107.0.0
1123 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 52.100.0.0/14, but only the network IP
1124 New IP found: 52.100.0.0
1125 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 104.47.0.0/17, but only the network IP
1126 New IP found: 104.47.0.0
1127 There are no IPv4 addresses in the SPF. Maybe IPv6.
1128 There are no IPv4 addresses in the SPF. Maybe IPv6.
1129
1130 Checking 192 most common hostnames using system default resolver...
1131 IP: 87.247.240.207 (United Kingdom)
1132 HostName: www.crayford.com. Type: A
1133 IP: 191.235.166.165 (Ireland)
1134 HostName: ftp.crayford.com. Type: A
1135 IP: 64.85.1.8 (United States)
1136 HostName: mail.crayford.com. Type: A
1137
1138 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1139 Checking netblock 52.100.0.0
1140 Checking netblock 104.47.8.0
1141 Checking netblock 156.154.131.0
1142 Checking netblock 40.107.0.0
1143 Checking netblock 64.233.186.0
1144 Checking netblock 104.47.0.0
1145 Checking netblock 209.85.202.0
1146 Checking netblock 74.125.148.0
1147 Checking netblock 31.222.55.0
1148 Checking netblock 209.85.201.0
1149 Checking netblock 208.85.48.0
1150 Checking netblock 191.235.166.0
1151 Checking netblock 156.154.130.0
1152 Checking netblock 87.247.240.0
1153 Checking netblock 172.217.218.0
1154 Checking netblock 172.253.120.0
1155 Checking netblock 129.41.78.0
1156 Checking netblock 40.92.0.0
1157 Checking netblock 64.18.0.0
1158 Checking netblock 31.222.51.0
1159 Checking netblock 195.217.141.0
1160 Checking netblock 31.222.50.0
1161 Checking netblock 104.47.9.0
1162 Checking netblock 207.126.144.0
1163 Checking netblock 64.85.1.0
1164
1165 Searching for crayford.com. emails in Google
1166
1167 Checking 28 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1168 Host 52.100.0.0 is up (reset ttl 64)
1169 Host 104.47.8.36 is up (reset ttl 64)
1170 Host 156.154.131.100 is up (reset ttl 64)
1171 Host 40.107.0.0 is up (reset ttl 64)
1172 Host 64.233.186.26 is up (reset ttl 64)
1173 Host 104.47.0.0 is up (reset ttl 64)
1174 Host 209.85.202.26 is up (reset ttl 64)
1175 Host 74.125.148.0 is up (reset ttl 64)
1176 Host 31.222.55.0 is up (reset ttl 64)
1177 Host 209.85.201.26 is up (reset ttl 64)
1178 Host 208.85.48.109 is up (reset ttl 64)
1179 Host 191.235.166.165 is up (reset ttl 64)
1180 Host 156.154.130.100 is up (reset ttl 64)
1181 Host 87.247.240.207 is up (reset ttl 64)
1182 Host 172.217.218.27 is up (reset ttl 64)
1183 Host 172.253.120.27 is up (reset ttl 64)
1184 Host 129.41.78.93 is up (reset ttl 64)
1185 Host 40.92.0.0 is up (reset ttl 64)
1186 Host 64.18.0.0 is up (reset ttl 64)
1187 Host 31.222.51.0 is up (reset ttl 64)
1188 Host 195.217.141.134 is up (reset ttl 64)
1189 Host 31.222.50.0 is up (reset ttl 64)
1190 Host 195.217.141.131 is up (reset ttl 64)
1191 Host 195.217.141.132 is up (reset ttl 64)
1192 Host 195.217.141.133 is up (reset ttl 64)
1193 Host 104.47.9.36 is up (reset ttl 64)
1194 Host 207.126.144.0 is up (reset ttl 64)
1195 Host 64.85.1.8 is up (reset ttl 64)
1196
1197 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1198 Scanning ip 52.100.0.0 ():
1199 Scanning ip 104.47.8.36 (mail-am5eur030036.inbound.protection.outlook.com (PTR)):
1200 Scanning ip 156.154.131.100 (ns6.netnames.net):
1201 53/tcp open tcpwrapped syn-ack ttl 56
1202 | dns-nsid:
1203 |_ bind.version: UltraDNS Resolver
1204 Scanning ip 40.107.0.0 ():
1205 Scanning ip 64.233.186.26 (cb-in-f26.1e100.net (PTR)):
1206 Scanning ip 104.47.0.0 ():
1207 Scanning ip 209.85.202.26 (dg-in-f26.1e100.net (PTR)):
1208 Scanning ip 74.125.148.0 ():
1209 Scanning ip 31.222.55.0 ():
1210 Scanning ip 209.85.201.26 (qu-in-f26.1e100.net (PTR)):
1211 Scanning ip 208.85.48.109 ():
1212 Scanning ip 191.235.166.165 (ftp.crayford.com.):
1213 21/tcp open ftp syn-ack ttl 113 FileZilla ftpd
1214 | ftp-syst:
1215 |_ SYST: UNIX emulated by FileZilla
1216 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 8.5
1217 | http-methods:
1218 | Supported Methods: OPTIONS TRACE GET HEAD POST
1219 |_ Potentially risky methods: TRACE
1220 |_http-server-header: Microsoft-IIS/8.5
1221 |_http-title: IIS Windows Server
1222 443/tcp open ssl/http syn-ack ttl 111 Microsoft IIS httpd 8.5
1223 | http-methods:
1224 | Supported Methods: OPTIONS TRACE GET HEAD POST
1225 |_ Potentially risky methods: TRACE
1226 |_http-server-header: Microsoft-IIS/8.5
1227 |_http-title: IIS Windows Server
1228 | ssl-cert: Subject: commonName=*.eonichost.co.uk
1229 | Subject Alternative Name: DNS:*.eonichost.co.uk, DNS:eonichost.co.uk
1230 | Issuer: commonName=GlobalSign Domain Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1231 | Public Key type: rsa
1232 | Public Key bits: 2048
1233 | Signature Algorithm: sha256WithRSAEncryption
1234 | Not valid before: 2016-10-31T15:05:15
1235 | Not valid after: 2018-12-28T16:53:43
1236 | MD5: f846 954c 9b55 fdc6 4fe9 aa1b e00b 07a5
1237 |_SHA-1: 52e5 d289 86c4 a99b e071 c215 1eb4 8243 85db 3b76
1238 Device type: general purpose|WAP
1239 Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
1240 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1241 Scanning ip 156.154.130.100 (ns1.netnames.net):
1242 53/tcp open tcpwrapped syn-ack ttl 56
1243 | dns-nsid:
1244 |_ bind.version: UltraDNS Resolver
1245 Scanning ip 87.247.240.207 (www.crayford.com.):
1246 21/tcp open ftp syn-ack ttl 50 ProFTPD
1247 |_ssl-date: TLS randomness does not represent time
1248 | tls-nextprotoneg:
1249 |_ ftp
1250 22/tcp open ssh syn-ack ttl 50 OpenSSH 7.4 (protocol 2.0)
1251 | ssh-hostkey:
1252 | 2048 62:d0:26:90:1b:66:9c:07:62:9e:60:9c:f4:1b:5a:09 (RSA)
1253 | 256 4e:1b:6f:56:d6:bd:27:c1:54:7d:4f:e6:cf:0f:96:b0 (ECDSA)
1254 |_ 256 74:84:9e:2e:fd:06:f5:47:2a:65:1e:36:59:23:95:30 (ED25519)
1255 80/tcp open http syn-ack ttl 50 Apache httpd
1256 | http-methods:
1257 |_ Supported Methods: HEAD GET POST OPTIONS
1258 |_http-server-header: Apache
1259 |_http-title: Site doesn't have a title (text/html).
1260 110/tcp open pop3 syn-ack ttl 50 Dovecot pop3d
1261 |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN) STLS TOP PIPELINING RESP-CODES UIDL CAPA USER
1262 |_ssl-date: TLS randomness does not represent time
1263 143/tcp open imap syn-ack ttl 50 Dovecot imapd
1264 |_imap-capabilities: AUTH=PLAIN OK more ENABLE have IDLE IMAP4rev1 AUTH=LOGINA0001 STARTTLS capabilities ID LOGIN-REFERRALS Pre-login LITERAL+ NAMESPACE post-login SASL-IR listed
1265 |_ssl-date: TLS randomness does not represent time
1266 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
1267 |_hnap-info: ERROR: Script execution failed (use -d to debug)
1268 |_http-auth: ERROR: Script execution failed (use -d to debug)
1269 |_http-cookie-flags: ERROR: Script execution failed (use -d to debug)
1270 |_http-favicon: ERROR: Script execution failed (use -d to debug)
1271 |_http-ls: ERROR: Script execution failed (use -d to debug)
1272 | http-methods:
1273 |_ Supported Methods: GET HEAD POST OPTIONS
1274 |_http-ntlm-info: ERROR: Script execution failed (use -d to debug)
1275 | http-robots.txt: 2 disallowed entries
1276 |_/inc/ /edit/
1277 |_http-server-header: Apache
1278 |_http-title: ERROR: Script execution failed (use -d to debug)
1279 | ssl-cert: Subject: commonName=crayford.com
1280 | Subject Alternative Name: DNS:crayford.com, DNS:www.crayford.com
1281 | Issuer: commonName=Starfield Secure Certificate Authority - G2/organizationName=Starfield Technologies, Inc./stateOrProvinceName=Arizona/countryName=US
1282 | Public Key type: rsa
1283 | Public Key bits: 2048
1284 | Signature Algorithm: sha256WithRSAEncryption
1285 | Not valid before: 2019-06-10T08:58:15
1286 | Not valid after: 2020-06-12T12:27:03
1287 | MD5: abb0 0316 22e1 a0df 5420 5da0 04a3 478f
1288 |_SHA-1: 1a0e 096d 97f6 9fc8 6ae2 475a 3b4c 1e9b 730c fb88
1289 |_ssl-date: TLS randomness does not represent time
1290 | tls-alpn:
1291 |_ http/1.1
1292 465/tcp open ssl/smtp syn-ack ttl 50 Exim smtpd 4.92
1293 |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1294 | ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1295 | Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1296 | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1297 | Public Key type: rsa
1298 | Public Key bits: 2048
1299 | Signature Algorithm: sha256WithRSAEncryption
1300 | Not valid before: 2019-10-02T15:40:52
1301 | Not valid after: 2021-10-02T15:40:52
1302 | MD5: df58 b7e8 51a3 a420 8cbb efbf 0a27 68c2
1303 |_SHA-1: 08e0 0f3b 0647 02ca 1fe3 7109 4198 9c36 41be 2f58
1304 |_ssl-date: TLS randomness does not represent time
1305 587/tcp open smtp syn-ack ttl 50 Exim smtpd 4.92
1306 | smtp-commands: crayford.servers.prgn.misp.co.uk Hello nmap.scanme.org [104.245.145.188], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1307 |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1308 | ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1309 | Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1310 | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1311 | Public Key type: rsa
1312 | Public Key bits: 2048
1313 | Signature Algorithm: sha256WithRSAEncryption
1314 | Not valid before: 2019-10-02T15:40:52
1315 | Not valid after: 2021-10-02T15:40:52
1316 | MD5: df58 b7e8 51a3 a420 8cbb efbf 0a27 68c2
1317 |_SHA-1: 08e0 0f3b 0647 02ca 1fe3 7109 4198 9c36 41be 2f58
1318 |_ssl-date: TLS randomness does not represent time
1319 993/tcp open ssl/imaps? syn-ack ttl 50
1320 |_ssl-date: TLS randomness does not represent time
1321 995/tcp open ssl/pop3s? syn-ack ttl 50
1322 |_ssl-date: TLS randomness does not represent time
1323 OS Info: Service Info: Host: crayford.servers.prgn.misp.co.uk
1324 Scanning ip 172.217.218.27 (alt4.aspmx.l.google.com):
1325 Scanning ip 172.253.120.27 (alt3.aspmx.l.google.com):
1326 Scanning ip 129.41.78.93 ():
1327 Scanning ip 40.92.0.0 ():
1328 Scanning ip 64.18.0.0 ():
1329 Scanning ip 31.222.51.0 ():
1330 Scanning ip 195.217.141.134 ():
1331 Scanning ip 31.222.50.0 ():
1332 Scanning ip 195.217.141.131 ():
1333 Scanning ip 195.217.141.132 ():
1334 Scanning ip 195.217.141.133 ():
1335 Scanning ip 104.47.9.36 (mail-ve1eur030036.inbound.protection.outlook.com (PTR)):
1336 Scanning ip 207.126.144.0 ():
1337 Scanning ip 64.85.1.8 (mail.crayford.com.):
1338 WebCrawling domain's web servers... up to 50 max links.
1339
1340 + URL to crawl: http://ftp.crayford.com.
1341 + Date: 2020-01-04
1342
1343 + Crawling URL: http://ftp.crayford.com.:
1344 + Links:
1345 + Crawling http://ftp.crayford.com. (400 Bad Request)
1346 + Searching for directories...
1347 + Searching open folders...
1348
1349
1350 + URL to crawl: https://ftp.crayford.com.
1351 + Date: 2020-01-04
1352
1353 + Crawling URL: https://ftp.crayford.com.:
1354 + Links:
1355 + Crawling https://ftp.crayford.com. ([Errno 104] Connection reset by peer)
1356 + Searching for directories...
1357 + Searching open folders...
1358
1359
1360 + URL to crawl: http://www.crayford.com.
1361 + Date: 2020-01-04
1362
1363 + Crawling URL: http://www.crayford.com.:
1364 + Links:
1365 + Crawling http://www.crayford.com. (timed out)
1366 + Searching for directories...
1367 + Searching open folders...
1368
1369
1370 + URL to crawl: https://www.crayford.com.
1371 + Date: 2020-01-04
1372
1373 + Crawling URL: https://www.crayford.com.:
1374 + Links:
1375 + Crawling https://www.crayford.com. (timed out)
1376 + Searching for directories...
1377 + Searching open folders...
1378
1379--Finished--
1380Summary information for domain crayford.com.
1381-----------------------------------------
1382
1383 Domain Ips Information:
1384 IP: 52.100.0.0
1385 Type: SPF
1386 Is Active: True (reset ttl 64)
1387 IP: 104.47.8.36
1388 HostName: crayford-com.mail.protection.outlook.com Type: MX
1389 HostName: mail-am5eur030036.inbound.protection.outlook.com Type: PTR
1390 Country: Netherlands
1391 Is Active: True (reset ttl 64)
1392 IP: 156.154.131.100
1393 HostName: ns2.netnames.net Type: NS
1394 HostName: indom20.indomco.net Type: PTR
1395 HostName: ns6.netnames.net Type: NS
1396 Country: United States
1397 Is Active: True (reset ttl 64)
1398 Port: 53/tcp open tcpwrapped syn-ack ttl 56
1399 Script Info: | dns-nsid:
1400 Script Info: |_ bind.version: UltraDNS Resolver
1401 IP: 40.107.0.0
1402 Type: SPF
1403 Is Active: True (reset ttl 64)
1404 IP: 64.233.186.26
1405 HostName: alt1.aspmx.l.google.com Type: MX
1406 HostName: cb-in-f26.1e100.net Type: PTR
1407 Country: United States
1408 Is Active: True (reset ttl 64)
1409 IP: 104.47.0.0
1410 Type: SPF
1411 Is Active: True (reset ttl 64)
1412 IP: 209.85.202.26
1413 HostName: alt2.aspmx.l.google.com Type: MX
1414 HostName: dg-in-f26.1e100.net Type: PTR
1415 Country: United States
1416 Is Active: True (reset ttl 64)
1417 IP: 74.125.148.0
1418 Type: SPF
1419 Is Active: True (reset ttl 64)
1420 IP: 31.222.55.0
1421 Type: SPF
1422 Is Active: True (reset ttl 64)
1423 IP: 209.85.201.26
1424 HostName: aspmx.l.google.com Type: MX
1425 HostName: qu-in-f26.1e100.net Type: PTR
1426 Country: United States
1427 Is Active: True (reset ttl 64)
1428 IP: 208.85.48.109
1429 Type: SPF
1430 Is Active: True (reset ttl 64)
1431 IP: 191.235.166.165
1432 HostName: ftp.crayford.com. Type: A
1433 Country: Ireland
1434 Is Active: True (reset ttl 64)
1435 Port: 21/tcp open ftp syn-ack ttl 113 FileZilla ftpd
1436 Script Info: | ftp-syst:
1437 Script Info: |_ SYST: UNIX emulated by FileZilla
1438 Port: 80/tcp open http syn-ack ttl 113 Microsoft IIS httpd 8.5
1439 Script Info: | http-methods:
1440 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
1441 Script Info: |_ Potentially risky methods: TRACE
1442 Script Info: |_http-server-header: Microsoft-IIS/8.5
1443 Script Info: |_http-title: IIS Windows Server
1444 Port: 443/tcp open ssl/http syn-ack ttl 111 Microsoft IIS httpd 8.5
1445 Script Info: | http-methods:
1446 Script Info: | Supported Methods: OPTIONS TRACE GET HEAD POST
1447 Script Info: |_ Potentially risky methods: TRACE
1448 Script Info: |_http-server-header: Microsoft-IIS/8.5
1449 Script Info: |_http-title: IIS Windows Server
1450 Script Info: | ssl-cert: Subject: commonName=*.eonichost.co.uk
1451 Script Info: | Subject Alternative Name: DNS:*.eonichost.co.uk, DNS:eonichost.co.uk
1452 Script Info: | Issuer: commonName=GlobalSign Domain Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
1453 Script Info: | Public Key type: rsa
1454 Script Info: | Public Key bits: 2048
1455 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1456 Script Info: | Not valid before: 2016-10-31T15:05:15
1457 Script Info: | Not valid after: 2018-12-28T16:53:43
1458 Script Info: | MD5: f846 954c 9b55 fdc6 4fe9 aa1b e00b 07a5
1459 Script Info: |_SHA-1: 52e5 d289 86c4 a99b e071 c215 1eb4 8243 85db 3b76
1460 Script Info: Device type: general purpose|WAP
1461 Script Info: Running (JUST GUESSING): Linux 2.6.X|2.4.X (90%), Microsoft Windows 2012 (85%)
1462 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1463 IP: 156.154.130.100
1464 HostName: ns5.netnames.net Type: NS
1465 HostName: indom130.indomco.org Type: PTR
1466 HostName: ns1.netnames.net Type: NS
1467 Country: United States
1468 Is Active: True (reset ttl 64)
1469 Port: 53/tcp open tcpwrapped syn-ack ttl 56
1470 Script Info: | dns-nsid:
1471 Script Info: |_ bind.version: UltraDNS Resolver
1472 IP: 87.247.240.207
1473 HostName: www.crayford.com. Type: A
1474 Country: United Kingdom
1475 Is Active: True (reset ttl 64)
1476 Port: 21/tcp open ftp syn-ack ttl 50 ProFTPD
1477 Script Info: |_ssl-date: TLS randomness does not represent time
1478 Script Info: | tls-nextprotoneg:
1479 Script Info: |_ ftp
1480 Port: 22/tcp open ssh syn-ack ttl 50 OpenSSH 7.4 (protocol 2.0)
1481 Script Info: | ssh-hostkey:
1482 Script Info: | 2048 62:d0:26:90:1b:66:9c:07:62:9e:60:9c:f4:1b:5a:09 (RSA)
1483 Script Info: | 256 4e:1b:6f:56:d6:bd:27:c1:54:7d:4f:e6:cf:0f:96:b0 (ECDSA)
1484 Script Info: |_ 256 74:84:9e:2e:fd:06:f5:47:2a:65:1e:36:59:23:95:30 (ED25519)
1485 Port: 80/tcp open http syn-ack ttl 50 Apache httpd
1486 Script Info: | http-methods:
1487 Script Info: |_ Supported Methods: HEAD GET POST OPTIONS
1488 Script Info: |_http-server-header: Apache
1489 Script Info: |_http-title: Site doesn't have a title (text/html).
1490 Port: 110/tcp open pop3 syn-ack ttl 50 Dovecot pop3d
1491 Script Info: |_pop3-capabilities: AUTH-RESP-CODE SASL(PLAIN LOGIN) STLS TOP PIPELINING RESP-CODES UIDL CAPA USER
1492 Script Info: |_ssl-date: TLS randomness does not represent time
1493 Port: 143/tcp open imap syn-ack ttl 50 Dovecot imapd
1494 Script Info: |_imap-capabilities: AUTH=PLAIN OK more ENABLE have IDLE IMAP4rev1 AUTH=LOGINA0001 STARTTLS capabilities ID LOGIN-REFERRALS Pre-login LITERAL+ NAMESPACE post-login SASL-IR listed
1495 Script Info: |_ssl-date: TLS randomness does not represent time
1496 Port: 443/tcp open ssl/http syn-ack ttl 50 Apache httpd
1497 Script Info: |_hnap-info: ERROR: Script execution failed (use -d to debug)
1498 Script Info: |_http-auth: ERROR: Script execution failed (use -d to debug)
1499 Script Info: |_http-cookie-flags: ERROR: Script execution failed (use -d to debug)
1500 Script Info: |_http-favicon: ERROR: Script execution failed (use -d to debug)
1501 Script Info: |_http-ls: ERROR: Script execution failed (use -d to debug)
1502 Script Info: | http-methods:
1503 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1504 Script Info: |_http-ntlm-info: ERROR: Script execution failed (use -d to debug)
1505 Script Info: | http-robots.txt: 2 disallowed entries
1506 Script Info: |_/inc/ /edit/
1507 Script Info: |_http-server-header: Apache
1508 Script Info: |_http-title: ERROR: Script execution failed (use -d to debug)
1509 Script Info: | ssl-cert: Subject: commonName=crayford.com
1510 Script Info: | Subject Alternative Name: DNS:crayford.com, DNS:www.crayford.com
1511 Script Info: | Issuer: commonName=Starfield Secure Certificate Authority - G2/organizationName=Starfield Technologies, Inc./stateOrProvinceName=Arizona/countryName=US
1512 Script Info: | Public Key type: rsa
1513 Script Info: | Public Key bits: 2048
1514 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1515 Script Info: | Not valid before: 2019-06-10T08:58:15
1516 Script Info: | Not valid after: 2020-06-12T12:27:03
1517 Script Info: | MD5: abb0 0316 22e1 a0df 5420 5da0 04a3 478f
1518 Script Info: |_SHA-1: 1a0e 096d 97f6 9fc8 6ae2 475a 3b4c 1e9b 730c fb88
1519 Script Info: |_ssl-date: TLS randomness does not represent time
1520 Script Info: | tls-alpn:
1521 Script Info: |_ http/1.1
1522 Port: 465/tcp open ssl/smtp syn-ack ttl 50 Exim smtpd 4.92
1523 Script Info: |_smtp-commands: SMTP EHLO nmap.scanme.org: failed to receive data: failed to receive data
1524 Script Info: | ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1525 Script Info: | Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1526 Script Info: | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1527 Script Info: | Public Key type: rsa
1528 Script Info: | Public Key bits: 2048
1529 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1530 Script Info: | Not valid before: 2019-10-02T15:40:52
1531 Script Info: | Not valid after: 2021-10-02T15:40:52
1532 Script Info: | MD5: df58 b7e8 51a3 a420 8cbb efbf 0a27 68c2
1533 Script Info: |_SHA-1: 08e0 0f3b 0647 02ca 1fe3 7109 4198 9c36 41be 2f58
1534 Script Info: |_ssl-date: TLS randomness does not represent time
1535 Port: 587/tcp open smtp syn-ack ttl 50 Exim smtpd 4.92
1536 Script Info: | smtp-commands: crayford.servers.prgn.misp.co.uk Hello nmap.scanme.org [104.245.145.188], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1537 Script Info: |_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1538 Script Info: | ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1539 Script Info: | Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1540 Script Info: | Issuer: commonName=Go Daddy Secure Certificate Authority - G2/organizationName=GoDaddy.com, Inc./stateOrProvinceName=Arizona/countryName=US
1541 Script Info: | Public Key type: rsa
1542 Script Info: | Public Key bits: 2048
1543 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1544 Script Info: | Not valid before: 2019-10-02T15:40:52
1545 Script Info: | Not valid after: 2021-10-02T15:40:52
1546 Script Info: | MD5: df58 b7e8 51a3 a420 8cbb efbf 0a27 68c2
1547 Script Info: |_SHA-1: 08e0 0f3b 0647 02ca 1fe3 7109 4198 9c36 41be 2f58
1548 Script Info: |_ssl-date: TLS randomness does not represent time
1549 Port: 993/tcp open ssl/imaps? syn-ack ttl 50
1550 Script Info: |_ssl-date: TLS randomness does not represent time
1551 Port: 995/tcp open ssl/pop3s? syn-ack ttl 50
1552 Script Info: |_ssl-date: TLS randomness does not represent time
1553 Os Info: Host: crayford.servers.prgn.misp.co.uk
1554 IP: 172.217.218.27
1555 HostName: alt4.aspmx.l.google.com Type: MX
1556 Country: United States
1557 Is Active: True (reset ttl 64)
1558 IP: 172.253.120.27
1559 HostName: alt3.aspmx.l.google.com Type: MX
1560 Country: United States
1561 Is Active: True (reset ttl 64)
1562 IP: 129.41.78.93
1563 Type: SPF
1564 Is Active: True (reset ttl 64)
1565 IP: 40.92.0.0
1566 Type: SPF
1567 Is Active: True (reset ttl 64)
1568 IP: 64.18.0.0
1569 Type: SPF
1570 Is Active: True (reset ttl 64)
1571 IP: 31.222.51.0
1572 Type: SPF
1573 Is Active: True (reset ttl 64)
1574 IP: 195.217.141.134
1575 Type: SPF
1576 Is Active: True (reset ttl 64)
1577 IP: 31.222.50.0
1578 Type: SPF
1579 Is Active: True (reset ttl 64)
1580 IP: 195.217.141.131
1581 Type: SPF
1582 Is Active: True (reset ttl 64)
1583 IP: 195.217.141.132
1584 Type: SPF
1585 Is Active: True (reset ttl 64)
1586 IP: 195.217.141.133
1587 Type: SPF
1588 Is Active: True (reset ttl 64)
1589 IP: 104.47.9.36
1590 HostName: crayford-com.mail.protection.outlook.com Type: MX
1591 HostName: mail-ve1eur030036.inbound.protection.outlook.com Type: PTR
1592 Country: Austria
1593 Is Active: True (reset ttl 64)
1594 IP: 207.126.144.0
1595 Type: SPF
1596 Is Active: True (reset ttl 64)
1597 IP: 64.85.1.8
1598 HostName: mail.crayford.com. Type: A
1599 Country: United States
1600 Is Active: True (reset ttl 64)
1601
1602--------------End Summary --------------
1603-----------------------------------------
1604####################################################################################################################################
1605traceroute to www.crayford.com (87.247.240.207), 30 hops max, 60 byte packets
1606 1 10.244.204.1 (10.244.204.1) 33.800 ms 64.363 ms 93.946 ms
1607 2 104.245.145.177 (104.245.145.177) 93.942 ms 93.928 ms 93.914 ms
1608 3 te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 93.931 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 93.924 ms 93.926 ms
1609 4 toro-b1-link.telia.net (62.115.168.48) 93.821 ms 93.807 ms 93.792 ms
1610 5 te0-9-1-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.169) 93.809 ms 93.793 ms te0-9-0-9.ccr32.yyz02.atlas.cogentco.com (154.54.43.153) 93.738 ms
1611 6 nyk-bb2-link.telia.net (62.115.113.86) 168.036 ms 116.686 ms *
1612 7 ldn-bb3-link.telia.net (62.115.113.21) 194.724 ms toro-b3-link.telia.net (62.115.116.180) 109.115 ms 139.879 ms
1613 8 nyk-bb2-link.telia.net (62.115.113.86) 194.686 ms * 194.684 ms
1614 9 ldn-bb3-link.telia.net (62.115.113.21) 194.651 ms 223.762 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78) 194.478 ms
161510 ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1) 194.498 ms ldn-b5-link.telia.net (213.155.132.195) 194.532 ms 192.262 ms
161611 ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78) 194.463 ms 87.230.114.202 (87.230.114.202) 194.558 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78) 194.418 ms
161712 185.24.99.65 (185.24.99.65) 195.656 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1) 164.946 ms 185.24.99.65 (185.24.99.65) 172.493 ms
161813 87.230.114.202 (87.230.114.202) 139.049 ms crayford.servers.prgn.misp.co.uk (87.247.240.207) 170.190 ms *
1619#####################################################################################################################################
1620----- crayford.com -----
1621
1622
1623Host's addresses:
1624__________________
1625
1626crayford.com. 85830 IN A 87.247.240.207
1627
1628
1629Name Servers:
1630______________
1631
1632ns5.netnames.net. 85359 IN A 156.154.130.100
1633ns6.netnames.net. 85359 IN A 156.154.131.100
1634ns1.netnames.net. 85359 IN A 156.154.130.100
1635ns2.netnames.net. 83099 IN A 156.154.131.100
1636
1637
1638Mail (MX) Servers:
1639___________________
1640
1641alt3.aspmx.l.google.com. 293 IN A 172.253.120.26
1642alt4.aspmx.l.google.com. 293 IN A 172.217.218.26
1643alt2.aspmx.l.google.com. 293 IN A 209.85.202.26
1644alt1.aspmx.l.google.com. 293 IN A 64.233.186.26
1645aspmx.l.google.com. 293 IN A 173.194.208.26
1646crayford-com.mail.protection.outlook.com. 10 IN A 104.47.9.36
1647crayford-com.mail.protection.outlook.com. 10 IN A 104.47.10.36
1648
1649
1650
1651Scraping crayford.com subdomains from Google:
1652______________________________________________
1653
1654
1655 ---- Google search page: 1 ----
1656
1657
1658
1659Google Results:
1660________________
1661
1662 perhaps Google is blocking our queries.
1663 Check manually.
1664
1665
1666Brute forcing with /usr/share/dnsenum/dns.txt:
1667_______________________________________________
1668
1669ftp.crayford.com. 85830 IN A 191.235.166.165
1670mail.crayford.com. 85826 IN A 64.85.1.8
1671stats.crayford.com. 86087 IN A 83.222.229.149
1672www.crayford.com. 85407 IN A 87.247.240.207
1673
1674
1675Launching Whois Queries:
1676_________________________
1677
1678 whois ip result: 64.85.1.0 -> 64.85.0.0/21
1679 whois ip result: 83.222.229.0 -> 83.222.228.0/23
1680 whois ip result: 87.247.240.0 -> 87.247.240.0/21
1681 whois ip result: 191.235.166.0 -> 191.232.0.0/14
1682
1683
1684crayford.com____________
1685
1686 83.222.228.0/23
1687 64.85.0.0/21
1688 87.247.240.0/21
1689 191.232.0.0/14
1690
1691####################################################################################################################################
1692Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 02:34 EST
1693Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
1694Host is up (0.13s latency).
1695Not shown: 462 filtered ports, 4 closed ports
1696Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1697PORT STATE SERVICE VERSION
169821/tcp open ftp ProFTPD
1699|_ssl-date: TLS randomness does not represent time
1700| tls-nextprotoneg:
1701|_ ftp
170222/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1703| ssh-hostkey:
1704| 2048 62:d0:26:90:1b:66:9c:07:62:9e:60:9c:f4:1b:5a:09 (RSA)
1705| 256 4e:1b:6f:56:d6:bd:27:c1:54:7d:4f:e6:cf:0f:96:b0 (ECDSA)
1706|_ 256 74:84:9e:2e:fd:06:f5:47:2a:65:1e:36:59:23:95:30 (ED25519)
170780/tcp open http Apache httpd
1708|_http-server-header: Apache
1709|_http-title: Site doesn't have a title (text/html).
1710110/tcp open pop3 Dovecot pop3d
1711|_pop3-capabilities: USER RESP-CODES PIPELINING AUTH-RESP-CODE CAPA UIDL SASL(PLAIN LOGIN) TOP STLS
1712|_ssl-date: TLS randomness does not represent time
1713143/tcp open imap Dovecot imapd
1714|_imap-capabilities: LOGIN-REFERRALS IDLE AUTH=PLAIN LITERAL+ have NAMESPACE AUTH=LOGINA0001 listed more Pre-login ID OK IMAP4rev1 post-login capabilities SASL-IR ENABLE STARTTLS
1715|_ssl-date: TLS randomness does not represent time
1716443/tcp open ssl/http Apache httpd
1717|_http-favicon: ERROR: Script execution failed (use -d to debug)
1718|_http-server-header: Apache
1719|_http-title: Site doesn't have a title (text/html).
1720|_http-trane-info: ERROR: Script execution failed (use -d to debug)
1721| ssl-cert: Subject: commonName=crayford.com
1722| Subject Alternative Name: DNS:crayford.com, DNS:www.crayford.com
1723| Not valid before: 2019-06-10T08:58:15
1724|_Not valid after: 2020-06-12T12:27:03
1725|_ssl-date: TLS randomness does not represent time
1726| tls-alpn:
1727|_ http/1.1
1728465/tcp open ssl/smtp Exim smtpd 4.92
1729| smtp-commands: crayford.servers.prgn.misp.co.uk Hello crayford.servers.prgn.misp.co.uk [104.245.145.188], SIZE 52428800, 8BITMIME, PIPELINING, AUTH PLAIN LOGIN, HELP,
1730|_ Commands supported: AUTH HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1731| ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1732| Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1733| Not valid before: 2019-10-02T15:40:52
1734|_Not valid after: 2021-10-02T15:40:52
1735|_ssl-date: TLS randomness does not represent time
1736587/tcp open smtp Exim smtpd 4.92
1737| smtp-commands: crayford.servers.prgn.misp.co.uk Hello crayford.servers.prgn.misp.co.uk [104.245.145.188], SIZE 52428800, 8BITMIME, PIPELINING, STARTTLS, HELP,
1738|_ Commands supported: AUTH STARTTLS HELO EHLO MAIL RCPT DATA BDAT NOOP QUIT RSET HELP
1739| ssl-cert: Subject: commonName=*.servers.prgn.misp.co.uk
1740| Subject Alternative Name: DNS:*.servers.prgn.misp.co.uk, DNS:servers.prgn.misp.co.uk
1741| Not valid before: 2019-10-02T15:40:52
1742|_Not valid after: 2021-10-02T15:40:52
1743|_ssl-date: TLS randomness does not represent time
1744993/tcp open ssl/imaps?
1745|_ssl-date: TLS randomness does not represent time
1746995/tcp open ssl/pop3s?
1747|_ssl-date: TLS randomness does not represent time
1748Aggressive OS guesses: Linux 3.7 (94%), Linux 3.10 - 3.12 (93%), Linux 4.4 (93%), Linux 2.6.32 (93%), Ubiquiti AirMax NanoStation WAP (Linux 2.6.32) (93%), Ubiquiti AirOS 5.5.9 (93%), Linux 2.6.32 - 3.13 (93%), Ubiquiti Pico Station WAP (AirOS 5.2.6) (93%), Linux 2.6.39 (92%), Linux 3.4 (92%)
1749No exact OS matches for host (test conditions non-ideal).
1750Network Distance: 13 hops
1751
1752TRACEROUTE (using port 80/tcp)
1753HOP RTT ADDRESS
17541 107.81 ms 10.244.204.1
17552 137.70 ms 104.245.145.177
17563 137.79 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
17574 137.75 ms toro-b1-link.telia.net (62.115.168.48)
17585 137.79 ms toro-b3-link.telia.net (62.115.116.180)
17596 137.78 ms toro-b1-link.telia.net (62.115.168.48)
17607 221.51 ms ldn-bb3-link.telia.net (62.115.113.21)
17618 191.67 ms ldn-b5-link.telia.net (213.155.132.195)
17629 221.49 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
176310 137.91 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
176411 140.17 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
176512 196.13 ms 185.24.99.65
176613 161.09 ms crayford.servers.prgn.misp.co.uk (87.247.240.207)
1767####################################################################################################################################
1768Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 02:38 EST
1769Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
1770Host is up (0.093s latency).
1771Not shown: 14 filtered ports, 3 closed ports
1772Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1773PORT STATE SERVICE VERSION
177467/udp open|filtered dhcps
177568/udp open|filtered dhcpc
177669/udp open|filtered tftp
177788/udp open|filtered kerberos-sec
1778123/udp open|filtered ntp
1779139/udp open|filtered netbios-ssn
1780161/udp open|filtered snmp
1781162/udp open|filtered snmptrap
1782389/udp open|filtered ldap
1783520/udp open|filtered route
17842049/udp open|filtered nfs
1785Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1786Device type: phone|broadband router|storage-misc|WAP|general purpose
1787Running: Google Android 5.X, Linksys embedded, Linux 2.4.X|2.6.X, TP-LINK embedded
1788OS CPE: cpe:/o:google:android:5.0.1 cpe:/h:linksys:wrv200 cpe:/h:linksys:nas200 cpe:/o:linux:linux_kernel:2.4.36 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:tp-link:tl-wa801nd
1789OS details: Android 5.0.1, Linksys WRV200 wireless broadband router, Linksys NAS200 NAS device, DD-WRT v24-sp2 (Linux 2.4.36), Linux 2.6.22 (Kubuntu, x86), Linux 2.6.25 (openSUSE 11.0), Linux 2.6.32, TP-LINK TL-WA801ND WAP (Linux 2.6.36)
1790Network Distance: 15 hops
1791
1792TRACEROUTE (using port 138/udp)
1793HOP RTT ADDRESS
17941 ... 5
17956 29.68 ms 10.244.204.1
17967 ... 8
17979 29.99 ms 10.244.204.1
179810 90.75 ms 10.244.204.1
179911 90.75 ms 10.244.204.1
180012 90.76 ms 10.244.204.1
180113 90.75 ms 10.244.204.1
180214 60.92 ms 10.244.204.1
180315 30.97 ms 10.244.204.1
180416 ... 18
180519 29.85 ms 10.244.204.1
180620 30.28 ms 10.244.204.1
180721 ... 28
180829 29.50 ms 10.244.204.1
180930 29.74 ms 10.244.204.1
1810####################################################################################################################################
1811Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 02:42 EST
1812NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1813NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1814NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1815Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
1816Host is up (0.14s latency).
1817
1818PORT STATE SERVICE VERSION
181921/tcp open ftp ProFTPD
1820| ftp-brute:
1821| Accounts: No valid accounts found
1822|_ Statistics: Performed 3487 guesses in 180 seconds, average tps: 19.4
1823Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1824Aggressive OS guesses: Linux 3.10 - 3.12 (99%), Linux 4.4 (99%), Linux 3.18 (99%), Linux 2.6.32 (98%), Linux 2.6.35 (98%), Linux 2.6.39 (98%), Linux 3.10 (98%), Linux 3.4 (98%), Linux 3.5 (98%), Linux 3.7 (98%)
1825No exact OS matches for host (test conditions non-ideal).
1826Network Distance: 14 hops
1827
1828TRACEROUTE (using port 21/tcp)
1829HOP RTT ADDRESS
18301 79.88 ms 10.244.204.1
18312 79.93 ms 104.245.145.177
18323 79.94 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
18334 79.97 ms toro-b1-link.telia.net (62.115.168.48)
18345 80.01 ms toro-b3-link.telia.net (62.115.116.180)
18356 150.93 ms nyk-bb2-link.telia.net (62.115.113.86)
18367 70.47 ms toro-b3-link.telia.net (62.115.116.180)
18378 150.92 ms nyk-bb2-link.telia.net (62.115.113.86)
18389 131.43 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
183910 131.41 ms ldn-b5-link.telia.net (213.155.132.195)
184011 161.18 ms 87.230.114.202
184112 131.47 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
184213 161.23 ms 87.230.114.202
184314 131.50 ms crayford.servers.prgn.misp.co.uk (87.247.240.207)
1844####################################################################################################################################
1845# general
1846(gen) banner: SSH-2.0-OpenSSH_7.4
1847(gen) software: OpenSSH 7.4
1848(gen) compatibility: OpenSSH 7.3+ (some functionality from 6.6), Dropbear SSH 2016.73+ (some functionality from 0.52)
1849(gen) compression: enabled (zlib@openssh.com)
1850
1851# key exchange algorithms
1852(kex) curve25519-sha256 -- [warn] unknown algorithm
1853(kex) curve25519-sha256@libssh.org -- [info] available since OpenSSH 6.5, Dropbear SSH 2013.62
1854(kex) ecdh-sha2-nistp256 -- [fail] using weak elliptic curves
1855 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1856(kex) ecdh-sha2-nistp384 -- [fail] using weak elliptic curves
1857 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1858(kex) ecdh-sha2-nistp521 -- [fail] using weak elliptic curves
1859 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1860(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1861 `- [info] available since OpenSSH 4.4
1862(kex) diffie-hellman-group16-sha512 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1863(kex) diffie-hellman-group18-sha512 -- [info] available since OpenSSH 7.3
1864(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1865 `- [warn] using weak hashing algorithm
1866 `- [info] available since OpenSSH 2.3.0
1867(kex) diffie-hellman-group14-sha256 -- [info] available since OpenSSH 7.3, Dropbear SSH 2016.73
1868(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1869 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1870(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1871 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1872 `- [warn] using small 1024-bit modulus
1873 `- [warn] using weak hashing algorithm
1874 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1875
1876# host-key algorithms
1877(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1878(key) rsa-sha2-512 -- [info] available since OpenSSH 7.2
1879(key) rsa-sha2-256 -- [info] available since OpenSSH 7.2
1880(key) ecdsa-sha2-nistp256 -- [fail] using weak elliptic curves
1881 `- [warn] using weak random number generator could reveal the key
1882 `- [info] available since OpenSSH 5.7, Dropbear SSH 2013.62
1883(key) ssh-ed25519 -- [info] available since OpenSSH 6.5
1884
1885# encryption algorithms (ciphers)
1886(enc) chacha20-poly1305@openssh.com -- [info] available since OpenSSH 6.5
1887 `- [info] default cipher since OpenSSH 6.9.
1888(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1889(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1890(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1891(enc) aes128-gcm@openssh.com -- [info] available since OpenSSH 6.2
1892(enc) aes256-gcm@openssh.com -- [info] available since OpenSSH 6.2
1893(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1894 `- [warn] using weak cipher mode
1895 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1896(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1897 `- [warn] using weak cipher mode
1898 `- [info] available since OpenSSH 2.3.0
1899(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1900 `- [warn] using weak cipher mode
1901 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1902(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1903 `- [fail] disabled since Dropbear SSH 0.53
1904 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1905 `- [warn] using weak cipher mode
1906 `- [warn] using small 64-bit block size
1907 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1908(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1909 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1910 `- [warn] using weak cipher mode
1911 `- [warn] using small 64-bit block size
1912 `- [info] available since OpenSSH 2.1.0
1913(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1914 `- [warn] using weak cipher
1915 `- [warn] using weak cipher mode
1916 `- [warn] using small 64-bit block size
1917 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1918
1919# message authentication code algorithms
1920(mac) umac-64-etm@openssh.com -- [warn] using small 64-bit tag size
1921 `- [info] available since OpenSSH 6.2
1922(mac) umac-128-etm@openssh.com -- [info] available since OpenSSH 6.2
1923(mac) hmac-sha2-256-etm@openssh.com -- [info] available since OpenSSH 6.2
1924(mac) hmac-sha2-512-etm@openssh.com -- [info] available since OpenSSH 6.2
1925(mac) hmac-sha1-etm@openssh.com -- [warn] using weak hashing algorithm
1926 `- [info] available since OpenSSH 6.2
1927(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1928 `- [warn] using small 64-bit tag size
1929 `- [info] available since OpenSSH 4.7
1930(mac) umac-128@openssh.com -- [warn] using encrypt-and-MAC mode
1931 `- [info] available since OpenSSH 6.2
1932(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1933 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1934(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1935 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1936(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1937 `- [warn] using weak hashing algorithm
1938 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1939
1940# algorithm recommendations (for OpenSSH 7.4)
1941(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1942(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
1943(rec) -diffie-hellman-group-exchange-sha256 -- kex algorithm to remove
1944(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1945(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1946(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
1947(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
1948(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
1949(rec) -blowfish-cbc -- enc algorithm to remove
1950(rec) -3des-cbc -- enc algorithm to remove
1951(rec) -aes256-cbc -- enc algorithm to remove
1952(rec) -cast128-cbc -- enc algorithm to remove
1953(rec) -aes192-cbc -- enc algorithm to remove
1954(rec) -aes128-cbc -- enc algorithm to remove
1955(rec) -hmac-sha2-512 -- mac algorithm to remove
1956(rec) -umac-128@openssh.com -- mac algorithm to remove
1957(rec) -hmac-sha2-256 -- mac algorithm to remove
1958(rec) -umac-64@openssh.com -- mac algorithm to remove
1959(rec) -hmac-sha1 -- mac algorithm to remove
1960(rec) -hmac-sha1-etm@openssh.com -- mac algorithm to remove
1961(rec) -umac-64-etm@openssh.com -- mac algorithm to remove
1962####################################################################################################################################
1963Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 02:46 EST
1964NSE: [ssh-run] Failed to specify credentials and command to run.
1965NSE: [ssh-brute] Trying username/password pair: root:root
1966NSE: [ssh-brute] Trying username/password pair: admin:admin
1967NSE: [ssh-brute] Trying username/password pair: administrator:administrator
1968NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
1969NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
1970NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
1971NSE: [ssh-brute] Trying username/password pair: guest:guest
1972NSE: [ssh-brute] Trying username/password pair: user:user
1973NSE: [ssh-brute] Trying username/password pair: web:web
1974NSE: [ssh-brute] Trying username/password pair: test:test
1975NSE: [ssh-brute] Trying username/password pair: root:
1976NSE: [ssh-brute] Trying username/password pair: admin:
1977NSE: [ssh-brute] Trying username/password pair: administrator:
1978NSE: [ssh-brute] Trying username/password pair: webadmin:
1979NSE: [ssh-brute] Trying username/password pair: sysadmin:
1980NSE: [ssh-brute] Trying username/password pair: netadmin:
1981Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
1982Host is up (0.15s latency).
1983
1984PORT STATE SERVICE VERSION
198522/tcp open ssh OpenSSH 7.4 (protocol 2.0)
1986| ssh-auth-methods:
1987| Supported authentication methods:
1988| publickey
1989| gssapi-keyex
1990| gssapi-with-mic
1991|_ password
1992| ssh-hostkey:
1993| 2048 62:d0:26:90:1b:66:9c:07:62:9e:60:9c:f4:1b:5a:09 (RSA)
1994| 256 4e:1b:6f:56:d6:bd:27:c1:54:7d:4f:e6:cf:0f:96:b0 (ECDSA)
1995|_ 256 74:84:9e:2e:fd:06:f5:47:2a:65:1e:36:59:23:95:30 (ED25519)
1996| ssh-publickey-acceptance:
1997|_ Accepted Public Keys: No public keys accepted
1998|_ssh-run: Failed to specify credentials and command to run.
1999Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2000Aggressive OS guesses: Linux 3.18 (98%), Linux 2.6.32 (97%), Linux 3.10 (97%), Linux 3.4 (97%), Linux 3.5 (97%), Linux 3.7 (97%), Synology DiskStation Manager 5.1 (97%), Linux 3.1 - 3.2 (97%), Linux 3.10 - 3.12 (97%), Linux 4.4 (97%)
2001No exact OS matches for host (test conditions non-ideal).
2002Network Distance: 13 hops
2003
2004TRACEROUTE (using port 22/tcp)
2005HOP RTT ADDRESS
20061 76.10 ms 10.244.204.1
20072 76.15 ms 104.245.145.177
20083 76.19 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
20094 76.30 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
20105 76.21 ms toro-b3-link.telia.net (62.115.116.180)
20116 76.19 ms toro-b1-link.telia.net (62.115.168.48)
20127 76.24 ms toro-b3-link.telia.net (62.115.116.180)
20138 138.04 ms ldn-b5-link.telia.net (213.155.132.195)
20149 138.07 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
201510 138.09 ms ldn-b5-link.telia.net (213.155.132.195)
201611 146.84 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
201712 ...
201813 146.82 ms crayford.servers.prgn.misp.co.uk (87.247.240.207)
2019#####################################################################################################################################
2020USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2021RHOSTS => 87.247.240.207
2022RHOST => 87.247.240.207
2023[*] 87.247.240.207:22 - SSH - Using malformed packet technique
2024[*] 87.247.240.207:22 - SSH - Starting scan
2025[-] 87.247.240.207:22 - SSH - User 'admin' on could not connect
2026[-] 87.247.240.207:22 - SSH - User 'administrator' on could not connect
2027[-] 87.247.240.207:22 - SSH - User 'anonymous' on could not connect
2028[-] 87.247.240.207:22 - SSH - User 'backup' on could not connect
2029[-] 87.247.240.207:22 - SSH - User 'bee' on could not connect
2030[-] 87.247.240.207:22 - SSH - User 'ftp' on could not connect
2031[-] 87.247.240.207:22 - SSH - User 'guest' on could not connect
2032[-] 87.247.240.207:22 - SSH - User 'GUEST' on could not connect
2033[-] 87.247.240.207:22 - SSH - User 'info' on could not connect
2034[-] 87.247.240.207:22 - SSH - User 'mail' on could not connect
2035[-] 87.247.240.207:22 - SSH - User 'mailadmin' on could not connect
2036[-] 87.247.240.207:22 - SSH - User 'msfadmin' on could not connect
2037[-] 87.247.240.207:22 - SSH - User 'mysql' on could not connect
2038[-] 87.247.240.207:22 - SSH - User 'nobody' on could not connect
2039[-] 87.247.240.207:22 - SSH - User 'oracle' on could not connect
2040[-] 87.247.240.207:22 - SSH - User 'owaspbwa' on could not connect
2041[-] 87.247.240.207:22 - SSH - User 'postfix' on could not connect
2042[-] 87.247.240.207:22 - SSH - User 'postgres' on could not connect
2043[-] 87.247.240.207:22 - SSH - User 'private' on could not connect
2044[-] 87.247.240.207:22 - SSH - User 'proftpd' on could not connect
2045[-] 87.247.240.207:22 - SSH - User 'public' on could not connect
2046[-] 87.247.240.207:22 - SSH - User 'root' on could not connect
2047[-] 87.247.240.207:22 - SSH - User 'superadmin' on could not connect
2048[-] 87.247.240.207:22 - SSH - User 'support' on could not connect
2049[-] 87.247.240.207:22 - SSH - User 'sys' on could not connect
2050[-] 87.247.240.207:22 - SSH - User 'system' on could not connect
2051[-] 87.247.240.207:22 - SSH - User 'systemadmin' on could not connect
2052[-] 87.247.240.207:22 - SSH - User 'systemadministrator' on could not connect
2053[-] 87.247.240.207:22 - SSH - User 'test' on could not connect
2054[-] 87.247.240.207:22 - SSH - User 'tomcat' on could not connect
2055[-] 87.247.240.207:22 - SSH - User 'user' on could not connect
2056[-] 87.247.240.207:22 - SSH - User 'webmaster' on could not connect
2057[-] 87.247.240.207:22 - SSH - User 'www-data' on could not connect
2058[-] 87.247.240.207:22 - SSH - User 'Fortimanager_Access' on could not connect
2059[*] Scanned 1 of 1 hosts (100% complete)
2060[*] Auxiliary module execution completed
2061#####################################################################################################################################
2062Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:16 EST
2063Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2064Host is up.
2065
2066PORT STATE SERVICE VERSION
206767/tcp filtered dhcps
206867/udp open|filtered dhcps
2069|_dhcp-discover: ERROR: Script execution failed (use -d to debug)
2070Too many fingerprints match this host to give specific OS details
2071
2072TRACEROUTE (using proto 1/icmp)
2073HOP RTT ADDRESS
20741 60.11 ms 10.244.204.1
20752 90.05 ms 104.245.145.177
20763 90.12 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
20774 90.11 ms toro-b1-link.telia.net (62.115.168.48)
20785 90.15 ms toro-b3-link.telia.net (62.115.116.180)
20796 113.56 ms nyk-bb2-link.telia.net (62.115.113.86)
20807 150.13 ms ldn-bb3-link.telia.net (62.115.113.21)
20818 150.12 ms ldn-b5-link.telia.net (213.155.132.195)
20829 150.10 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
208310 119.90 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
208411 118.96 ms 87.230.114.202
208512 147.96 ms 185.24.99.65
208613 ... 30
2087####################################################################################################################################
2088Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:18 EST
2089Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2090Host is up.
2091
2092PORT STATE SERVICE VERSION
209368/tcp filtered dhcpc
209468/udp open|filtered dhcpc
2095Too many fingerprints match this host to give specific OS details
2096
2097TRACEROUTE (using proto 1/icmp)
2098HOP RTT ADDRESS
20991 64.58 ms 10.244.204.1
21002 93.69 ms 104.245.145.177
21013 93.76 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
21024 93.76 ms toro-b1-link.telia.net (62.115.168.48)
21035 93.81 ms toro-b3-link.telia.net (62.115.116.180)
21046 114.03 ms nyk-bb2-link.telia.net (62.115.113.86)
21057 154.20 ms ldn-bb3-link.telia.net (62.115.113.21)
21068 154.15 ms ldn-b5-link.telia.net (213.155.132.195)
21079 154.21 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
210810 124.51 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
210911 115.53 ms 87.230.114.202
211012 141.70 ms 185.24.99.65
211113 ... 30
2112####################################################################################################################################
2113Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:20 EST
2114Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2115Host is up.
2116
2117PORT STATE SERVICE VERSION
211869/tcp filtered tftp
211969/udp open|filtered tftp
2120Too many fingerprints match this host to give specific OS details
2121
2122TRACEROUTE (using proto 1/icmp)
2123HOP RTT ADDRESS
21241 59.46 ms 10.244.204.1
21252 89.19 ms 104.245.145.177
21263 89.22 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
21274 89.16 ms toro-b1-link.telia.net (62.115.168.48)
21285 89.25 ms toro-b3-link.telia.net (62.115.116.180)
21296 115.50 ms nyk-bb2-link.telia.net (62.115.113.86)
21307 161.53 ms ldn-bb3-link.telia.net (62.115.113.21)
21318 161.51 ms ldn-b5-link.telia.net (213.155.132.195)
21329 161.54 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
213310 161.53 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
213411 130.51 ms 87.230.114.202
213512 162.09 ms 185.24.99.65
213613 ... 30
2137######################################################################################################################################
2138Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:25 EST
2139Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2140Host is up.
2141
2142PORT STATE SERVICE VERSION
2143110/tcp filtered pop3
2144Too many fingerprints match this host to give specific OS details
2145
2146TRACEROUTE (using proto 1/icmp)
2147HOP RTT ADDRESS
21481 59.79 ms 10.244.204.1
21492 89.67 ms 104.245.145.177
21503 89.74 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
21514 89.74 ms toro-b1-link.telia.net (62.115.168.48)
21525 89.78 ms toro-b3-link.telia.net (62.115.116.180)
21536 115.64 ms nyk-bb2-link.telia.net (62.115.113.86)
21547 161.81 ms ldn-bb3-link.telia.net (62.115.113.21)
21558 161.80 ms ldn-b5-link.telia.net (213.155.132.195)
21569 161.80 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
215710 161.81 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
215811 131.05 ms 87.230.114.202
215912 179.16 ms 185.24.99.65
216013 ... 30
2161#####################################################################################################################################
2162Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:26 EST
2163Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2164Host is up.
2165
2166PORT STATE SERVICE VERSION
2167123/tcp filtered ntp
2168123/udp open|filtered ntp
2169Too many fingerprints match this host to give specific OS details
2170
2171TRACEROUTE (using proto 1/icmp)
2172HOP RTT ADDRESS
21731 67.66 ms 10.244.204.1
21742 107.10 ms 104.245.145.177
21753 107.14 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
21764 107.14 ms toro-b1-link.telia.net (62.115.168.48)
21775 107.16 ms toro-b3-link.telia.net (62.115.116.180)
21786 115.77 ms nyk-bb2-link.telia.net (62.115.113.86)
21797 167.18 ms ldn-bb3-link.telia.net (62.115.113.21)
21808 167.17 ms ldn-b5-link.telia.net (213.155.132.195)
21819 167.20 ms ae0.cr-sargas.lon1.bb.godaddy.com (213.248.96.78)
218210 136.94 ms ae0.cr-merak.lon5.bb.godaddy.com (87.230.113.1)
218311 119.81 ms 87.230.114.202
218412 122.97 ms 185.24.99.65
218513 ... 30
2186#####################################################################################################################################
2187Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-04 03:33 EST
2188Nmap scan report for crayford.servers.prgn.misp.co.uk (87.247.240.207)
2189Host is up (0.30s latency).
2190Not shown: 985 filtered ports
2191PORT STATE SERVICE VERSION
219220/tcp closed ftp-data
219321/tcp open ftp ProFTPD
2194| vulscan: VulDB - https://vuldb.com:
2195| [138380] ProFTPD 1.3.5b mod_copy Code Execution
2196| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
2197| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
2198| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
2199| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
2200| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
2201| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
2202| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
2203| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2204| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
2205| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
2206| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
2207| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
2208| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
2209| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
2210| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
2211| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
2212| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
2213| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
2214| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
2215| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
2216| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
2217|
2218| MITRE CVE - https://cve.mitre.org:
2219| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
2220| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
2221| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
2222| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
2223| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
2224| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
2225| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
2226| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
2227| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
2228| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
2229| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
2230| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
2231| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
2232| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
2233| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
2234| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
2235| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
2236| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
2237| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
2238| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
2239| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
2240| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
2241| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
2242| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
2243| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
2244| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
2245| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
2246| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
2247| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
2248| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
2249| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
2250| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
2251| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
2252| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
2253| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
2254| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
2255| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
2256| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
2257| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
2258|
2259| SecurityFocus - https://www.securityfocus.com/bid/:
2260| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
2261| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
2262| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
2263| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
2264| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
2265| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
2266| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
2267| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
2268| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
2269| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
2270| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
2271| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
2272| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2273| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
2274| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
2275| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
2276| [44562] ProFTPD Multiple Remote Vulnerabilities
2277| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2278| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
2279| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
2280| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
2281| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
2282| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
2283| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
2284| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
2285| [14381] ProFTPD Shutdown Message Format String Vulnerability
2286| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
2287| [12588] GProFTPD GProstats Remote Format String Vulnerability
2288| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
2289| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
2290| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
2291| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
2292| [7974] ProFTPD SQL Injection mod_sql Vulnerability
2293| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
2294| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
2295| [3310] ProFTPD Client Hostname Resolving Vulnerability
2296| [2366] ProFTPD USER Remote Denial of Service Vulnerability
2297| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
2298| [812] ProFTPD mod_sqlpw Vulnerability
2299| [650] ProFTPD snprintf Vulnerability
2300| [612] ProFTPD Remote Buffer Overflow
2301|
2302| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2303| [80980] ProFTPD FTP commands symlink
2304| [71226] ProFTPD pool code execution
2305| [65207] ProFTPD mod_sftp module denial of service
2306| [64495] ProFTPD sql_prepare_where() buffer overflow
2307| [63658] ProFTPD FTP server backdoor
2308| [63407] mod_sql module for ProFTPD buffer overflow
2309| [63155] ProFTPD pr_data_xfer denial of service
2310| [62909] ProFTPD mod_site_misc directory traversal
2311| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
2312| [53936] ProFTPD mod_tls SSL certificate security bypass
2313| [48951] ProFTPD mod_sql username percent SQL injection
2314| [48558] ProFTPD NLS support SQL injection protection bypass
2315| [45274] ProFTPD URL cross-site request forgery
2316| [33733] ProFTPD Auth API security bypass
2317| [31461] ProFTPD mod_radius buffer overflow
2318| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
2319| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
2320| [30147] ProFTPD sreplace() buffer overflow
2321| [21530] ProFTPD mod_sql format string attack
2322| [21528] ProFTPD shutdown message format string attack
2323| [19410] GProFTPD file name format string attack
2324| [18453] ProFTPD SITE CHGRP command allows group ownership modification
2325| [17724] ProFTPD could allow an attacker to obtain valid accounts
2326| [16038] ProFTPD CIDR entry ACL bypass
2327| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
2328| [12369] ProFTPD mod_sql SQL injection
2329| [12200] ProFTPD ASCII file newline buffer overflow
2330| [10932] ProFTPD long PASS command buffer overflow
2331| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
2332| [7818] ProFTPD ls "
2333| [7816] ProFTPD file globbing denial of service
2334| [7126] ProFTPD fails to resolve hostnames
2335| [6433] ProFTPD format string
2336| [6209] proFTPD /var symlink
2337| [6208] ProFTPD contains configuration error in postinst script when running as root
2338| [5801] proftpd memory leak when using SIZE or USER commands
2339| [5737] ProFTPD system using mod_sqlpw unauthorized access
2340|
2341| Exploit-DB - https://www.exploit-db.com:
2342| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
2343| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
2344| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
2345| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
2346| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
2347| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
2348| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
2349| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
2350| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
2351| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
2352| [16921] ProFTPD-1.3.3c Backdoor Command Execution
2353| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
2354| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
2355| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
2356| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
2357| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
2358| [15449] ProFTPD IAC Remote Root Exploit
2359| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
2360| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
2361| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
2362| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
2363| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
2364| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
2365| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
2366| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
2367| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
2368| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
2369| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
2370| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
2371| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
2372| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
2373| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
2374| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
2375|
2376| OpenVAS (Nessus) - http://www.openvas.org:
2377| [900815] ProFTPD Server Remote Version Detection
2378| [900507] ProFTPD Server SQL Injection Vulnerability
2379| [900506] ProFTPD Server Version Detection
2380| [900133] ProFTPD Long Command Handling Security Vulnerability
2381| [863897] Fedora Update for proftpd FEDORA-2011-15765
2382| [863633] Fedora Update for proftpd FEDORA-2011-15741
2383| [863630] Fedora Update for proftpd FEDORA-2011-15740
2384| [862999] Fedora Update for proftpd FEDORA-2011-5040
2385| [862992] Fedora Update for proftpd FEDORA-2011-5033
2386| [862829] Fedora Update for proftpd FEDORA-2011-0613
2387| [862828] Fedora Update for proftpd FEDORA-2011-0610
2388| [862658] Fedora Update for proftpd FEDORA-2010-17091
2389| [862546] Fedora Update for proftpd FEDORA-2010-17220
2390| [862544] Fedora Update for proftpd FEDORA-2010-17098
2391| [861120] Fedora Update for proftpd FEDORA-2007-2613
2392| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
2393| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
2394| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
2395| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
2396| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
2397| [801640] ProFTPD Denial of Service Vulnerability
2398| [801639] ProFTPD Multiple Remote Vulnerabilities
2399| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
2400| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
2401| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
2402| [71967] Slackware Advisory SSA:2012-041-04 proftpd
2403| [70586] FreeBSD Ports: proftpd, proftpd-mysql
2404| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
2405| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
2406| [69584] Slackware Advisory SSA:2011-095-01 proftpd
2407| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
2408| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
2409| [68801] Slackware Advisory SSA:2010-357-02 proftpd
2410| [68702] FreeBSD Ports: proftpd
2411| [68697] FreeBSD Ports: proftpd
2412| [68466] Slackware Advisory SSA:2010-305-03 proftpd
2413| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
2414| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
2415| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
2416| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
2417| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
2418| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
2419| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
2420| [63630] FreeBSD Ports: proftpd, proftpd-mysql
2421| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
2422| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
2423| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
2424| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
2425| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
2426| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
2427| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
2428| [61656] FreeBSD Ports: proftpd, proftpd-mysql
2429| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
2430| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
2431| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
2432| [57725] FreeBSD Ports: proftpd, proftpd-mysql
2433| [57703] Slackware Advisory SSA:2006-335-02 proftpd
2434| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
2435| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
2436| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
2437| [57576] FreeBSD Ports: proftpd, proftpd-mysql
2438| [55234] Debian Security Advisory DSA 795-2 (proftpd)
2439| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
2440| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
2441| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
2442| [54483] FreeBSD Ports: proftpd, proftpd-mysql
2443| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
2444| [53794] Debian Security Advisory DSA 032-1 (proftpd)
2445| [53791] Debian Security Advisory DSA 029-1 (proftpd)
2446| [52532] FreeBSD Ports: proftpd
2447| [52464] FreeBSD Ports: proftpd
2448| [15484] proftpd < 1.2.11 remote user enumeration
2449|
2450| SecurityTracker - https://www.securitytracker.com:
2451| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
2452| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
2453| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
2454| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
2455| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
2456| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
2457| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
2458| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
2459| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
2460| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
2461| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
2462| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
2463| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
2464| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
2465|
2466| OSVDB - http://www.osvdb.org:
2467| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
2468| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
2469| [70868] ProFTPD mod_sftp Component SSH Payload DoS
2470| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
2471| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
2472| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
2473| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
2474| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
2475| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
2476| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
2477| [57310] ProFTPD Multiple Unspecified Overflows
2478| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
2479| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
2480| [57307] ProFTPD Multiple Modules Unspecified Overflows
2481| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
2482| [57305] ProFTPD src/main.c Unspecified Overflow
2483| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
2484| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
2485| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
2486| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
2487| [51849] ProFTPD Character Encoding SQL Injection
2488| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
2489| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
2490| [48411] ProFTPD FTP Command Truncation CSRF
2491| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
2492| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
2493| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
2494| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
2495| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
2496| [23063] ProFTPD mod_radius Password Overflow DoS
2497| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
2498| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
2499| [18270] ProFTPD ftpshut Shutdown Message Format String
2500| [14012] GProftpd gprostats Utility Log Parser Remote Format String
2501| [10769] ProFTPD File Transfer Newline Character Overflow
2502| [10768] ProFTPD STAT Command Remote DoS
2503| [10758] ProFTPD Login Timing Account Name Enumeration
2504| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
2505| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
2506| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
2507| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
2508| [7165] ProFTPD USER Command Memory Leak DoS
2509| [5744] ProFTPD CIDR IP Subnet ACL Bypass
2510| [5705] ProFTPD Malformed cwd Command Format String
2511| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
2512| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
2513| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
2514|_
251522/tcp open ssh OpenSSH 7.4 (protocol 2.0)
2516| vulscan: VulDB - https://vuldb.com:
2517| [130671] gsi-openssh-server 7.9p1 on Fedora /etc/gsissh/sshd_config weak authentication
2518| [130371] OpenSSH 7.9 scp Man-in-the-Middle directory traversal
2519| [130370] OpenSSH 7.9 Man-in-the-Middle spoofing
2520| [130369] OpenSSH 7.9 Encoding progressmeter.c refresh_progress_meter() spoofing
2521| [129007] OpenSSH 7.9 scp Client scp.c Filename privilege escalation
2522| [123343] OpenSSH up to 7.8 GSS2 auth-gss2.c information disclosure
2523| [123011] OpenSSH up to 7.7 auth2-gss.c Request information disclosure
2524| [112267] OpenSSH up to 7.3 sshd kex.c/packet.c NEWKEYS Message denial of service
2525| [108627] OpenSSH up to 7.5 Readonly Mode sftp-server.c process_open unknown vulnerability
2526| [94611] OpenSSH up to 7.3 Access Control privilege escalation
2527| [94610] OpenSSH up to 7.3 Shared Memory Manager privilege escalation
2528| [94608] OpenSSH up to 7.3 Unix-Domain Socket privilege escalation
2529| [94607] OpenSSH up to 7.3 Forwarded Agent Channel privilege escalation
2530| [90671] OpenSSH up to 7.2 auth-passwd.c auth_password denial of service
2531| [90405] OpenSSH up to 7.2p2 sshd information disclosure
2532| [90404] OpenSSH up to 7.2p2 sshd information disclosure
2533| [90403] OpenSSH up to 7.2p2 sshd CPU Exhaustion denial of service
2534| [89622] OpenSSH 7.2p2 Authentication Username information disclosure
2535| [81320] OpenSSH up to 7.2p1 X11 Authentication Credential xauth privilege escalation
2536| [80656] OpenBSD OpenSSH 7.1 X11 Forwarding privilege escalation
2537| [80330] OpenSSH up to 7.1p1 packet.c ssh_packet_read_poll2 memory corruption
2538|
2539| MITRE CVE - https://cve.mitre.org:
2540| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
2541| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
2542|
2543| SecurityFocus - https://www.securityfocus.com/bid/:
2544| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
2545| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
2546| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
2547| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
2548| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
2549| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
2550| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
2551| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
2552| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
2553| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
2554| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
2555| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
2556| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
2557| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
2558| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
2559| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
2560| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
2561| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
2562| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
2563| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
2564| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
2565| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
2566| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
2567| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
2568| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
2569| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
2570| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
2571| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
2572| [75990] OpenSSH Login Handling Security Bypass Weakness
2573| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
2574| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
2575| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
2576| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
2577| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
2578| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
2579| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
2580| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
2581| [61286] OpenSSH Remote Denial of Service Vulnerability
2582| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
2583| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
2584| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
2585| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
2586| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
2587| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2588| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
2589| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
2590| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2591| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
2592| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
2593| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
2594| [30794] Red Hat OpenSSH Backdoor Vulnerability
2595| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
2596| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
2597| [28531] OpenSSH ForceCommand Command Execution Weakness
2598| [28444] OpenSSH X Connections Session Hijacking Vulnerability
2599| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
2600| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
2601| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
2602| [20956] OpenSSH Privilege Separation Key Signature Weakness
2603| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
2604| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
2605| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
2606| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
2607| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
2608| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
2609| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
2610| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
2611| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
2612| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
2613| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
2614| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
2615| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
2616| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
2617| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
2618| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
2619| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
2620| [6168] OpenSSH Visible Password Vulnerability
2621| [5374] OpenSSH Trojan Horse Vulnerability
2622| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
2623| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2624| [4241] OpenSSH Channel Code Off-By-One Vulnerability
2625| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
2626| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
2627| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
2628| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
2629| [2917] OpenSSH PAM Session Evasion Vulnerability
2630| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
2631| [2356] OpenSSH Private Key Authentication Check Vulnerability
2632| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
2633| [1334] OpenSSH UseLogin Vulnerability
2634|
2635| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2636| [83258] GSI-OpenSSH auth-pam.c security bypass
2637| [82781] OpenSSH time limit denial of service
2638| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
2639| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
2640| [72756] Debian openssh-server commands information disclosure
2641| [68339] OpenSSH pam_thread buffer overflow
2642| [67264] OpenSSH ssh-keysign unauthorized access
2643| [65910] OpenSSH remote_glob function denial of service
2644| [65163] OpenSSH certificate information disclosure
2645| [64387] OpenSSH J-PAKE security bypass
2646| [63337] Cisco Unified Videoconferencing OpenSSH weak security
2647| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
2648| [45202] OpenSSH signal handler denial of service
2649| [44747] RHEL OpenSSH backdoor
2650| [44280] OpenSSH PermitRootLogin information disclosure
2651| [44279] OpenSSH sshd weak security
2652| [44037] OpenSSH sshd SELinux role unauthorized access
2653| [43940] OpenSSH X11 forwarding information disclosure
2654| [41549] OpenSSH ForceCommand directive security bypass
2655| [41438] OpenSSH sshd session hijacking
2656| [40897] OpenSSH known_hosts weak security
2657| [40587] OpenSSH username weak security
2658| [37371] OpenSSH username data manipulation
2659| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
2660| [37112] RHSA update for OpenSSH signal handler race condition not installed
2661| [37107] RHSA update for OpenSSH identical block denial of service not installed
2662| [36637] OpenSSH X11 cookie privilege escalation
2663| [35167] OpenSSH packet.c newkeys[mode] denial of service
2664| [34490] OpenSSH OPIE information disclosure
2665| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
2666| [32975] Apple Mac OS X OpenSSH denial of service
2667| [32387] RHSA-2006:0738 updates for openssh not installed
2668| [32359] RHSA-2006:0697 updates for openssh not installed
2669| [32230] RHSA-2006:0298 updates for openssh not installed
2670| [32132] RHSA-2006:0044 updates for openssh not installed
2671| [30120] OpenSSH privilege separation monitor authentication verification weakness
2672| [29255] OpenSSH GSSAPI user enumeration
2673| [29254] OpenSSH signal handler race condition
2674| [29158] OpenSSH identical block denial of service
2675| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
2676| [25116] OpenSSH OpenPAM denial of service
2677| [24305] OpenSSH SCP shell expansion command execution
2678| [22665] RHSA-2005:106 updates for openssh not installed
2679| [22117] OpenSSH GSSAPI allows elevated privileges
2680| [22115] OpenSSH GatewayPorts security bypass
2681| [20930] OpenSSH sshd.c LoginGraceTime denial of service
2682| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
2683| [17213] OpenSSH allows port bouncing attacks
2684| [16323] OpenSSH scp file overwrite
2685| [13797] OpenSSH PAM information leak
2686| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
2687| [13264] OpenSSH PAM code could allow an attacker to gain access
2688| [13215] OpenSSH buffer management errors could allow an attacker to execute code
2689| [13214] OpenSSH memory vulnerabilities
2690| [13191] OpenSSH large packet buffer overflow
2691| [12196] OpenSSH could allow an attacker to bypass login restrictions
2692| [11970] OpenSSH could allow an attacker to obtain valid administrative account
2693| [11902] OpenSSH PAM support enabled information leak
2694| [9803] OpenSSH "
2695| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
2696| [9307] OpenSSH is running on the system
2697| [9169] OpenSSH "
2698| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
2699| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
2700| [8383] OpenSSH off-by-one error in channel code
2701| [7647] OpenSSH UseLogin option arbitrary code execution
2702| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
2703| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
2704| [7179] OpenSSH source IP access control bypass
2705| [6757] OpenSSH "
2706| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
2707| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
2708| [5517] OpenSSH allows unauthorized access to resources
2709| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
2710|
2711| Exploit-DB - https://www.exploit-db.com:
2712| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
2713| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
2714| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
2715| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
2716| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
2717| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
2718| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
2719| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
2720| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
2721| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
2722| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
2723| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
2724| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
2725| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
2726|
2727| OpenVAS (Nessus) - http://www.openvas.org:
2728| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
2729| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
2730| [881183] CentOS Update for openssh CESA-2012:0884 centos6
2731| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
2732| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
2733| [870763] RedHat Update for openssh RHSA-2012:0884-04
2734| [870129] RedHat Update for openssh RHSA-2008:0855-01
2735| [861813] Fedora Update for openssh FEDORA-2010-5429
2736| [861319] Fedora Update for openssh FEDORA-2007-395
2737| [861170] Fedora Update for openssh FEDORA-2007-394
2738| [861012] Fedora Update for openssh FEDORA-2007-715
2739| [840345] Ubuntu Update for openssh vulnerability USN-597-1
2740| [840300] Ubuntu Update for openssh update USN-612-5
2741| [840271] Ubuntu Update for openssh vulnerability USN-612-2
2742| [840268] Ubuntu Update for openssh update USN-612-7
2743| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
2744| [840214] Ubuntu Update for openssh vulnerability USN-566-1
2745| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
2746| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
2747| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
2748| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
2749| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
2750| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
2751| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
2752| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
2753| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
2754| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
2755| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
2756| [100584] OpenSSH X Connections Session Hijacking Vulnerability
2757| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
2758| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
2759| [65987] SLES10: Security update for OpenSSH
2760| [65819] SLES10: Security update for OpenSSH
2761| [65514] SLES9: Security update for OpenSSH
2762| [65513] SLES9: Security update for OpenSSH
2763| [65334] SLES9: Security update for OpenSSH
2764| [65248] SLES9: Security update for OpenSSH
2765| [65218] SLES9: Security update for OpenSSH
2766| [65169] SLES9: Security update for openssh,openssh-askpass
2767| [65126] SLES9: Security update for OpenSSH
2768| [65019] SLES9: Security update for OpenSSH
2769| [65015] SLES9: Security update for OpenSSH
2770| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
2771| [61639] Debian Security Advisory DSA 1638-1 (openssh)
2772| [61030] Debian Security Advisory DSA 1576-2 (openssh)
2773| [61029] Debian Security Advisory DSA 1576-1 (openssh)
2774| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
2775| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
2776| [60667] Slackware Advisory SSA:2008-095-01 openssh
2777| [59014] Slackware Advisory SSA:2007-255-01 openssh
2778| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
2779| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
2780| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
2781| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
2782| [57492] Slackware Advisory SSA:2006-272-02 openssh
2783| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
2784| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
2785| [57470] FreeBSD Ports: openssh
2786| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
2787| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
2788| [56294] Slackware Advisory SSA:2006-045-06 openssh
2789| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
2790| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
2791| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
2792| [53788] Debian Security Advisory DSA 025-1 (openssh)
2793| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
2794| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
2795| [11343] OpenSSH Client Unauthorized Remote Forwarding
2796| [10954] OpenSSH AFS/Kerberos ticket/token passing
2797| [10883] OpenSSH Channel Code Off by 1
2798| [10823] OpenSSH UseLogin Environment Variables
2799|
2800| SecurityTracker - https://www.securitytracker.com:
2801| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
2802| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
2803| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
2804| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
2805| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
2806| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
2807| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
2808| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
2809| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
2810| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
2811| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
2812| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
2813| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
2814| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
2815| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
2816| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
2817| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
2818| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
2819| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
2820| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
2821| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
2822| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
2823| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
2824| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
2825| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
2826| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
2827| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
2828| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
2829| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
2830| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
2831| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
2832| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
2833| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
2834| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
2835| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
2836| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
2837| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
2838| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
2839|
2840| OSVDB - http://www.osvdb.org:
2841| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
2842| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
2843| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
2844| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
2845| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
2846| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
2847| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
2848| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
2849| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
2850| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
2851| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
2852| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
2853| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
2854| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
2855| [56921] OpenSSH Unspecified Remote Compromise
2856| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
2857| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
2858| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
2859| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
2860| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
2861| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
2862| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
2863| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
2864| [43745] OpenSSH X11 Forwarding Local Session Hijacking
2865| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
2866| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
2867| [37315] pam_usb OpenSSH Authentication Unspecified Issue
2868| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
2869| [34601] OPIE w/ OpenSSH Account Enumeration
2870| [34600] OpenSSH S/KEY Authentication Account Enumeration
2871| [32721] OpenSSH Username Password Complexity Account Enumeration
2872| [30232] OpenSSH Privilege Separation Monitor Weakness
2873| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
2874| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
2875| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
2876| [29152] OpenSSH Identical Block Packet DoS
2877| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
2878| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
2879| [22692] OpenSSH scp Command Line Filename Processing Command Injection
2880| [20216] OpenSSH with KerberosV Remote Authentication Bypass
2881| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
2882| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
2883| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
2884| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
2885| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
2886| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
2887| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
2888| [6601] OpenSSH *realloc() Unspecified Memory Errors
2889| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
2890| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
2891| [6072] OpenSSH PAM Conversation Function Stack Modification
2892| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
2893| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
2894| [5408] OpenSSH echo simulation Information Disclosure
2895| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
2896| [4536] OpenSSH Portable AIX linker Privilege Escalation
2897| [3938] OpenSSL and OpenSSH /dev/random Check Failure
2898| [3456] OpenSSH buffer_append_space() Heap Corruption
2899| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
2900| [2140] OpenSSH w/ PAM Username Validity Timing Attack
2901| [2112] OpenSSH Reverse DNS Lookup Bypass
2902| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
2903| [1853] OpenSSH Symbolic Link 'cookies' File Removal
2904| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
2905| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
2906| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
2907| [688] OpenSSH UseLogin Environment Variable Local Command Execution
2908| [642] OpenSSH Multiple Key Type ACL Bypass
2909| [504] OpenSSH SSHv2 Public Key Authentication Bypass
2910| [341] OpenSSH UseLogin Local Privilege Escalation
2911|_
291225/tcp closed smtp
291353/tcp closed domain
291480/tcp open http Apache httpd
2915|_http-server-header: Apache
2916| vulscan: VulDB - https://vuldb.com:
2917| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
2918| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
2919| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
2920| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
2921| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
2922| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
2923| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
2924| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
2925| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
2926| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
2927| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
2928| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
2929| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
2930| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
2931| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
2932| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
2933| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
2934| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
2935| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
2936| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
2937| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
2938| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
2939| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
2940| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
2941| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2942| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
2943| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
2944| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
2945| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
2946| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
2947| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
2948| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
2949| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2950| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
2951| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
2952| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2953| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
2954| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
2955| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
2956| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
2957| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2958| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
2959| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
2960| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
2961| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
2962| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2963| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2964| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
2965| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
2966| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2967| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
2968| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
2969| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
2970| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
2971| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
2972| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
2973| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
2974| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
2975| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
2976| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
2977| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
2978| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2979| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
2980| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
2981| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
2982| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2983| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
2984| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
2985| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
2986| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
2987| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
2988| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
2989| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
2990| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
2991| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
2992| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
2993| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
2994| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
2995| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
2996| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
2997| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
2998| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
2999| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3000| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3001| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3002| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3003| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3004| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3005| [136370] Apache Fineract up to 1.2.x sql injection
3006| [136369] Apache Fineract up to 1.2.x sql injection
3007| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3008| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3009| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3010| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3011| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3012| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3013| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3014| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3015| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3016| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3017| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3018| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3019| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3020| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3021| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3022| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3023| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3024| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3025| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3026| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3027| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3028| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3029| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3030| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3031| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3032| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3033| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3034| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3035| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3036| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3037| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3038| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3039| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3040| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3041| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3042| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3043| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3044| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3045| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3046| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3047| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3048| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3049| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3050| [130629] Apache Guacamole Cookie Flag weak encryption
3051| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3052| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3053| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3054| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3055| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3056| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3057| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3058| [130123] Apache Airflow up to 1.8.2 information disclosure
3059| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3060| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3061| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3062| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3063| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3064| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3065| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3066| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3067| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3068| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3069| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3070| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3071| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3072| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3073| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3074| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3075| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3076| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3077| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3078| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3079| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3080| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3081| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3082| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3083| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3084| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3085| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3086| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3087| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3088| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3089| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3090| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3091| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3092| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3093| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3094| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3095| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3096| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3097| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3098| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3099| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3100| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3101| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3102| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3103| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3104| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3105| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3106| [127007] Apache Spark Request Code Execution
3107| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3108| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3109| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3110| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3111| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3112| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3113| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3114| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3115| [126346] Apache Tomcat Path privilege escalation
3116| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3117| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3118| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3119| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3120| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3121| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3122| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3123| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3124| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3125| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3126| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3127| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3128| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3129| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3130| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3131| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3132| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3133| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3134| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3135| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3136| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3137| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3138| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3139| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3140| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3141| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3142| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3143| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3144| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3145| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3146| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3147| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3148| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3149| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3150| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3151| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3152| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3153| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3154| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3155| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3156| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3157| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3158| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3159| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3160| [123197] Apache Sentry up to 2.0.0 privilege escalation
3161| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3162| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3163| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3164| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3165| [122800] Apache Spark 1.3.0 REST API weak authentication
3166| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3167| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3168| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3169| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3170| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3171| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3172| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3173| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3174| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3175| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3176| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3177| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3178| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3179| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3180| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3181| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3182| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3183| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3184| [121354] Apache CouchDB HTTP API Code Execution
3185| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3186| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3187| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3188| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3189| [120168] Apache CXF weak authentication
3190| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3191| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3192| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3193| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3194| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3195| [119306] Apache MXNet Network Interface privilege escalation
3196| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3197| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3198| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3199| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3200| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3201| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3202| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3203| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3204| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3205| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3206| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3207| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3208| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3209| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3210| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3211| [117115] Apache Tika up to 1.17 tika-server command injection
3212| [116929] Apache Fineract getReportType Parameter privilege escalation
3213| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3214| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3215| [116926] Apache Fineract REST Parameter privilege escalation
3216| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3217| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3218| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3219| [115883] Apache Hive up to 2.3.2 privilege escalation
3220| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3221| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3222| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3223| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3224| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3225| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3226| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3227| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3228| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3229| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3230| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3231| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3232| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3233| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3234| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3235| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3236| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3237| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3238| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3239| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3240| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3241| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3242| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3243| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3244| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3245| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3246| [113895] Apache Geode up to 1.3.x Code Execution
3247| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3248| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3249| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3250| [113747] Apache Tomcat Servlets privilege escalation
3251| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3252| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3253| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3254| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3255| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3256| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3257| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3258| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3259| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3260| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3261| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3262| [112885] Apache Allura up to 1.8.0 File information disclosure
3263| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3264| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3265| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3266| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3267| [112625] Apache POI up to 3.16 Loop denial of service
3268| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3269| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3270| [112339] Apache NiFi 1.5.0 Header privilege escalation
3271| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3272| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3273| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3274| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3275| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3276| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3277| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3278| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3279| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3280| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3281| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3282| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3283| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3284| [112114] Oracle 9.1 Apache Log4j privilege escalation
3285| [112113] Oracle 9.1 Apache Log4j privilege escalation
3286| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3287| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3288| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3289| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3290| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3291| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3292| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3293| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3294| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3295| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3296| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3297| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3298| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3299| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3300| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3301| [110701] Apache Fineract Query Parameter sql injection
3302| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3303| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3304| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3305| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3306| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3307| [110106] Apache CXF Fediz Spring cross site request forgery
3308| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3309| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3310| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3311| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3312| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3313| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3314| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3315| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3316| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3317| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3318| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3319| [108938] Apple macOS up to 10.13.1 apache denial of service
3320| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3321| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3322| [108935] Apple macOS up to 10.13.1 apache denial of service
3323| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3324| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3325| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3326| [108931] Apple macOS up to 10.13.1 apache denial of service
3327| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3328| [108929] Apple macOS up to 10.13.1 apache denial of service
3329| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3330| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3331| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3332| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3333| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3334| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
3335| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
3336| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
3337| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
3338| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
3339| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
3340| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
3341| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
3342| [108782] Apache Xerces2 XML Service denial of service
3343| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
3344| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
3345| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
3346| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
3347| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
3348| [108629] Apache OFBiz up to 10.04.01 privilege escalation
3349| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
3350| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
3351| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
3352| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
3353| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
3354| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
3355| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
3356| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
3357| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
3358| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
3359| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
3360| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
3361| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
3362| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
3363| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3364| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
3365| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
3366| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3367| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
3368| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
3369| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
3370| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
3371| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
3372| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
3373| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
3374| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
3375| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
3376| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
3377| [107639] Apache NiFi 1.4.0 XML External Entity
3378| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
3379| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
3380| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
3381| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
3382| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
3383| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
3384| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
3385| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
3386| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
3387| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
3388| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
3389| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3390| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3391| [107197] Apache Xerces Jelly Parser XML File XML External Entity
3392| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
3393| [107084] Apache Struts up to 2.3.19 cross site scripting
3394| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
3395| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
3396| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
3397| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
3398| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
3399| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
3400| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
3401| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
3402| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
3403| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
3404| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
3405| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
3406| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3407| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3408| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
3409| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
3410| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
3411| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
3412| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
3413| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
3414| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
3415| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
3416| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
3417| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
3418| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
3419| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
3420| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
3421| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
3422| [105878] Apache Struts up to 2.3.24.0 privilege escalation
3423| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
3424| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
3425| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
3426| [105643] Apache Pony Mail up to 0.8b weak authentication
3427| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
3428| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
3429| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
3430| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
3431| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
3432| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
3433| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
3434| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
3435| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
3436| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
3437| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
3438| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
3439| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3440| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3441| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3442| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3443| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3444| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3445| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3446| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3447| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3448| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3449| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3450| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3451| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3452| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3453| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3454| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3455| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3456| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3457| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3458| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3459| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3460| [103690] Apache OpenMeetings 1.0.0 sql injection
3461| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3462| [103688] Apache OpenMeetings 1.0.0 weak encryption
3463| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3464| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3465| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3466| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3467| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3468| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3469| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3470| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3471| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3472| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3473| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3474| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3475| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3476| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3477| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3478| [103352] Apache Solr Node weak authentication
3479| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3480| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3481| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3482| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
3483| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3484| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3485| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3486| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3487| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3488| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3489| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3490| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3491| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3492| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3493| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3494| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3495| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3496| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3497| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3498| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
3499| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3500| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3501| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3502| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3503| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3504| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3505| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3506| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3507| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3508| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3509| [99937] Apache Batik up to 1.8 privilege escalation
3510| [99936] Apache FOP up to 2.1 privilege escalation
3511| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3512| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3513| [99930] Apache Traffic Server up to 6.2.0 denial of service
3514| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3515| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3516| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3517| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3518| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3519| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3520| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3521| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3522| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3523| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3524| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3525| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3526| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3527| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3528| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3529| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3530| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3531| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3532| [98605] Apple macOS up to 10.12.3 Apache denial of service
3533| [98604] Apple macOS up to 10.12.3 Apache denial of service
3534| [98603] Apple macOS up to 10.12.3 Apache denial of service
3535| [98602] Apple macOS up to 10.12.3 Apache denial of service
3536| [98601] Apple macOS up to 10.12.3 Apache denial of service
3537| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3538| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3539| [98199] Apache Camel Validation XML External Entity
3540| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3541| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3542| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3543| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3544| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3545| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3546| [97081] Apache Tomcat HTTPS Request denial of service
3547| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3548| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3549| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3550| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3551| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3552| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3553| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3554| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3555| [95311] Apache Storm UI Daemon privilege escalation
3556| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3557| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3558| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3559| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3560| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3561| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3562| [94540] Apache Tika 1.9 tika-server File information disclosure
3563| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3564| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3565| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3566| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3567| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3568| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3569| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3570| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3571| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3572| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3573| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3574| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3575| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3576| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3577| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3578| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3579| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3580| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3581| [93532] Apache Commons Collections Library Java privilege escalation
3582| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3583| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3584| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3585| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3586| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3587| [93098] Apache Commons FileUpload privilege escalation
3588| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3589| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3590| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3591| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3592| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3593| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3594| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3595| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3596| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3597| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3598| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3599| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3600| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3601| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3602| [92549] Apache Tomcat on Red Hat privilege escalation
3603| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3604| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3605| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3606| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3607| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3608| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3609| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3610| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3611| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3612| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3613| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3614| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3615| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3616| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3617| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3618| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3619| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3620| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3621| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3622| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3623| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3624| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3625| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3626| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3627| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3628| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3629| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
3630| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
3631| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
3632| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
3633| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
3634| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
3635| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
3636| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
3637| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
3638| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
3639| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
3640| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
3641| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
3642| [90263] Apache Archiva Header denial of service
3643| [90262] Apache Archiva Deserialize privilege escalation
3644| [90261] Apache Archiva XML DTD Connection privilege escalation
3645| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
3646| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3647| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
3648| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
3649| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3650| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3651| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
3652| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
3653| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
3654| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
3655| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
3656| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
3657| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
3658| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
3659| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
3660| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
3661| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
3662| [87765] Apache James Server 2.3.2 Command privilege escalation
3663| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
3664| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
3665| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
3666| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
3667| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
3668| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
3669| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
3670| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
3671| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
3672| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3673| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3674| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
3675| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
3676| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
3677| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3678| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3679| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
3680| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
3681| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
3682| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
3683| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
3684| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
3685| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
3686| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
3687| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
3688| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
3689| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
3690| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
3691| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
3692| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
3693| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
3694| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
3695| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
3696| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
3697| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
3698| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
3699| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
3700| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
3701| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
3702| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
3703| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
3704| [82076] Apache Ranger up to 0.5.1 privilege escalation
3705| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
3706| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
3707| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
3708| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
3709| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
3710| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
3711| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
3712| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
3713| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
3714| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
3715| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
3716| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
3717| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3718| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3719| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
3720| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
3721| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
3722| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
3723| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
3724| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
3725| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
3726| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
3727| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
3728| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
3729| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
3730| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
3731| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
3732| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
3733| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
3734| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
3735| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
3736| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
3737| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
3738| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
3739| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
3740| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
3741| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
3742| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
3743| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
3744| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3745| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3746| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3747| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3748| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3749| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3750| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3751| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3752| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3753| [78989] Apache Ambari up to 2.1.1 Open Redirect
3754| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3755| [78987] Apache Ambari up to 2.0.x cross site scripting
3756| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3757| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3758| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3759| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3760| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3761| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3762| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3763| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3764| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3765| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3766| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
3767| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
3768| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
3769| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
3770| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
3771| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
3772| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
3773| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
3774| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
3775| [76567] Apache Struts 2.3.20 unknown vulnerability
3776| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
3777| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
3778| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
3779| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
3780| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
3781| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
3782| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
3783| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
3784| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
3785| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
3786| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
3787| [74793] Apache Tomcat File Upload denial of service
3788| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
3789| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
3790| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
3791| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
3792| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
3793| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
3794| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
3795| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
3796| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
3797| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
3798| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
3799| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
3800| [74468] Apache Batik up to 1.6 denial of service
3801| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
3802| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
3803| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
3804| [74174] Apache WSS4J up to 2.0.0 privilege escalation
3805| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
3806| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
3807| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
3808| [73731] Apache XML Security unknown vulnerability
3809| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
3810| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
3811| [73593] Apache Traffic Server up to 5.1.0 denial of service
3812| [73511] Apache POI up to 3.10 Deadlock denial of service
3813| [73510] Apache Solr up to 4.3.0 cross site scripting
3814| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
3815| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
3816| [73173] Apache CloudStack Stack-Based unknown vulnerability
3817| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
3818| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
3819| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
3820| [72890] Apache Qpid 0.30 unknown vulnerability
3821| [72887] Apache Hive 0.13.0 File Permission privilege escalation
3822| [72878] Apache Cordova 3.5.0 cross site request forgery
3823| [72877] Apache Cordova 3.5.0 cross site request forgery
3824| [72876] Apache Cordova 3.5.0 cross site request forgery
3825| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
3826| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
3827| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
3828| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
3829| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3830| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
3831| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
3832| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
3833| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
3834| [71629] Apache Axis2/C spoofing
3835| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
3836| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
3837| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
3838| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
3839| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
3840| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
3841| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
3842| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
3843| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
3844| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
3845| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
3846| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
3847| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
3848| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
3849| [70809] Apache POI up to 3.11 Crash denial of service
3850| [70808] Apache POI up to 3.10 unknown vulnerability
3851| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
3852| [70749] Apache Axis up to 1.4 getCN spoofing
3853| [70701] Apache Traffic Server up to 3.3.5 denial of service
3854| [70700] Apache OFBiz up to 12.04.03 cross site scripting
3855| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
3856| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
3857| [70661] Apache Subversion up to 1.6.17 denial of service
3858| [70660] Apache Subversion up to 1.6.17 spoofing
3859| [70659] Apache Subversion up to 1.6.17 spoofing
3860| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
3861| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
3862| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
3863| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
3864| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
3865| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
3866| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
3867| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
3868| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
3869| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
3870| [69846] Apache HBase up to 0.94.8 information disclosure
3871| [69783] Apache CouchDB up to 1.2.0 memory corruption
3872| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
3873| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
3874| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
3875| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
3876| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3877| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3878| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3879| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3880| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3881| [69431] Apache Archiva up to 1.3.6 cross site scripting
3882| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3883| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3884| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
3885| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3886| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3887| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3888| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3889| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3890| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3891| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3892| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3893| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3894| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3895| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3896| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3897| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3898| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3899| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3900| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3901| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3902| [66356] Apache Wicket up to 6.8.0 information disclosure
3903| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3904| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3905| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3906| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3907| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3908| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3909| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3910| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3911| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3912| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3913| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3914| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3915| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3916| [65668] Apache Solr 4.0.0 Updater denial of service
3917| [65665] Apache Solr up to 4.3.0 denial of service
3918| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3919| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3920| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3921| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3922| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3923| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3924| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3925| [65410] Apache Struts 2.3.15.3 cross site scripting
3926| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3927| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3928| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3929| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3930| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3931| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3932| [65340] Apache Shindig 2.5.0 information disclosure
3933| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3934| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3935| [10826] Apache Struts 2 File privilege escalation
3936| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3937| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3938| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3939| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3940| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
3941| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3942| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3943| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3944| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3945| [64722] Apache XML Security for C++ Heap-based memory corruption
3946| [64719] Apache XML Security for C++ Heap-based memory corruption
3947| [64718] Apache XML Security for C++ verify denial of service
3948| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3949| [64716] Apache XML Security for C++ spoofing
3950| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3951| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3952| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3953| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3954| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3955| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3956| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3957| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3958| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3959| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3960| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3961| [64467] Apache Geronimo 3.0 memory corruption
3962| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3963| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3964| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3965| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3966| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3967| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3968| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3969| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3970| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3971| [8873] Apache Struts 2.3.14 privilege escalation
3972| [8872] Apache Struts 2.3.14 privilege escalation
3973| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3974| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3975| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3976| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3977| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3978| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3979| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3980| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3981| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3982| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3983| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3984| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3985| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3986| [8427] Apache Tomcat Session Transaction weak authentication
3987| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3988| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3989| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3990| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3991| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3992| [63747] Apache Rave up to 0.20 User Account information disclosure
3993| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3994| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3995| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3996| [7687] Apache CXF up to 2.7.2 Token weak authentication
3997| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3998| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3999| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4000| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4001| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4002| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4003| [63090] Apache Tomcat up to 4.1.24 denial of service
4004| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4005| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4006| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4007| [62833] Apache CXF -/2.6.0 spoofing
4008| [62832] Apache Axis2 up to 1.6.2 spoofing
4009| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4010| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4011| [62826] Apache Libcloud up to 0.11.0 spoofing
4012| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4013| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4014| [62661] Apache Axis2 unknown vulnerability
4015| [62658] Apache Axis2 unknown vulnerability
4016| [62467] Apache Qpid up to 0.17 denial of service
4017| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4018| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4019| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4020| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4021| [62035] Apache Struts up to 2.3.4 denial of service
4022| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4023| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4024| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4025| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4026| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4027| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4028| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4029| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4030| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4031| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4032| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4033| [61229] Apache Sling up to 2.1.1 denial of service
4034| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4035| [61094] Apache Roller up to 5.0 cross site scripting
4036| [61093] Apache Roller up to 5.0 cross site request forgery
4037| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4038| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4039| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4040| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4041| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4042| [60708] Apache Qpid 0.12 unknown vulnerability
4043| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4044| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4045| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4046| [4882] Apache Wicket up to 1.5.4 directory traversal
4047| [4881] Apache Wicket up to 1.4.19 cross site scripting
4048| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4049| [60352] Apache Struts up to 2.2.3 memory corruption
4050| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4051| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4052| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4053| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4054| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4055| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4056| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4057| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4058| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4059| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4060| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4061| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4062| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4063| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4064| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4065| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4066| [59888] Apache Tomcat up to 6.0.6 denial of service
4067| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4068| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4069| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4070| [59850] Apache Geronimo up to 2.2.1 denial of service
4071| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4072| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4073| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4074| [58413] Apache Tomcat up to 6.0.10 spoofing
4075| [58381] Apache Wicket up to 1.4.17 cross site scripting
4076| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4077| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4078| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4079| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4080| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4081| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4082| [57568] Apache Archiva up to 1.3.4 cross site scripting
4083| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4084| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4085| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4086| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4087| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4088| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4089| [57025] Apache Tomcat up to 7.0.11 information disclosure
4090| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4091| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4092| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4093| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4094| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4095| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4096| [56512] Apache Continuum up to 1.4.0 cross site scripting
4097| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4098| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4099| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4100| [56441] Apache Tomcat up to 7.0.6 denial of service
4101| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4102| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4103| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4104| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4105| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4106| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4107| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4108| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4109| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4110| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4111| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4112| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4113| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4114| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4115| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4116| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4117| [54012] Apache Tomcat up to 6.0.10 denial of service
4118| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4119| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4120| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4121| [52894] Apache Tomcat up to 6.0.7 information disclosure
4122| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4123| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4124| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4125| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4126| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4127| [52584] Apache CouchDB up to 0.10.1 information disclosure
4128| [51757] Apache HTTP Server 2.0.44 cross site scripting
4129| [51756] Apache HTTP Server 2.0.44 spoofing
4130| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4131| [51690] Apache Tomcat up to 6.0 directory traversal
4132| [51689] Apache Tomcat up to 6.0 information disclosure
4133| [51688] Apache Tomcat up to 6.0 directory traversal
4134| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4135| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4136| [50626] Apache Solr 1.0.0 cross site scripting
4137| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4138| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4139| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4140| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4141| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4142| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4143| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4144| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4145| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4146| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4147| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4148| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4149| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4150| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4151| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4152| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4153| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4154| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4155| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4156| [47214] Apachefriends xampp 1.6.8 spoofing
4157| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4158| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4159| [47065] Apache Tomcat 4.1.23 cross site scripting
4160| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4161| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4162| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4163| [86625] Apache Struts directory traversal
4164| [44461] Apache Tomcat up to 5.5.0 information disclosure
4165| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4166| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4167| [43663] Apache Tomcat up to 6.0.16 directory traversal
4168| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4169| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4170| [43516] Apache Tomcat up to 4.1.20 directory traversal
4171| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4172| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4173| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4174| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4175| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4176| [40924] Apache Tomcat up to 6.0.15 information disclosure
4177| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4178| [40922] Apache Tomcat up to 6.0 information disclosure
4179| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4180| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4181| [40656] Apache Tomcat 5.5.20 information disclosure
4182| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4183| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4184| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4185| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4186| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4187| [40234] Apache Tomcat up to 6.0.15 directory traversal
4188| [40221] Apache HTTP Server 2.2.6 information disclosure
4189| [40027] David Castro Apache Authcas 0.4 sql injection
4190| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
4191| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4192| [3414] Apache Tomcat WebDAV Stored privilege escalation
4193| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4194| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4195| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4196| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4197| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4198| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4199| [38524] Apache Geronimo 2.0 unknown vulnerability
4200| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4201| [38331] Apache Tomcat 4.1.24 information disclosure
4202| [38330] Apache Tomcat 4.1.24 information disclosure
4203| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4204| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4205| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4206| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4207| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4208| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4209| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4210| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4211| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4212| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4213| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4214| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4215| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4216| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4217| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4218| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4219| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4220| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4221| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4222| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4223| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4224| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4225| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4226| [34252] Apache HTTP Server denial of service
4227| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4228| [33877] Apache Opentaps 0.9.3 cross site scripting
4229| [33876] Apache Open For Business Project unknown vulnerability
4230| [33875] Apache Open For Business Project cross site scripting
4231| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
4232| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4233|
4234| MITRE CVE - https://cve.mitre.org:
4235| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4236| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4237| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4238| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4239| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4240| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4241| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4242| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4243| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4244| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4245| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4246| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4247| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4248| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4249| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4250| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4251| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4252| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4253| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4254| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4255| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4256| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4257| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4258| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4259| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4260| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4261| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4262| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4263| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4264| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4265| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4266| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4267| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4268| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4269| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4270| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4271| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4272| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4273| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4274| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4275| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4276| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4277| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4278| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4279| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4280| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4281| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4282| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4283| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4284| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4285| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4286| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4287| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4288| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4289| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4290| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4291| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4292| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4293| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4294| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4295| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4296| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4297| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4298| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4299| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4300| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4301| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4302| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4303| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4304| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4305| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4306| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4307| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4308| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4309| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4310| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4311| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4312| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4313| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4314| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4315| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4316| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4317| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4318| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4319| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4320| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4321| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4322| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4323| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4324| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4325| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4326| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4327| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4328| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4329| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4330| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4331| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4332| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4333| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4334| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
4335| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
4336| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4337| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
4338| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
4339| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
4340| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
4341| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4342| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4343| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
4344| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4345| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
4346| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4347| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
4348| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4349| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4350| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
4351| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
4352| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
4353| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
4354| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
4355| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4356| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4357| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4358| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4359| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4360| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4361| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4362| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4363| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
4364| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
4365| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4366| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4367| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4368| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
4369| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
4370| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4371| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4372| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
4373| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
4374| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
4375| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
4376| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
4377| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
4378| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
4379| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4380| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4381| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4382| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
4383| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4384| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4385| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
4386| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
4387| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
4388| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
4389| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
4390| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4391| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
4392| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
4393| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4394| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4395| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
4396| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4397| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
4398| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4399| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
4400| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4401| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
4402| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
4403| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4404| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
4405| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
4406| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4407| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
4408| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4409| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
4410| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
4411| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
4412| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4413| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
4414| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4415| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
4416| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
4417| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4418| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4419| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4420| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4421| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4422| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
4423| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
4424| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
4425| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4426| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4427| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4428| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
4429| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4430| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4431| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
4432| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4433| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4434| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
4435| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4436| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4437| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
4438| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4439| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4440| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4441| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4442| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4443| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4444| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4445| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4446| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4447| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4448| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4449| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4450| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4451| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4452| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4453| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4454| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4455| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4456| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4457| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4458| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4459| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4460| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4461| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4462| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4463| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4464| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4465| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4466| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4467| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4468| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4469| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4470| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4471| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4472| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4473| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4474| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4475| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4476| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4477| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4478| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4479| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4480| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4481| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4482| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4483| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4484| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4485| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4486| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4487| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4488| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4489| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4490| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4491| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4492| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4493| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4494| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4495| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4496| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4497| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4498| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4499| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4500| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4501| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4502| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4503| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4504| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4505| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4506| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4507| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4508| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4509| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4510| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4511| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4512| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4513| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4514| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4515| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4516| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4517| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4518| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4519| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4520| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4521| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4522| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4523| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4524| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4525| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4526| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4527| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4528| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4529| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4530| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4531| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4532| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4533| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4534| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4535| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4536| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4537| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4538| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4539| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4540| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4541| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4542| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4543| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4544| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4545| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4546| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4547| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4548| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4549| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4550| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4551| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4552| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4553| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4554| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4555| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4556| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4557| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4558| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4559| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4560| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4561| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4562| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4563| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4564| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4565| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4566| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4567| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4568| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4569| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4570| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4571| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4572| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4573| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4574| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4575| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4576| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4577| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4578| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4579| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4580| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4581| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4582| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4583| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4584| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4585| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4586| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4587| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4588| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4589| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4590| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4591| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4592| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4593| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4594| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4595| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4596| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4597| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4598| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4599| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4600| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4601| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4602| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4603| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4604| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4605| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4606| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4607| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4608| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4609| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4610| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4611| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4612| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4613| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4614| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4615| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4616| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4617| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4618| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4619| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4620| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4621| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4622| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4623| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4624| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4625| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4626| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4627| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4628| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4629| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
4630| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4631| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4632| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
4633| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
4634| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
4635| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
4636| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
4637| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
4638| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4639| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
4640| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
4641| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4642| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
4643| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
4644| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
4645| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
4646| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
4647| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4648| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
4649| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
4650| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
4651| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
4652| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4653| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4654| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
4655| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
4656| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
4657| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4658| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
4659| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
4660| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
4661| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
4662| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4663| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
4664| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
4665| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4666| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
4667| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
4668| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
4669| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
4670| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
4671| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4672| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
4673| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
4674| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
4675| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
4676| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4677| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4678| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4679| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4680| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
4681| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
4682| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
4683| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
4684| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4685| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4686| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
4687| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
4688| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4689| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4690| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4691| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
4692| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
4693| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
4694| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
4695| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4696| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4697| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
4698| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
4699| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
4700| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4701| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4702| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
4703| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
4704| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
4705| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
4706| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
4707| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4708| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
4709| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
4710| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
4711| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4712| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
4713| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
4714| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
4715| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
4716| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
4717| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
4718| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
4719| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
4720| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4721| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
4722| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4723| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4724| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
4725| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
4726| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
4727| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
4728| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4729| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4730| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
4731| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4732| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
4733| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
4734| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
4735| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
4736| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4737| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
4738| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
4739| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
4740| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
4741| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4742| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
4743| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
4744| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4745| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4746| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4747| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4748| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4749| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4750| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4751| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4752| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4753| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4754| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4755| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4756| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4757| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4758| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4759| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4760| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4761| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4762| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4763| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4764| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4765| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4766| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
4767| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
4768| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4769| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4770| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4771| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
4772| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4773| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
4774| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4775| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
4776| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4777| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
4778| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4779| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4780| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4781| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
4782| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
4783| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
4784| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
4785| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
4786| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4787| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4788| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
4789| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
4790| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
4791| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4792| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
4793| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4794| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
4795| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
4796| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4797| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4798| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4799| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4800| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
4801| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
4802| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4803| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4804| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
4805| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4806| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
4807| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
4808| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
4809| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
4810| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
4811| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4812| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
4813| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
4814| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
4815| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
4816| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
4817| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
4818| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
4819| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
4820| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
4821| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4822| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
4823| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
4824| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
4825| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
4826| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
4827| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
4828| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
4829| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
4830| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
4831| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4832| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4833| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
4834| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
4835| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4836| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
4837| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
4838| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4839| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
4840| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4841| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
4842| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
4843| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
4844|
4845| SecurityFocus - https://www.securityfocus.com/bid/:
4846| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
4847| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
4848| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
4849| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
4850| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
4851| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
4852| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
4853| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
4854| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
4855| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
4856| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
4857| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
4858| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
4859| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
4860| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
4861| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
4862| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
4863| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
4864| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
4865| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
4866| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
4867| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
4868| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4869| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4870| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4871| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4872| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4873| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4874| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4875| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4876| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4877| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4878| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4879| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4880| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4881| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4882| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4883| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4884| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4885| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4886| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4887| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4888| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4889| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4890| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4891| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4892| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4893| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4894| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4895| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4896| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4897| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4898| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4899| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4900| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4901| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4902| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4903| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4904| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4905| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4906| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4907| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4908| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4909| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4910| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4911| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4912| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4913| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4914| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4915| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4916| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4917| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4918| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4919| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4920| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4921| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4922| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4923| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4924| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4925| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4926| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4927| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4928| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4929| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4930| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4931| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4932| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4933| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4934| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4935| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4936| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4937| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4938| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4939| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4940| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4941| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4942| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4943| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4944| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4945| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4946| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4947| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4948| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4949| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4950| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4951| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4952| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4953| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4954| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4955| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4956| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4957| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4958| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4959| [100447] Apache2Triad Multiple Security Vulnerabilities
4960| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4961| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4962| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4963| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4964| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4965| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4966| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4967| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4968| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4969| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4970| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4971| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4972| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4973| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4974| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4975| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4976| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4977| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4978| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4979| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4980| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4981| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4982| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4983| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4984| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4985| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4986| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4987| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4988| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4989| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4990| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4991| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4992| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4993| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4994| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4995| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4996| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4997| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4998| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4999| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5000| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5001| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5002| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5003| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5004| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5005| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5006| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5007| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5008| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5009| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5010| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5011| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5012| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5013| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5014| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5015| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5016| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5017| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5018| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5019| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5020| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5021| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5022| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5023| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5024| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5025| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5026| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5027| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5028| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5029| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5030| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5031| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5032| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5033| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5034| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5035| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5036| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5037| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5038| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5039| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5040| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5041| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5042| [95675] Apache Struts Remote Code Execution Vulnerability
5043| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5044| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5045| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5046| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5047| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5048| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5049| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5050| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5051| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5052| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5053| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5054| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5055| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5056| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5057| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5058| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5059| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5060| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5061| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5062| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5063| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5064| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5065| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5066| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5067| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5068| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5069| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5070| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5071| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5072| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5073| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5074| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5075| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5076| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5077| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5078| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5079| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5080| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5081| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5082| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5083| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5084| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5085| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5086| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5087| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5088| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5089| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5090| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5091| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5092| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5093| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5094| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5095| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5096| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5097| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5098| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5099| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5100| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5101| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5102| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5103| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5104| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5105| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5106| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5107| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5108| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5109| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5110| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5111| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5112| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5113| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5114| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5115| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5116| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5117| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5118| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5119| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5120| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5121| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5122| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5123| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5124| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5125| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5126| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5127| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5128| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5129| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5130| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5131| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5132| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5133| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5134| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5135| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5136| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5137| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5138| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5139| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5140| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5141| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5142| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5143| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5144| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5145| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5146| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5147| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5148| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5149| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5150| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5151| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5152| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5153| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5154| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5155| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5156| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5157| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5158| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5159| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5160| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5161| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5162| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5163| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5164| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5165| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5166| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5167| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5168| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5169| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5170| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5171| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5172| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5173| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5174| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5175| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5176| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5177| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5178| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5179| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5180| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5181| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5182| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5183| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5184| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5185| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5186| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5187| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5188| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5189| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5190| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5191| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5192| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5193| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5194| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5195| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5196| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5197| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5198| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5199| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5200| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5201| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5202| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5203| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5204| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5205| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5206| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5207| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5208| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5209| [76933] Apache James Server Unspecified Command Execution Vulnerability
5210| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5211| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5212| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5213| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5214| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5215| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5216| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5217| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5218| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5219| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5220| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5221| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5222| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5223| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5224| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5225| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5226| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5227| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5228| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5229| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5230| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5231| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5232| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5233| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5234| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5235| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5236| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5237| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5238| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5239| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5240| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5241| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5242| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5243| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5244| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5245| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5246| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5247| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5248| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5249| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5250| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5251| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5252| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5253| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5254| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5255| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5256| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5257| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5258| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5259| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5260| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5261| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5262| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5263| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5264| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5265| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5266| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5267| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5268| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5269| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5270| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5271| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5272| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5273| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5274| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5275| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5276| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5277| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5278| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5279| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5280| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5281| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5282| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5283| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5284| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5285| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5286| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5287| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5288| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5289| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5290| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5291| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5292| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5293| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5294| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5295| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5296| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5297| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5298| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5299| [68229] Apache Harmony PRNG Entropy Weakness
5300| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5301| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5302| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5303| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5304| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5305| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5306| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5307| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5308| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5309| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5310| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5311| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5312| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5313| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5314| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5315| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5316| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5317| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5318| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5319| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5320| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5321| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5322| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5323| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5324| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5325| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5326| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5327| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5328| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5329| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5330| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5331| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5332| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5333| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5334| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
5335| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
5336| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
5337| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
5338| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
5339| [64780] Apache CloudStack Unauthorized Access Vulnerability
5340| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
5341| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
5342| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
5343| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
5344| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
5345| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
5346| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
5347| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
5348| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
5349| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
5350| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
5351| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5352| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
5353| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
5354| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
5355| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
5356| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
5357| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
5358| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
5359| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
5360| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
5361| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
5362| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
5363| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
5364| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
5365| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
5366| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
5367| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
5368| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5369| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
5370| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
5371| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
5372| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
5373| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5374| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
5375| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
5376| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
5377| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
5378| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
5379| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
5380| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
5381| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
5382| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
5383| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
5384| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
5385| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
5386| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
5387| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
5388| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
5389| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
5390| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
5391| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
5392| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
5393| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
5394| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5395| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
5396| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
5397| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
5398| [59670] Apache VCL Multiple Input Validation Vulnerabilities
5399| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
5400| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
5401| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
5402| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
5403| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
5404| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
5405| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
5406| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
5407| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
5408| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
5409| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
5410| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
5411| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
5412| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
5413| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5414| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
5415| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5416| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
5417| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
5418| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
5419| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
5420| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
5421| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
5422| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
5423| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
5424| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
5425| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
5426| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
5427| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
5428| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
5429| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
5430| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5431| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
5432| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
5433| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
5434| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
5435| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
5436| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
5437| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
5438| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
5439| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5440| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5441| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5442| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5443| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5444| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5445| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5446| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5447| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5448| [54798] Apache Libcloud Man In The Middle Vulnerability
5449| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5450| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5451| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5452| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5453| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5454| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5455| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5456| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5457| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5458| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5459| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5460| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5461| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5462| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5463| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5464| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5465| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5466| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5467| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5468| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5469| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5470| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5471| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5472| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5473| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5474| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5475| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5476| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5477| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5478| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5479| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5480| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5481| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5482| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5483| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5484| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5485| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5486| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5487| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5488| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5489| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5490| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5491| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5492| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5493| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5494| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5495| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5496| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5497| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5498| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5499| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5500| [49290] Apache Wicket Cross Site Scripting Vulnerability
5501| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5502| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5503| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5504| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5505| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5506| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5507| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5508| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5509| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5510| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5511| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5512| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5513| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5514| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5515| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5516| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5517| [46953] Apache MPM-ITK Module Security Weakness
5518| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5519| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5520| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5521| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5522| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5523| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5524| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5525| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5526| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5527| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5528| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5529| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5530| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5531| [44616] Apache Shiro Directory Traversal Vulnerability
5532| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5533| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5534| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5535| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5536| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5537| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5538| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5539| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5540| [42492] Apache CXF XML DTD Processing Security Vulnerability
5541| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5542| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5543| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5544| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5545| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5546| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5547| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5548| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5549| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5550| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5551| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5552| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5553| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5554| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5555| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5556| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5557| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5558| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5559| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5560| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5561| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5562| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5563| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5564| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5565| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5566| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5567| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5568| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5569| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5570| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5571| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5572| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5573| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5574| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5575| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5576| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5577| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5578| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5579| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5580| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5581| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5582| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5583| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5584| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5585| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5586| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5587| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5588| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5589| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5590| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5591| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5592| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5593| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5594| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5595| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5596| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5597| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5598| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5599| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5600| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5601| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5602| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5603| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5604| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5605| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5606| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5607| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5608| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5609| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5610| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5611| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5612| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5613| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5614| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5615| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5616| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5617| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5618| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5619| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5620| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5621| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5622| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5623| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5624| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5625| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5626| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5627| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5628| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5629| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
5630| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
5631| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
5632| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
5633| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
5634| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5635| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5636| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
5637| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
5638| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
5639| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5640| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
5641| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5642| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
5643| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5644| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
5645| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
5646| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5647| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
5648| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
5649| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
5650| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
5651| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
5652| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
5653| [20527] Apache Mod_TCL Remote Format String Vulnerability
5654| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5655| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
5656| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
5657| [19106] Apache Tomcat Information Disclosure Vulnerability
5658| [18138] Apache James SMTP Denial Of Service Vulnerability
5659| [17342] Apache Struts Multiple Remote Vulnerabilities
5660| [17095] Apache Log4Net Denial Of Service Vulnerability
5661| [16916] Apache mod_python FileSession Code Execution Vulnerability
5662| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
5663| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
5664| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
5665| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
5666| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
5667| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
5668| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
5669| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
5670| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
5671| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
5672| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
5673| [15177] PHP Apache 2 Local Denial of Service Vulnerability
5674| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
5675| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
5676| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
5677| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
5678| [14106] Apache HTTP Request Smuggling Vulnerability
5679| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
5680| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
5681| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
5682| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
5683| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
5684| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
5685| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
5686| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
5687| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
5688| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5689| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
5690| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
5691| [11471] Apache mod_include Local Buffer Overflow Vulnerability
5692| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
5693| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
5694| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5695| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
5696| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5697| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
5698| [11094] Apache mod_ssl Denial Of Service Vulnerability
5699| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
5700| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
5701| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
5702| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
5703| [10478] ClueCentral Apache Suexec Patch Security Weakness
5704| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
5705| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
5706| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
5707| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
5708| [9921] Apache Connection Blocking Denial Of Service Vulnerability
5709| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
5710| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5711| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
5712| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
5713| [9733] Apache Cygwin Directory Traversal Vulnerability
5714| [9599] Apache mod_php Global Variables Information Disclosure Weakness
5715| [9590] Apache-SSL Client Certificate Forging Vulnerability
5716| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
5717| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
5718| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
5719| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
5720| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
5721| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5722| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
5723| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5724| [8898] Red Hat Apache Directory Index Default Configuration Error
5725| [8883] Apache Cocoon Directory Traversal Vulnerability
5726| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
5727| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
5728| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
5729| [8707] Apache htpasswd Password Entropy Weakness
5730| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
5731| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
5732| [8226] Apache HTTP Server Multiple Vulnerabilities
5733| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5734| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5735| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5736| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5737| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5738| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
5739| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
5740| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
5741| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
5742| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
5743| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5744| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5745| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5746| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5747| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5748| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5749| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5750| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5751| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5752| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5753| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5754| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5755| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5756| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5757| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5758| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5759| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5760| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5761| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5762| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5763| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5764| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5765| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5766| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5767| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5768| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5769| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
5770| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
5771| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
5772| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
5773| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5774| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
5775| [5485] Apache 2.0 Path Disclosure Vulnerability
5776| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5777| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
5778| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
5779| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
5780| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
5781| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
5782| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
5783| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
5784| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
5785| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
5786| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
5787| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
5788| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
5789| [4437] Apache Error Message Cross-Site Scripting Vulnerability
5790| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
5791| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
5792| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
5793| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
5794| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
5795| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
5796| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
5797| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
5798| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
5799| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
5800| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
5801| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
5802| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5803| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5804| [3596] Apache Split-Logfile File Append Vulnerability
5805| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
5806| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
5807| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
5808| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
5809| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
5810| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
5811| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
5812| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
5813| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
5814| [3169] Apache Server Address Disclosure Vulnerability
5815| [3009] Apache Possible Directory Index Disclosure Vulnerability
5816| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
5817| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
5818| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5819| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
5820| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
5821| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
5822| [2216] Apache Web Server DoS Vulnerability
5823| [2182] Apache /tmp File Race Vulnerability
5824| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
5825| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5826| [1821] Apache mod_cookies Buffer Overflow Vulnerability
5827| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
5828| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
5829| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
5830| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
5831| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
5832| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
5833| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
5834| [1457] Apache::ASP source.asp Example Script Vulnerability
5835| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5836| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
5837|
5838| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5839| [86258] Apache CloudStack text fields cross-site scripting
5840| [85983] Apache Subversion mod_dav_svn module denial of service
5841| [85875] Apache OFBiz UEL code execution
5842| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
5843| [85871] Apache HTTP Server mod_session_dbd unspecified
5844| [85756] Apache Struts OGNL expression command execution
5845| [85755] Apache Struts DefaultActionMapper class open redirect
5846| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
5847| [85574] Apache HTTP Server mod_dav denial of service
5848| [85573] Apache Struts Showcase App OGNL code execution
5849| [85496] Apache CXF denial of service
5850| [85423] Apache Geronimo RMI classloader code execution
5851| [85326] Apache Santuario XML Security for C++ buffer overflow
5852| [85323] Apache Santuario XML Security for Java spoofing
5853| [85319] Apache Qpid Python client SSL spoofing
5854| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
5855| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
5856| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
5857| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
5858| [84952] Apache Tomcat CVE-2012-3544 denial of service
5859| [84763] Apache Struts CVE-2013-2135 security bypass
5860| [84762] Apache Struts CVE-2013-2134 security bypass
5861| [84719] Apache Subversion CVE-2013-2088 command execution
5862| [84718] Apache Subversion CVE-2013-2112 denial of service
5863| [84717] Apache Subversion CVE-2013-1968 denial of service
5864| [84577] Apache Tomcat security bypass
5865| [84576] Apache Tomcat symlink
5866| [84543] Apache Struts CVE-2013-2115 security bypass
5867| [84542] Apache Struts CVE-2013-1966 security bypass
5868| [84154] Apache Tomcat session hijacking
5869| [84144] Apache Tomcat denial of service
5870| [84143] Apache Tomcat information disclosure
5871| [84111] Apache HTTP Server command execution
5872| [84043] Apache Virtual Computing Lab cross-site scripting
5873| [84042] Apache Virtual Computing Lab cross-site scripting
5874| [83782] Apache CloudStack information disclosure
5875| [83781] Apache CloudStack security bypass
5876| [83720] Apache ActiveMQ cross-site scripting
5877| [83719] Apache ActiveMQ denial of service
5878| [83718] Apache ActiveMQ denial of service
5879| [83263] Apache Subversion denial of service
5880| [83262] Apache Subversion denial of service
5881| [83261] Apache Subversion denial of service
5882| [83259] Apache Subversion denial of service
5883| [83035] Apache mod_ruid2 security bypass
5884| [82852] Apache Qpid federation_tag security bypass
5885| [82851] Apache Qpid qpid::framing::Buffer denial of service
5886| [82758] Apache Rave User RPC API information disclosure
5887| [82663] Apache Subversion svn_fs_file_length() denial of service
5888| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5889| [82641] Apache Qpid AMQP denial of service
5890| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5891| [82618] Apache Commons FileUpload symlink
5892| [82360] Apache HTTP Server manager interface cross-site scripting
5893| [82359] Apache HTTP Server hostnames cross-site scripting
5894| [82338] Apache Tomcat log/logdir information disclosure
5895| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5896| [82268] Apache OpenJPA deserialization command execution
5897| [81981] Apache CXF UsernameTokens security bypass
5898| [81980] Apache CXF WS-Security security bypass
5899| [81398] Apache OFBiz cross-site scripting
5900| [81240] Apache CouchDB directory traversal
5901| [81226] Apache CouchDB JSONP code execution
5902| [81225] Apache CouchDB Futon user interface cross-site scripting
5903| [81211] Apache Axis2/C SSL spoofing
5904| [81167] Apache CloudStack DeployVM information disclosure
5905| [81166] Apache CloudStack AddHost API information disclosure
5906| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5907| [80518] Apache Tomcat cross-site request forgery security bypass
5908| [80517] Apache Tomcat FormAuthenticator security bypass
5909| [80516] Apache Tomcat NIO denial of service
5910| [80408] Apache Tomcat replay-countermeasure security bypass
5911| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5912| [80317] Apache Tomcat slowloris denial of service
5913| [79984] Apache Commons HttpClient SSL spoofing
5914| [79983] Apache CXF SSL spoofing
5915| [79830] Apache Axis2/Java SSL spoofing
5916| [79829] Apache Axis SSL spoofing
5917| [79809] Apache Tomcat DIGEST security bypass
5918| [79806] Apache Tomcat parseHeaders() denial of service
5919| [79540] Apache OFBiz unspecified
5920| [79487] Apache Axis2 SAML security bypass
5921| [79212] Apache Cloudstack code execution
5922| [78734] Apache CXF SOAP Action security bypass
5923| [78730] Apache Qpid broker denial of service
5924| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5925| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5926| [78562] Apache mod_pagespeed module security bypass
5927| [78454] Apache Axis2 security bypass
5928| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5929| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5930| [78321] Apache Wicket unspecified cross-site scripting
5931| [78183] Apache Struts parameters denial of service
5932| [78182] Apache Struts cross-site request forgery
5933| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5934| [77987] mod_rpaf module for Apache denial of service
5935| [77958] Apache Struts skill name code execution
5936| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5937| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5938| [77568] Apache Qpid broker security bypass
5939| [77421] Apache Libcloud spoofing
5940| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5941| [77046] Oracle Solaris Apache HTTP Server information disclosure
5942| [76837] Apache Hadoop information disclosure
5943| [76802] Apache Sling CopyFrom denial of service
5944| [76692] Apache Hadoop symlink
5945| [76535] Apache Roller console cross-site request forgery
5946| [76534] Apache Roller weblog cross-site scripting
5947| [76152] Apache CXF elements security bypass
5948| [76151] Apache CXF child policies security bypass
5949| [75983] MapServer for Windows Apache file include
5950| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5951| [75558] Apache POI denial of service
5952| [75545] PHP apache_request_headers() buffer overflow
5953| [75302] Apache Qpid SASL security bypass
5954| [75211] Debian GNU/Linux apache 2 cross-site scripting
5955| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5956| [74871] Apache OFBiz FlexibleStringExpander code execution
5957| [74870] Apache OFBiz multiple cross-site scripting
5958| [74750] Apache Hadoop unspecified spoofing
5959| [74319] Apache Struts XSLTResult.java file upload
5960| [74313] Apache Traffic Server header buffer overflow
5961| [74276] Apache Wicket directory traversal
5962| [74273] Apache Wicket unspecified cross-site scripting
5963| [74181] Apache HTTP Server mod_fcgid module denial of service
5964| [73690] Apache Struts OGNL code execution
5965| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5966| [73100] Apache MyFaces in directory traversal
5967| [73096] Apache APR hash denial of service
5968| [73052] Apache Struts name cross-site scripting
5969| [73030] Apache CXF UsernameToken security bypass
5970| [72888] Apache Struts lastName cross-site scripting
5971| [72758] Apache HTTP Server httpOnly information disclosure
5972| [72757] Apache HTTP Server MPM denial of service
5973| [72585] Apache Struts ParameterInterceptor security bypass
5974| [72438] Apache Tomcat Digest security bypass
5975| [72437] Apache Tomcat Digest security bypass
5976| [72436] Apache Tomcat DIGEST security bypass
5977| [72425] Apache Tomcat parameter denial of service
5978| [72422] Apache Tomcat request object information disclosure
5979| [72377] Apache HTTP Server scoreboard security bypass
5980| [72345] Apache HTTP Server HTTP request denial of service
5981| [72229] Apache Struts ExceptionDelegator command execution
5982| [72089] Apache Struts ParameterInterceptor directory traversal
5983| [72088] Apache Struts CookieInterceptor command execution
5984| [72047] Apache Geronimo hash denial of service
5985| [72016] Apache Tomcat hash denial of service
5986| [71711] Apache Struts OGNL expression code execution
5987| [71654] Apache Struts interfaces security bypass
5988| [71620] Apache ActiveMQ failover denial of service
5989| [71617] Apache HTTP Server mod_proxy module information disclosure
5990| [71508] Apache MyFaces EL security bypass
5991| [71445] Apache HTTP Server mod_proxy security bypass
5992| [71203] Apache Tomcat servlets privilege escalation
5993| [71181] Apache HTTP Server ap_pregsub() denial of service
5994| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5995| [70336] Apache HTTP Server mod_proxy information disclosure
5996| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5997| [69472] Apache Tomcat AJP security bypass
5998| [69396] Apache HTTP Server ByteRange filter denial of service
5999| [69394] Apache Wicket multi window support cross-site scripting
6000| [69176] Apache Tomcat XML information disclosure
6001| [69161] Apache Tomcat jsvc information disclosure
6002| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6003| [68541] Apache Tomcat sendfile information disclosure
6004| [68420] Apache XML Security denial of service
6005| [68238] Apache Tomcat JMX information disclosure
6006| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6007| [67804] Apache Subversion control rules information disclosure
6008| [67803] Apache Subversion control rules denial of service
6009| [67802] Apache Subversion baselined denial of service
6010| [67672] Apache Archiva multiple cross-site scripting
6011| [67671] Apache Archiva multiple cross-site request forgery
6012| [67564] Apache APR apr_fnmatch() denial of service
6013| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6014| [67515] Apache Tomcat annotations security bypass
6015| [67480] Apache Struts s:submit information disclosure
6016| [67414] Apache APR apr_fnmatch() denial of service
6017| [67356] Apache Struts javatemplates cross-site scripting
6018| [67354] Apache Struts Xwork cross-site scripting
6019| [66676] Apache Tomcat HTTP BIO information disclosure
6020| [66675] Apache Tomcat web.xml security bypass
6021| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6022| [66241] Apache HttpComponents information disclosure
6023| [66154] Apache Tomcat ServletSecurity security bypass
6024| [65971] Apache Tomcat ServletSecurity security bypass
6025| [65876] Apache Subversion mod_dav_svn denial of service
6026| [65343] Apache Continuum unspecified cross-site scripting
6027| [65162] Apache Tomcat NIO connector denial of service
6028| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6029| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6030| [65159] Apache Tomcat ServletContect security bypass
6031| [65050] Apache CouchDB web-based administration UI cross-site scripting
6032| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6033| [64473] Apache Subversion blame -g denial of service
6034| [64472] Apache Subversion walk() denial of service
6035| [64407] Apache Axis2 CVE-2010-0219 code execution
6036| [63926] Apache Archiva password privilege escalation
6037| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6038| [63493] Apache Archiva credentials cross-site request forgery
6039| [63477] Apache Tomcat HttpOnly session hijacking
6040| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6041| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6042| [62959] Apache Shiro filters security bypass
6043| [62790] Apache Perl cgi module denial of service
6044| [62576] Apache Qpid exchange denial of service
6045| [62575] Apache Qpid AMQP denial of service
6046| [62354] Apache Qpid SSL denial of service
6047| [62235] Apache APR-util apr_brigade_split_line() denial of service
6048| [62181] Apache XML-RPC SAX Parser information disclosure
6049| [61721] Apache Traffic Server cache poisoning
6050| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6051| [61186] Apache CouchDB Futon cross-site request forgery
6052| [61169] Apache CXF DTD denial of service
6053| [61070] Apache Jackrabbit search.jsp SQL injection
6054| [61006] Apache SLMS Quoting cross-site request forgery
6055| [60962] Apache Tomcat time cross-site scripting
6056| [60883] Apache mod_proxy_http information disclosure
6057| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6058| [60264] Apache Tomcat Transfer-Encoding denial of service
6059| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6060| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6061| [59413] Apache mod_proxy_http timeout information disclosure
6062| [59058] Apache MyFaces unencrypted view state cross-site scripting
6063| [58827] Apache Axis2 xsd file include
6064| [58790] Apache Axis2 modules cross-site scripting
6065| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6066| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6067| [58056] Apache ActiveMQ .jsp source code disclosure
6068| [58055] Apache Tomcat realm name information disclosure
6069| [58046] Apache HTTP Server mod_auth_shadow security bypass
6070| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6071| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6072| [57429] Apache CouchDB algorithms information disclosure
6073| [57398] Apache ActiveMQ Web console cross-site request forgery
6074| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6075| [56653] Apache HTTP Server DNS spoofing
6076| [56652] Apache HTTP Server DNS cross-site scripting
6077| [56625] Apache HTTP Server request header information disclosure
6078| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6079| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6080| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6081| [55857] Apache Tomcat WAR files directory traversal
6082| [55856] Apache Tomcat autoDeploy attribute security bypass
6083| [55855] Apache Tomcat WAR directory traversal
6084| [55210] Intuit component for Joomla! Apache information disclosure
6085| [54533] Apache Tomcat 404 error page cross-site scripting
6086| [54182] Apache Tomcat admin default password
6087| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6088| [53666] Apache HTTP Server Solaris pollset support denial of service
6089| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6090| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6091| [53041] mod_proxy_ftp module for Apache denial of service
6092| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6093| [51953] Apache Tomcat Path Disclosure
6094| [51952] Apache Tomcat Path Traversal
6095| [51951] Apache stronghold-status Information Disclosure
6096| [51950] Apache stronghold-info Information Disclosure
6097| [51949] Apache PHP Source Code Disclosure
6098| [51948] Apache Multiviews Attack
6099| [51946] Apache JServ Environment Status Information Disclosure
6100| [51945] Apache error_log Information Disclosure
6101| [51944] Apache Default Installation Page Pattern Found
6102| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6103| [51942] Apache AXIS XML External Entity File Retrieval
6104| [51941] Apache AXIS Sample Servlet Information Leak
6105| [51940] Apache access_log Information Disclosure
6106| [51626] Apache mod_deflate denial of service
6107| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6108| [51365] Apache Tomcat RequestDispatcher security bypass
6109| [51273] Apache HTTP Server Incomplete Request denial of service
6110| [51195] Apache Tomcat XML information disclosure
6111| [50994] Apache APR-util xml/apr_xml.c denial of service
6112| [50993] Apache APR-util apr_brigade_vprintf denial of service
6113| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6114| [50930] Apache Tomcat j_security_check information disclosure
6115| [50928] Apache Tomcat AJP denial of service
6116| [50884] Apache HTTP Server XML ENTITY denial of service
6117| [50808] Apache HTTP Server AllowOverride privilege escalation
6118| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6119| [50059] Apache mod_proxy_ajp information disclosure
6120| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6121| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6122| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6123| [49921] Apache ActiveMQ Web interface cross-site scripting
6124| [49898] Apache Geronimo Services/Repository directory traversal
6125| [49725] Apache Tomcat mod_jk module information disclosure
6126| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6127| [49712] Apache Struts unspecified cross-site scripting
6128| [49213] Apache Tomcat cal2.jsp cross-site scripting
6129| [48934] Apache Tomcat POST doRead method information disclosure
6130| [48211] Apache Tomcat header HTTP request smuggling
6131| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6132| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6133| [47709] Apache Roller "
6134| [47104] Novell Netware ApacheAdmin console security bypass
6135| [47086] Apache HTTP Server OS fingerprinting unspecified
6136| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6137| [45791] Apache Tomcat RemoteFilterValve security bypass
6138| [44435] Oracle WebLogic Apache Connector buffer overflow
6139| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6140| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6141| [44156] Apache Tomcat RequestDispatcher directory traversal
6142| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6143| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6144| [42987] Apache HTTP Server mod_proxy module denial of service
6145| [42915] Apache Tomcat JSP files path disclosure
6146| [42914] Apache Tomcat MS-DOS path disclosure
6147| [42892] Apache Tomcat unspecified unauthorized access
6148| [42816] Apache Tomcat Host Manager cross-site scripting
6149| [42303] Apache 403 error cross-site scripting
6150| [41618] Apache-SSL ExpandCert() authentication bypass
6151| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6152| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6153| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6154| [40562] Apache Geronimo init information disclosure
6155| [40478] Novell Web Manager webadmin-apache.conf security bypass
6156| [40411] Apache Tomcat exception handling information disclosure
6157| [40409] Apache Tomcat native (APR based) connector weak security
6158| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6159| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6160| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6161| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6162| [39804] Apache Tomcat SingleSignOn information disclosure
6163| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6164| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6165| [39608] Apache HTTP Server balancer manager cross-site request forgery
6166| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6167| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6168| [39472] Apache HTTP Server mod_status cross-site scripting
6169| [39201] Apache Tomcat JULI logging weak security
6170| [39158] Apache HTTP Server Windows SMB shares information disclosure
6171| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6172| [38951] Apache::AuthCAS Perl module cookie SQL injection
6173| [38800] Apache HTTP Server 413 error page cross-site scripting
6174| [38211] Apache Geronimo SQLLoginModule authentication bypass
6175| [37243] Apache Tomcat WebDAV directory traversal
6176| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6177| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6178| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6179| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6180| [36782] Apache Geronimo MEJB unauthorized access
6181| [36586] Apache HTTP Server UTF-7 cross-site scripting
6182| [36468] Apache Geronimo LoginModule security bypass
6183| [36467] Apache Tomcat functions.jsp cross-site scripting
6184| [36402] Apache Tomcat calendar cross-site request forgery
6185| [36354] Apache HTTP Server mod_proxy module denial of service
6186| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6187| [36336] Apache Derby lock table privilege escalation
6188| [36335] Apache Derby schema privilege escalation
6189| [36006] Apache Tomcat "
6190| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6191| [35999] Apache Tomcat \"
6192| [35795] Apache Tomcat CookieExample cross-site scripting
6193| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6194| [35384] Apache HTTP Server mod_cache module denial of service
6195| [35097] Apache HTTP Server mod_status module cross-site scripting
6196| [35095] Apache HTTP Server Prefork MPM module denial of service
6197| [34984] Apache HTTP Server recall_headers information disclosure
6198| [34966] Apache HTTP Server MPM content spoofing
6199| [34965] Apache HTTP Server MPM information disclosure
6200| [34963] Apache HTTP Server MPM multiple denial of service
6201| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6202| [34869] Apache Tomcat JSP example Web application cross-site scripting
6203| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6204| [34496] Apache Tomcat JK Connector security bypass
6205| [34377] Apache Tomcat hello.jsp cross-site scripting
6206| [34212] Apache Tomcat SSL configuration security bypass
6207| [34210] Apache Tomcat Accept-Language cross-site scripting
6208| [34209] Apache Tomcat calendar application cross-site scripting
6209| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6210| [34167] Apache Axis WSDL file path disclosure
6211| [34068] Apache Tomcat AJP connector information disclosure
6212| [33584] Apache HTTP Server suEXEC privilege escalation
6213| [32988] Apache Tomcat proxy module directory traversal
6214| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6215| [32708] Debian Apache tty privilege escalation
6216| [32441] ApacheStats extract() PHP call unspecified
6217| [32128] Apache Tomcat default account
6218| [31680] Apache Tomcat RequestParamExample cross-site scripting
6219| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6220| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6221| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6222| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6223| [29550] Apache mod_tcl set_var() format string
6224| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6225| [28357] Apache HTTP Server mod_alias script source information disclosure
6226| [28063] Apache mod_rewrite off-by-one buffer overflow
6227| [27902] Apache Tomcat URL information disclosure
6228| [26786] Apache James SMTP server denial of service
6229| [25680] libapache2 /tmp/svn file upload
6230| [25614] Apache Struts lookupMap cross-site scripting
6231| [25613] Apache Struts ActionForm denial of service
6232| [25612] Apache Struts isCancelled() security bypass
6233| [24965] Apache mod_python FileSession command execution
6234| [24716] Apache James spooler memory leak denial of service
6235| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6236| [24158] Apache Geronimo jsp-examples cross-site scripting
6237| [24030] Apache auth_ldap module multiple format strings
6238| [24008] Apache mod_ssl custom error message denial of service
6239| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6240| [23612] Apache mod_imap referer field cross-site scripting
6241| [23173] Apache Struts error message cross-site scripting
6242| [22942] Apache Tomcat directory listing denial of service
6243| [22858] Apache Multi-Processing Module code allows denial of service
6244| [22602] RHSA-2005:582 updates for Apache httpd not installed
6245| [22520] Apache mod-auth-shadow "
6246| [22466] ApacheTop symlink
6247| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6248| [22006] Apache HTTP Server byte-range filter denial of service
6249| [21567] Apache mod_ssl off-by-one buffer overflow
6250| [21195] Apache HTTP Server header HTTP request smuggling
6251| [20383] Apache HTTP Server htdigest buffer overflow
6252| [19681] Apache Tomcat AJP12 request denial of service
6253| [18993] Apache HTTP server check_forensic symlink attack
6254| [18790] Apache Tomcat Manager cross-site scripting
6255| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6256| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6257| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6258| [17961] Apache Web server ServerTokens has not been set
6259| [17930] Apache HTTP Server HTTP GET request denial of service
6260| [17785] Apache mod_include module buffer overflow
6261| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6262| [17473] Apache HTTP Server Satisfy directive allows access to resources
6263| [17413] Apache htpasswd buffer overflow
6264| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6265| [17382] Apache HTTP Server IPv6 apr_util denial of service
6266| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6267| [17273] Apache HTTP Server speculative mode denial of service
6268| [17200] Apache HTTP Server mod_ssl denial of service
6269| [16890] Apache HTTP Server server-info request has been detected
6270| [16889] Apache HTTP Server server-status request has been detected
6271| [16705] Apache mod_ssl format string attack
6272| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6273| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6274| [16230] Apache HTTP Server PHP denial of service
6275| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6276| [15958] Apache HTTP Server authentication modules memory corruption
6277| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6278| [15540] Apache HTTP Server socket starvation denial of service
6279| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6280| [15422] Apache HTTP Server mod_access information disclosure
6281| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6282| [15293] Apache for Cygwin "
6283| [15065] Apache-SSL has a default password
6284| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6285| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6286| [14751] Apache Mod_python output filter information disclosure
6287| [14125] Apache HTTP Server mod_userdir module information disclosure
6288| [14075] Apache HTTP Server mod_php file descriptor leak
6289| [13703] Apache HTTP Server account
6290| [13689] Apache HTTP Server configuration allows symlinks
6291| [13688] Apache HTTP Server configuration allows SSI
6292| [13687] Apache HTTP Server Server: header value
6293| [13685] Apache HTTP Server ServerTokens value
6294| [13684] Apache HTTP Server ServerSignature value
6295| [13672] Apache HTTP Server config allows directory autoindexing
6296| [13671] Apache HTTP Server default content
6297| [13670] Apache HTTP Server config file directive references outside content root
6298| [13668] Apache HTTP Server httpd not running in chroot environment
6299| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6300| [13664] Apache HTTP Server config file contains ScriptAlias entry
6301| [13663] Apache HTTP Server CGI support modules loaded
6302| [13661] Apache HTTP Server config file contains AddHandler entry
6303| [13660] Apache HTTP Server 500 error page not CGI script
6304| [13659] Apache HTTP Server 413 error page not CGI script
6305| [13658] Apache HTTP Server 403 error page not CGI script
6306| [13657] Apache HTTP Server 401 error page not CGI script
6307| [13552] Apache HTTP Server mod_cgid module information disclosure
6308| [13550] Apache GET request directory traversal
6309| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6310| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6311| [13429] Apache Tomcat non-HTTP request denial of service
6312| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6313| [13295] Apache weak password encryption
6314| [13254] Apache Tomcat .jsp cross-site scripting
6315| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6316| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6317| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6318| [12662] Apache HTTP Server rotatelogs denial of service
6319| [12554] Apache Tomcat stores password in plain text
6320| [12553] Apache HTTP Server redirects and subrequests denial of service
6321| [12552] Apache HTTP Server FTP proxy server denial of service
6322| [12551] Apache HTTP Server prefork MPM denial of service
6323| [12550] Apache HTTP Server weaker than expected encryption
6324| [12549] Apache HTTP Server type-map file denial of service
6325| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6326| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6327| [12091] Apache HTTP Server apr_password_validate denial of service
6328| [12090] Apache HTTP Server apr_psprintf code execution
6329| [11804] Apache HTTP Server mod_access_referer denial of service
6330| [11750] Apache HTTP Server could leak sensitive file descriptors
6331| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6332| [11703] Apache long slash path allows directory listing
6333| [11695] Apache HTTP Server LF (Line Feed) denial of service
6334| [11694] Apache HTTP Server filestat.c denial of service
6335| [11438] Apache HTTP Server MIME message boundaries information disclosure
6336| [11412] Apache HTTP Server error log terminal escape sequence injection
6337| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
6338| [11195] Apache Tomcat web.xml could be used to read files
6339| [11194] Apache Tomcat URL appended with a null character could list directories
6340| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
6341| [11126] Apache HTTP Server illegal character file disclosure
6342| [11125] Apache HTTP Server DOS device name HTTP POST code execution
6343| [11124] Apache HTTP Server DOS device name denial of service
6344| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
6345| [10938] Apache HTTP Server printenv test CGI cross-site scripting
6346| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
6347| [10575] Apache mod_php module could allow an attacker to take over the httpd process
6348| [10499] Apache HTTP Server WebDAV HTTP POST view source
6349| [10457] Apache HTTP Server mod_ssl "
6350| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
6351| [10414] Apache HTTP Server htdigest multiple buffer overflows
6352| [10413] Apache HTTP Server htdigest temporary file race condition
6353| [10412] Apache HTTP Server htpasswd temporary file race condition
6354| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
6355| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
6356| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
6357| [10280] Apache HTTP Server shared memory scorecard overwrite
6358| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
6359| [10241] Apache HTTP Server Host: header cross-site scripting
6360| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
6361| [10208] Apache HTTP Server mod_dav denial of service
6362| [10206] HP VVOS Apache mod_ssl denial of service
6363| [10200] Apache HTTP Server stderr denial of service
6364| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
6365| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
6366| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
6367| [10098] Slapper worm targets OpenSSL/Apache systems
6368| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
6369| [9875] Apache HTTP Server .var file request could disclose installation path
6370| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
6371| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
6372| [9623] Apache HTTP Server ap_log_rerror() path disclosure
6373| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
6374| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
6375| [9396] Apache Tomcat null character to threads denial of service
6376| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
6377| [9249] Apache HTTP Server chunked encoding heap buffer overflow
6378| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
6379| [8932] Apache Tomcat example class information disclosure
6380| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
6381| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
6382| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
6383| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
6384| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
6385| [8400] Apache HTTP Server mod_frontpage buffer overflows
6386| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
6387| [8308] Apache "
6388| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
6389| [8119] Apache and PHP OPTIONS request reveals "
6390| [8054] Apache is running on the system
6391| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
6392| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
6393| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
6394| [7836] Apache HTTP Server log directory denial of service
6395| [7815] Apache for Windows "
6396| [7810] Apache HTTP request could result in unexpected behavior
6397| [7599] Apache Tomcat reveals installation path
6398| [7494] Apache "
6399| [7419] Apache Web Server could allow remote attackers to overwrite .log files
6400| [7363] Apache Web Server hidden HTTP requests
6401| [7249] Apache mod_proxy denial of service
6402| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
6403| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
6404| [7059] Apache "
6405| [7057] Apache "
6406| [7056] Apache "
6407| [7055] Apache "
6408| [7054] Apache "
6409| [6997] Apache Jakarta Tomcat error message may reveal information
6410| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
6411| [6970] Apache crafted HTTP request could reveal the internal IP address
6412| [6921] Apache long slash path allows directory listing
6413| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
6414| [6527] Apache Web Server for Windows and OS2 denial of service
6415| [6316] Apache Jakarta Tomcat may reveal JSP source code
6416| [6305] Apache Jakarta Tomcat directory traversal
6417| [5926] Linux Apache symbolic link
6418| [5659] Apache Web server discloses files when used with php script
6419| [5310] Apache mod_rewrite allows attacker to view arbitrary files
6420| [5204] Apache WebDAV directory listings
6421| [5197] Apache Web server reveals CGI script source code
6422| [5160] Apache Jakarta Tomcat default installation
6423| [5099] Trustix Secure Linux installs Apache with world writable access
6424| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
6425| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
6426| [4931] Apache source.asp example file allows users to write to files
6427| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
6428| [4205] Apache Jakarta Tomcat delivers file contents
6429| [2084] Apache on Debian by default serves the /usr/doc directory
6430| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
6431| [697] Apache HTTP server beck exploit
6432| [331] Apache cookies buffer overflow
6433|
6434| Exploit-DB - https://www.exploit-db.com:
6435| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
6436| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6437| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6438| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
6439| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6440| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6441| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6442| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6443| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6444| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6445| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6446| [29859] Apache Roller OGNL Injection
6447| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6448| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6449| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6450| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6451| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6452| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6453| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6454| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6455| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6456| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6457| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6458| [27096] Apache Geronimo 1.0 Error Page XSS
6459| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6460| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6461| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6462| [25986] Plesk Apache Zeroday Remote Exploit
6463| [25980] Apache Struts includeParams Remote Code Execution
6464| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6465| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6466| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6467| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6468| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6469| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6470| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6471| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6472| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6473| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6474| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6475| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6476| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6477| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6478| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6479| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6480| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6481| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6482| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6483| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6484| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6485| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6486| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6487| [21719] Apache 2.0 Path Disclosure Vulnerability
6488| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6489| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6490| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6491| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6492| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6493| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6494| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6495| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6496| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6497| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6498| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6499| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6500| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6501| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6502| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6503| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6504| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6505| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6506| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6507| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6508| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6509| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6510| [20558] Apache 1.2 Web Server DoS Vulnerability
6511| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6512| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6513| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6514| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6515| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6516| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6517| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6518| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6519| [19231] PHP apache_request_headers Function Buffer Overflow
6520| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6521| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6522| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6523| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6524| [18442] Apache httpOnly Cookie Disclosure
6525| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6526| [18221] Apache HTTP Server Denial of Service
6527| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6528| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6529| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6530| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6531| [16782] Apache Win32 Chunked Encoding
6532| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6533| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6534| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6535| [15319] Apache 2.2 (Windows) Local Denial of Service
6536| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6537| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6538| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6539| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6540| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6541| [12330] Apache OFBiz - Multiple XSS
6542| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6543| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6544| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6545| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6546| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6547| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6548| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6549| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6550| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6551| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6552| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6553| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6554| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6555| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6556| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6557| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6558| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6559| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6560| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6561| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6562| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6563| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6564| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6565| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6566| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6567| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6568| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6569| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6570| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6571| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6572| [466] htpasswd Apache 1.3.31 - Local Exploit
6573| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6574| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6575| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6576| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6577| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6578| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6579| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6580| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6581| [9] Apache HTTP Server 2.x Memory Leak Exploit
6582|
6583| OpenVAS (Nessus) - http://www.openvas.org:
6584| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6585| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6586| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6587| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6588| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6589| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6590| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6591| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6592| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6593| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6594| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6595| [900571] Apache APR-Utils Version Detection
6596| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6597| [900496] Apache Tiles Multiple XSS Vulnerability
6598| [900493] Apache Tiles Version Detection
6599| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6600| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6601| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6602| [870175] RedHat Update for apache RHSA-2008:0004-01
6603| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6604| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6605| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6606| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6607| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6608| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6609| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6610| [855821] Solaris Update for Apache 1.3 122912-19
6611| [855812] Solaris Update for Apache 1.3 122911-19
6612| [855737] Solaris Update for Apache 1.3 122911-17
6613| [855731] Solaris Update for Apache 1.3 122912-17
6614| [855695] Solaris Update for Apache 1.3 122911-16
6615| [855645] Solaris Update for Apache 1.3 122912-16
6616| [855587] Solaris Update for kernel update and Apache 108529-29
6617| [855566] Solaris Update for Apache 116973-07
6618| [855531] Solaris Update for Apache 116974-07
6619| [855524] Solaris Update for Apache 2 120544-14
6620| [855494] Solaris Update for Apache 1.3 122911-15
6621| [855478] Solaris Update for Apache Security 114145-11
6622| [855472] Solaris Update for Apache Security 113146-12
6623| [855179] Solaris Update for Apache 1.3 122912-15
6624| [855147] Solaris Update for kernel update and Apache 108528-29
6625| [855077] Solaris Update for Apache 2 120543-14
6626| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6627| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6628| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6629| [841209] Ubuntu Update for apache2 USN-1627-1
6630| [840900] Ubuntu Update for apache2 USN-1368-1
6631| [840798] Ubuntu Update for apache2 USN-1259-1
6632| [840734] Ubuntu Update for apache2 USN-1199-1
6633| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
6634| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
6635| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
6636| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
6637| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
6638| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
6639| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
6640| [835253] HP-UX Update for Apache Web Server HPSBUX02645
6641| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
6642| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
6643| [835236] HP-UX Update for Apache with PHP HPSBUX02543
6644| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
6645| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
6646| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
6647| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
6648| [835188] HP-UX Update for Apache HPSBUX02308
6649| [835181] HP-UX Update for Apache With PHP HPSBUX02332
6650| [835180] HP-UX Update for Apache with PHP HPSBUX02342
6651| [835172] HP-UX Update for Apache HPSBUX02365
6652| [835168] HP-UX Update for Apache HPSBUX02313
6653| [835148] HP-UX Update for Apache HPSBUX01064
6654| [835139] HP-UX Update for Apache with PHP HPSBUX01090
6655| [835131] HP-UX Update for Apache HPSBUX00256
6656| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
6657| [835104] HP-UX Update for Apache HPSBUX00224
6658| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
6659| [835101] HP-UX Update for Apache HPSBUX01232
6660| [835080] HP-UX Update for Apache HPSBUX02273
6661| [835078] HP-UX Update for ApacheStrong HPSBUX00255
6662| [835044] HP-UX Update for Apache HPSBUX01019
6663| [835040] HP-UX Update for Apache PHP HPSBUX00207
6664| [835025] HP-UX Update for Apache HPSBUX00197
6665| [835023] HP-UX Update for Apache HPSBUX01022
6666| [835022] HP-UX Update for Apache HPSBUX02292
6667| [835005] HP-UX Update for Apache HPSBUX02262
6668| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
6669| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
6670| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
6671| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
6672| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
6673| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
6674| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
6675| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
6676| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
6677| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
6678| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
6679| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
6680| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
6681| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
6682| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
6683| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
6684| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
6685| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
6686| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
6687| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
6688| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
6689| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
6690| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
6691| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
6692| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
6693| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
6694| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
6695| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
6696| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
6697| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
6698| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6699| [801942] Apache Archiva Multiple Vulnerabilities
6700| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
6701| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
6702| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
6703| [801284] Apache Derby Information Disclosure Vulnerability
6704| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
6705| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
6706| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
6707| [800680] Apache APR Version Detection
6708| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6709| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6710| [800677] Apache Roller Version Detection
6711| [800279] Apache mod_jk Module Version Detection
6712| [800278] Apache Struts Cross Site Scripting Vulnerability
6713| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
6714| [800276] Apache Struts Version Detection
6715| [800271] Apache Struts Directory Traversal Vulnerability
6716| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
6717| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6718| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6719| [103122] Apache Web Server ETag Header Information Disclosure Weakness
6720| [103074] Apache Continuum Cross Site Scripting Vulnerability
6721| [103073] Apache Continuum Detection
6722| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6723| [101023] Apache Open For Business Weak Password security check
6724| [101020] Apache Open For Business HTML injection vulnerability
6725| [101019] Apache Open For Business service detection
6726| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
6727| [100923] Apache Archiva Detection
6728| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6729| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6730| [100813] Apache Axis2 Detection
6731| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6732| [100795] Apache Derby Detection
6733| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
6734| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6735| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6736| [100514] Apache Multiple Security Vulnerabilities
6737| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6738| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6739| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6740| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6741| [72626] Debian Security Advisory DSA 2579-1 (apache2)
6742| [72612] FreeBSD Ports: apache22
6743| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
6744| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6745| [71512] FreeBSD Ports: apache
6746| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6747| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6748| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6749| [70737] FreeBSD Ports: apache
6750| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6751| [70600] FreeBSD Ports: apache
6752| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6753| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6754| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6755| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6756| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6757| [67868] FreeBSD Ports: apache
6758| [66816] FreeBSD Ports: apache
6759| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6760| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6761| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6762| [66081] SLES11: Security update for Apache 2
6763| [66074] SLES10: Security update for Apache 2
6764| [66070] SLES9: Security update for Apache 2
6765| [65998] SLES10: Security update for apache2-mod_python
6766| [65893] SLES10: Security update for Apache 2
6767| [65888] SLES10: Security update for Apache 2
6768| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
6769| [65510] SLES9: Security update for Apache 2
6770| [65472] SLES9: Security update for Apache
6771| [65467] SLES9: Security update for Apache
6772| [65450] SLES9: Security update for apache2
6773| [65390] SLES9: Security update for Apache2
6774| [65363] SLES9: Security update for Apache2
6775| [65309] SLES9: Security update for Apache and mod_ssl
6776| [65296] SLES9: Security update for webdav apache module
6777| [65283] SLES9: Security update for Apache2
6778| [65249] SLES9: Security update for Apache 2
6779| [65230] SLES9: Security update for Apache 2
6780| [65228] SLES9: Security update for Apache 2
6781| [65212] SLES9: Security update for apache2-mod_python
6782| [65209] SLES9: Security update for apache2-worker
6783| [65207] SLES9: Security update for Apache 2
6784| [65168] SLES9: Security update for apache2-mod_python
6785| [65142] SLES9: Security update for Apache2
6786| [65136] SLES9: Security update for Apache 2
6787| [65132] SLES9: Security update for apache
6788| [65131] SLES9: Security update for Apache 2 oes/CORE
6789| [65113] SLES9: Security update for apache2
6790| [65072] SLES9: Security update for apache and mod_ssl
6791| [65017] SLES9: Security update for Apache 2
6792| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
6793| [64783] FreeBSD Ports: apache
6794| [64774] Ubuntu USN-802-2 (apache2)
6795| [64653] Ubuntu USN-813-2 (apache2)
6796| [64559] Debian Security Advisory DSA 1834-2 (apache2)
6797| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
6798| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
6799| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
6800| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
6801| [64443] Ubuntu USN-802-1 (apache2)
6802| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
6803| [64423] Debian Security Advisory DSA 1834-1 (apache2)
6804| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
6805| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
6806| [64251] Debian Security Advisory DSA 1816-1 (apache2)
6807| [64201] Ubuntu USN-787-1 (apache2)
6808| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
6809| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
6810| [63565] FreeBSD Ports: apache
6811| [63562] Ubuntu USN-731-1 (apache2)
6812| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
6813| [61185] FreeBSD Ports: apache
6814| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
6815| [60387] Slackware Advisory SSA:2008-045-02 apache
6816| [58826] FreeBSD Ports: apache-tomcat
6817| [58825] FreeBSD Ports: apache-tomcat
6818| [58804] FreeBSD Ports: apache
6819| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
6820| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
6821| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
6822| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
6823| [57335] Debian Security Advisory DSA 1167-1 (apache)
6824| [57201] Debian Security Advisory DSA 1131-1 (apache)
6825| [57200] Debian Security Advisory DSA 1132-1 (apache2)
6826| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
6827| [57145] FreeBSD Ports: apache
6828| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
6829| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
6830| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
6831| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
6832| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
6833| [56067] FreeBSD Ports: apache
6834| [55803] Slackware Advisory SSA:2005-310-04 apache
6835| [55519] Debian Security Advisory DSA 839-1 (apachetop)
6836| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
6837| [55355] FreeBSD Ports: apache
6838| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
6839| [55261] Debian Security Advisory DSA 805-1 (apache2)
6840| [55259] Debian Security Advisory DSA 803-1 (apache)
6841| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
6842| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
6843| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
6844| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
6845| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
6846| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
6847| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
6848| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
6849| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
6850| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
6851| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
6852| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
6853| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
6854| [54439] FreeBSD Ports: apache
6855| [53931] Slackware Advisory SSA:2004-133-01 apache
6856| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
6857| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
6858| [53878] Slackware Advisory SSA:2003-308-01 apache security update
6859| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
6860| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
6861| [53848] Debian Security Advisory DSA 131-1 (apache)
6862| [53784] Debian Security Advisory DSA 021-1 (apache)
6863| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
6864| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
6865| [53735] Debian Security Advisory DSA 187-1 (apache)
6866| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
6867| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
6868| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
6869| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6870| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6871| [53282] Debian Security Advisory DSA 594-1 (apache)
6872| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6873| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6874| [53215] Debian Security Advisory DSA 525-1 (apache)
6875| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6876| [52529] FreeBSD Ports: apache+ssl
6877| [52501] FreeBSD Ports: apache
6878| [52461] FreeBSD Ports: apache
6879| [52390] FreeBSD Ports: apache
6880| [52389] FreeBSD Ports: apache
6881| [52388] FreeBSD Ports: apache
6882| [52383] FreeBSD Ports: apache
6883| [52339] FreeBSD Ports: apache+mod_ssl
6884| [52331] FreeBSD Ports: apache
6885| [52329] FreeBSD Ports: ru-apache+mod_ssl
6886| [52314] FreeBSD Ports: apache
6887| [52310] FreeBSD Ports: apache
6888| [15588] Detect Apache HTTPS
6889| [15555] Apache mod_proxy content-length buffer overflow
6890| [15554] Apache mod_include priviledge escalation
6891| [14771] Apache <= 1.3.33 htpasswd local overflow
6892| [14177] Apache mod_access rule bypass
6893| [13644] Apache mod_rootme Backdoor
6894| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6895| [12280] Apache Connection Blocking Denial of Service
6896| [12239] Apache Error Log Escape Sequence Injection
6897| [12123] Apache Tomcat source.jsp malformed request information disclosure
6898| [12085] Apache Tomcat servlet/JSP container default files
6899| [11438] Apache Tomcat Directory Listing and File disclosure
6900| [11204] Apache Tomcat Default Accounts
6901| [11092] Apache 2.0.39 Win32 directory traversal
6902| [11046] Apache Tomcat TroubleShooter Servlet Installed
6903| [11042] Apache Tomcat DOS Device Name XSS
6904| [11041] Apache Tomcat /servlet Cross Site Scripting
6905| [10938] Apache Remote Command Execution via .bat files
6906| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6907| [10773] MacOS X Finder reveals contents of Apache Web files
6908| [10766] Apache UserDir Sensitive Information Disclosure
6909| [10756] MacOS X Finder reveals contents of Apache Web directories
6910| [10752] Apache Auth Module SQL Insertion Attack
6911| [10704] Apache Directory Listing
6912| [10678] Apache /server-info accessible
6913| [10677] Apache /server-status accessible
6914| [10440] Check for Apache Multiple / vulnerability
6915|
6916| SecurityTracker - https://www.securitytracker.com:
6917| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6918| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6919| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6920| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6921| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6922| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6923| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6924| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6925| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6926| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6927| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6928| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6929| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6930| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6931| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6932| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6933| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6934| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6935| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6936| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6937| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6938| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6939| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6940| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6941| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6942| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6943| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6944| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6945| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6946| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6947| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6948| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6949| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6950| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6951| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6952| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6953| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6954| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6955| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6956| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6957| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6958| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6959| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6960| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6961| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6962| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6963| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6964| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6965| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6966| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6967| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6968| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6969| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6970| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6971| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6972| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6973| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6974| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6975| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6976| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6977| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6978| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6979| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6980| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6981| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6982| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6983| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6984| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6985| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6986| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6987| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6988| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6989| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6990| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6991| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6992| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6993| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6994| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6995| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6996| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6997| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6998| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6999| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7000| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7001| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7002| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7003| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7004| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7005| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7006| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7007| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7008| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7009| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7010| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7011| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7012| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7013| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7014| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7015| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7016| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7017| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7018| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7019| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7020| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7021| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7022| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7023| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7024| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7025| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7026| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7027| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7028| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7029| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7030| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7031| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7032| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7033| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7034| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7035| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7036| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7037| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7038| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7039| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7040| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7041| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7042| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7043| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7044| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7045| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7046| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7047| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7048| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7049| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7050| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7051| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7052| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7053| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7054| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7055| [1008920] Apache mod_digest May Validate Replayed Client Responses
7056| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7057| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7058| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7059| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7060| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7061| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7062| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7063| [1008029] Apache mod_alias Contains a Buffer Overflow
7064| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7065| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7066| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7067| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7068| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7069| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7070| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7071| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7072| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7073| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7074| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7075| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7076| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7077| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7078| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7079| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7080| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7081| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7082| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7083| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7084| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7085| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7086| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7087| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7088| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7089| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7090| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7091| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7092| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7093| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7094| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7095| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7096| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7097| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7098| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7099| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7100| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7101| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7102| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7103| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7104| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7105| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7106| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7107| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7108| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7109| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7110| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7111| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7112| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7113| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7114| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7115| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7116| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7117| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7118| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7119| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7120|
7121| OSVDB - http://www.osvdb.org:
7122| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7123| [96077] Apache CloudStack Global Settings Multiple Field XSS
7124| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7125| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7126| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7127| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7128| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7129| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7130| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7131| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7132| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7133| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7134| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7135| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7136| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7137| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7138| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7139| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7140| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7141| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7142| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7143| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7144| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7145| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7146| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7147| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7148| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7149| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7150| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7151| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7152| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7153| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7154| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7155| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7156| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7157| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7158| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7159| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7160| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7161| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7162| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7163| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7164| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7165| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7166| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7167| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7168| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7169| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7170| [94279] Apache Qpid CA Certificate Validation Bypass
7171| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7172| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7173| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7174| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7175| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7176| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7177| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7178| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7179| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7180| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7181| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7182| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7183| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7184| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7185| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7186| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7187| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7188| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7189| [93541] Apache Solr json.wrf Callback XSS
7190| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7191| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7192| [93520] Apache CloudStack Default SSL Key Weakness
7193| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7194| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7195| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7196| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7197| [93515] Apache HBase table.jsp name Parameter XSS
7198| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7199| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7200| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7201| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7202| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7203| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7204| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7205| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7206| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7207| [93252] Apache Tomcat FORM Authenticator Session Fixation
7208| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7209| [93171] Apache Sling HtmlResponse Error Message XSS
7210| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7211| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7212| [93168] Apache Click ErrorReport.java id Parameter XSS
7213| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7214| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7215| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7216| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7217| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7218| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7219| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7220| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7221| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7222| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7223| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7224| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7225| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7226| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7227| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7228| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7229| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7230| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7231| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7232| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7233| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7234| [93144] Apache Solr Admin Command Execution CSRF
7235| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7236| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7237| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7238| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7239| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7240| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7241| [92748] Apache CloudStack VM Console Access Restriction Bypass
7242| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7243| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7244| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7245| [92706] Apache ActiveMQ Debug Log Rendering XSS
7246| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7247| [92270] Apache Tomcat Unspecified CSRF
7248| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7249| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7250| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7251| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7252| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7253| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7254| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7255| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7256| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7257| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7258| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7259| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7260| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7261| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7262| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7263| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7264| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7265| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7266| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7267| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7268| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7269| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7270| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7271| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7272| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7273| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7274| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7275| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7276| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7277| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7278| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7279| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7280| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7281| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7282| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7283| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7284| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7285| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7286| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7287| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7288| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7289| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7290| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7291| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7292| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7293| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7294| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7295| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7296| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7297| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7298| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7299| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7300| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7301| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7302| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7303| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7304| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7305| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7306| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7307| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7308| [86901] Apache Tomcat Error Message Path Disclosure
7309| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7310| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7311| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7312| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7313| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7314| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7315| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7316| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7317| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7318| [85430] Apache mod_pagespeed Module Unspecified XSS
7319| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7320| [85249] Apache Wicket Unspecified XSS
7321| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7322| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7323| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7324| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7325| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7326| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7327| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7328| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7329| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7330| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7331| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7332| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7333| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7334| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
7335| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
7336| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7337| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
7338| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
7339| [83339] Apache Roller Blogger Roll Unspecified XSS
7340| [83270] Apache Roller Unspecified Admin Action CSRF
7341| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
7342| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
7343| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
7344| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7345| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
7346| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
7347| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
7348| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
7349| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
7350| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
7351| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7352| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
7353| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
7354| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
7355| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7356| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
7357| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
7358| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7359| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
7360| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7361| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7362| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
7363| [80300] Apache Wicket wicket:pageMapName Parameter XSS
7364| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
7365| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
7366| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
7367| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
7368| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
7369| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
7370| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
7371| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
7372| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
7373| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
7374| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
7375| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
7376| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
7377| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7378| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7379| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7380| [78331] Apache Tomcat Request Object Recycling Information Disclosure
7381| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7382| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
7383| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
7384| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
7385| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
7386| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
7387| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
7388| [77593] Apache Struts Conversion Error OGNL Expression Injection
7389| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
7390| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7391| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7392| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7393| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7394| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7395| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
7396| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7397| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
7398| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7399| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
7400| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7401| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7402| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7403| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
7404| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
7405| [74725] Apache Wicket Multi Window Support Unspecified XSS
7406| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7407| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
7408| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
7409| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
7410| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7411| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7412| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
7413| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
7414| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
7415| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
7416| [73644] Apache XML Security Signature Key Parsing Overflow DoS
7417| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
7418| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
7419| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
7420| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7421| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7422| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7423| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7424| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7425| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7426| [73154] Apache Archiva Multiple Unspecified CSRF
7427| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
7428| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
7429| [72238] Apache Struts Action / Method Names <
7430| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
7431| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
7432| [71557] Apache Tomcat HTML Manager Multiple XSS
7433| [71075] Apache Archiva User Management Page XSS
7434| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
7435| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
7436| [70924] Apache Continuum Multiple Admin Function CSRF
7437| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
7438| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
7439| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7440| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7441| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7442| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7443| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7444| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7445| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7446| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7447| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7448| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7449| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7450| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7451| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7452| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7453| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7454| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7455| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7456| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7457| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7458| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7459| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7460| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7461| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7462| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7463| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7464| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7465| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7466| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7467| [65054] Apache ActiveMQ Jetty Error Handler XSS
7468| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7469| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7470| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7471| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7472| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7473| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7474| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7475| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7476| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7477| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7478| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7479| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7480| [63895] Apache HTTP Server mod_headers Unspecified Issue
7481| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7482| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7483| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7484| [63140] Apache Thrift Service Malformed Data Remote DoS
7485| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7486| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7487| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7488| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7489| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7490| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7491| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7492| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7493| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7494| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7495| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7496| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7497| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7498| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7499| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7500| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7501| [60678] Apache Roller Comment Email Notification Manipulation DoS
7502| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7503| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7504| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7505| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7506| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7507| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7508| [60232] PHP on Apache php.exe Direct Request Remote DoS
7509| [60176] Apache Tomcat Windows Installer Admin Default Password
7510| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7511| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7512| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7513| [59944] Apache Hadoop jobhistory.jsp XSS
7514| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7515| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7516| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7517| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7518| [59019] Apache mod_python Cookie Salting Weakness
7519| [59018] Apache Harmony Error Message Handling Overflow
7520| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7521| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7522| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7523| [59010] Apache Solr get-file.jsp XSS
7524| [59009] Apache Solr action.jsp XSS
7525| [59008] Apache Solr analysis.jsp XSS
7526| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7527| [59006] Apache Beehive select / checkbox Tag XSS
7528| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7529| [59004] Apache Beehive Error Message XSS
7530| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7531| [59002] Apache Jetspeed default-page.psml URI XSS
7532| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7533| [59000] Apache CXF Unsigned Message Policy Bypass
7534| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7535| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7536| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7537| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7538| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7539| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7540| [58993] Apache Hadoop browseBlock.jsp XSS
7541| [58991] Apache Hadoop browseDirectory.jsp XSS
7542| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7543| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7544| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7545| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7546| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7547| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7548| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7549| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7550| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7551| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7552| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7553| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7554| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7555| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7556| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7557| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7558| [58974] Apache Sling /apps Script User Session Management Access Weakness
7559| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7560| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7561| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7562| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7563| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7564| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7565| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7566| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7567| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7568| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7569| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7570| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7571| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7572| [58805] Apache Derby Unauthenticated Database / Admin Access
7573| [58804] Apache Wicket Header Contribution Unspecified Issue
7574| [58803] Apache Wicket Session Fixation
7575| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7576| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7577| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7578| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7579| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7580| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7581| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7582| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7583| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7584| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7585| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7586| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7587| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7588| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7589| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7590| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7591| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7592| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7593| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7594| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7595| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7596| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7597| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7598| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7599| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7600| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7601| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7602| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7603| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7604| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7605| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7606| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7607| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7608| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7609| [58755] Apache Harmony DRLVM Non-public Class Member Access
7610| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7611| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7612| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7613| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7614| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7615| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7616| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7617| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7618| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7619| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7620| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7621| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7622| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7623| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7624| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7625| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7626| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7627| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7628| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7629| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
7630| [58725] Apache Tapestry Basic String ACL Bypass Weakness
7631| [58724] Apache Roller Logout Functionality Failure Session Persistence
7632| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
7633| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
7634| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
7635| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
7636| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
7637| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
7638| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
7639| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
7640| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
7641| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
7642| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7643| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7644| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
7645| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7646| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
7647| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
7648| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
7649| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
7650| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
7651| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
7652| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
7653| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
7654| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
7655| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
7656| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
7657| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
7658| [58687] Apache Axis Invalid wsdl Request XSS
7659| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
7660| [58685] Apache Velocity Template Designer Privileged Code Execution
7661| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
7662| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
7663| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
7664| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
7665| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
7666| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
7667| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
7668| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
7669| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
7670| [58667] Apache Roller Database Cleartext Passwords Disclosure
7671| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
7672| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
7673| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
7674| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
7675| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
7676| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
7677| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
7678| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
7679| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7680| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7681| [56984] Apache Xerces2 Java Malformed XML Input DoS
7682| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
7683| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
7684| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
7685| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
7686| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7687| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
7688| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
7689| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7690| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7691| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7692| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7693| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
7694| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
7695| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
7696| [55056] Apache Tomcat Cross-application TLD File Manipulation
7697| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
7698| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
7699| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
7700| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7701| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
7702| [54589] Apache Jserv Nonexistent JSP Request XSS
7703| [54122] Apache Struts s:a / s:url Tag href Element XSS
7704| [54093] Apache ActiveMQ Web Console JMS Message XSS
7705| [53932] Apache Geronimo Multiple Admin Function CSRF
7706| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7707| [53930] Apache Geronimo /console/portal/ URI XSS
7708| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
7709| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
7710| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
7711| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7712| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7713| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
7714| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
7715| [53380] Apache Struts Unspecified XSS
7716| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
7717| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7718| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
7719| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
7720| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7721| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7722| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7723| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
7724| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
7725| [51151] Apache Roller Search Function q Parameter XSS
7726| [50482] PHP with Apache php_value Order Unspecified Issue
7727| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
7728| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
7729| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
7730| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7731| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
7732| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
7733| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
7734| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7735| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
7736| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
7737| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
7738| [47096] Oracle Weblogic Apache Connector POST Request Overflow
7739| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
7740| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
7741| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7742| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
7743| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
7744| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7745| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7746| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7747| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7748| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7749| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7750| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7751| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7752| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7753| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7754| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7755| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7756| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7757| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7758| [43452] Apache Tomcat HTTP Request Smuggling
7759| [43309] Apache Geronimo LoginModule Login Method Bypass
7760| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7761| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7762| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7763| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7764| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7765| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7766| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
7767| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7768| [42091] Apache Maven Site Plugin Installation Permission Weakness
7769| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
7770| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
7771| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
7772| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7773| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
7774| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
7775| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
7776| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
7777| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
7778| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
7779| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7780| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7781| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
7782| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7783| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7784| [40262] Apache HTTP Server mod_status refresh XSS
7785| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
7786| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
7787| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
7788| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
7789| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
7790| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
7791| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7792| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
7793| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7794| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
7795| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
7796| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
7797| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7798| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7799| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7800| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7801| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7802| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
7803| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7804| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
7805| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
7806| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7807| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7808| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7809| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
7810| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
7811| [36080] Apache Tomcat JSP Examples Crafted URI XSS
7812| [36079] Apache Tomcat Manager Uploaded Filename XSS
7813| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
7814| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
7815| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
7816| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
7817| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
7818| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
7819| [34881] Apache Tomcat Malformed Accept-Language Header XSS
7820| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
7821| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
7822| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
7823| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7824| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7825| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
7826| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
7827| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
7828| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7829| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
7830| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7831| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7832| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
7833| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
7834| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7835| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7836| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7837| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
7838| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7839| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7840| [32724] Apache mod_python _filter_read Freed Memory Disclosure
7841| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
7842| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
7843| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
7844| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
7845| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
7846| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
7847| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
7848| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
7849| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7850| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7851| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7852| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
7853| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7854| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
7855| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
7856| [24365] Apache Struts Multiple Function Error Message XSS
7857| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
7858| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
7859| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
7860| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7861| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
7862| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
7863| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
7864| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7865| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
7866| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
7867| [22459] Apache Geronimo Error Page XSS
7868| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
7869| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7870| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7871| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7872| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7873| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7874| [21021] Apache Struts Error Message XSS
7875| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7876| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7877| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7878| [20439] Apache Tomcat Directory Listing Saturation DoS
7879| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7880| [20285] Apache HTTP Server Log File Control Character Injection
7881| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7882| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7883| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7884| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7885| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7886| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7887| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7888| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7889| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7890| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7891| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7892| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7893| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7894| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7895| [18233] Apache HTTP Server htdigest user Variable Overfow
7896| [17738] Apache HTTP Server HTTP Request Smuggling
7897| [16586] Apache HTTP Server Win32 GET Overflow DoS
7898| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7899| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7900| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7901| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7902| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7903| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7904| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7905| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7906| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7907| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7908| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7909| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7910| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7911| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7912| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7913| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7914| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7915| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7916| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7917| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7918| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7919| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7920| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7921| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7922| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7923| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7924| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7925| [13304] Apache Tomcat realPath.jsp Path Disclosure
7926| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7927| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7928| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7929| [12848] Apache HTTP Server htdigest realm Variable Overflow
7930| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7931| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7932| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7933| [12557] Apache HTTP Server prefork MPM accept Error DoS
7934| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7935| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7936| [12231] Apache Tomcat web.xml Arbitrary File Access
7937| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7938| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7939| [12178] Apache Jakarta Lucene results.jsp XSS
7940| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7941| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7942| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7943| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7944| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7945| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7946| [10471] Apache Xerces-C++ XML Parser DoS
7947| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7948| [10068] Apache HTTP Server htpasswd Local Overflow
7949| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7950| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7951| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7952| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7953| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7954| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7955| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7956| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7957| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7958| [9714] Apache Authentication Module Threaded MPM DoS
7959| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7960| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7961| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7962| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7963| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7964| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7965| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7966| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7967| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7968| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7969| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7970| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7971| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7972| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7973| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7974| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7975| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7976| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7977| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7978| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7979| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7980| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7981| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7982| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7983| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7984| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7985| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7986| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7987| [9208] Apache Tomcat .jsp Encoded Newline XSS
7988| [9204] Apache Tomcat ROOT Application XSS
7989| [9203] Apache Tomcat examples Application XSS
7990| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7991| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7992| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7993| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7994| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7995| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7996| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7997| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7998| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7999| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8000| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8001| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8002| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8003| [7611] Apache HTTP Server mod_alias Local Overflow
8004| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8005| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8006| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8007| [6882] Apache mod_python Malformed Query String Variant DoS
8008| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8009| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8010| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8011| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8012| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8013| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8014| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8015| [5278] Apache Tomcat web.xml Restriction Bypass
8016| [5051] Apache Tomcat Null Character DoS
8017| [4973] Apache Tomcat servlet Mapping XSS
8018| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8019| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8020| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8021| [4568] mod_survey For Apache ENV Tags SQL Injection
8022| [4553] Apache HTTP Server ApacheBench Overflow DoS
8023| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8024| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8025| [4383] Apache HTTP Server Socket Race Condition DoS
8026| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8027| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8028| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8029| [4231] Apache Cocoon Error Page Server Path Disclosure
8030| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8031| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8032| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8033| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8034| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8035| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8036| [3322] mod_php for Apache HTTP Server Process Hijack
8037| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8038| [2885] Apache mod_python Malformed Query String DoS
8039| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8040| [2733] Apache HTTP Server mod_rewrite Local Overflow
8041| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8042| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8043| [2149] Apache::Gallery Privilege Escalation
8044| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8045| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8046| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8047| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8048| [872] Apache Tomcat Multiple Default Accounts
8049| [862] Apache HTTP Server SSI Error Page XSS
8050| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8051| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8052| [845] Apache Tomcat MSDOS Device XSS
8053| [844] Apache Tomcat Java Servlet Error Page XSS
8054| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8055| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8056| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8057| [775] Apache mod_python Module Importing Privilege Function Execution
8058| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8059| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8060| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8061| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8062| [637] Apache HTTP Server UserDir Directive Username Enumeration
8063| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8064| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8065| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8066| [561] Apache Web Servers mod_status /server-status Information Disclosure
8067| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8068| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8069| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8070| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8071| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8072| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8073| [376] Apache Tomcat contextAdmin Arbitrary File Access
8074| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8075| [222] Apache HTTP Server test-cgi Arbitrary File Access
8076| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8077| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8078|_
8079110/tcp open pop3 Dovecot pop3d
8080| vulscan: VulDB - https://vuldb.com:
8081| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8082| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8083| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8084| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8085| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8086| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8087| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8088| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8089| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8090| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8091| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8092| [69835] Dovecot 2.2.0/2.2.1 denial of service
8093| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8094| [65684] Dovecot up to 2.2.6 unknown vulnerability
8095| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8096| [63692] Dovecot up to 2.0.15 spoofing
8097| [7062] Dovecot 2.1.10 mail-search.c denial of service
8098| [57517] Dovecot up to 2.0.12 Login directory traversal
8099| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8100| [57515] Dovecot up to 2.0.12 Crash denial of service
8101| [54944] Dovecot up to 1.2.14 denial of service
8102| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8103| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8104| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8105| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8106| [53277] Dovecot up to 1.2.10 denial of service
8107| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8108| [45256] Dovecot up to 1.1.5 directory traversal
8109| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8110| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8111| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8112| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8113| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8114| [38222] Dovecot 1.0.2 directory traversal
8115| [36376] Dovecot up to 1.0.x directory traversal
8116| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8117|
8118| MITRE CVE - https://cve.mitre.org:
8119| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8120| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8121| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8122| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8123| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8124| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8125| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8126| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8127| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8128| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8129| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8130| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8131| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8132| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8133| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8134| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8135| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8136| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8137| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8138| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8139| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8140| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8141| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8142| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8143| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8144| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8145| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8146| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8147| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8148| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8149| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8150| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8151| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8152| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
8153| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
8154| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
8155| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8156|
8157| SecurityFocus - https://www.securityfocus.com/bid/:
8158| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8159| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8160| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8161| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8162| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8163| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8164| [67306] Dovecot Denial of Service Vulnerability
8165| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
8166| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8167| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8168| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8169| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8170| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
8171| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
8172| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
8173| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
8174| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
8175| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
8176| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
8177| [39838] tpop3d Remote Denial of Service Vulnerability
8178| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
8179| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
8180| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
8181| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
8182| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
8183| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8184| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
8185| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
8186| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
8187| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8188| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8189| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8190| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8191| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8192| [17961] Dovecot Remote Information Disclosure Vulnerability
8193| [16672] Dovecot Double Free Denial of Service Vulnerability
8194| [8495] akpop3d User Name SQL Injection Vulnerability
8195| [8473] Vpop3d Remote Denial Of Service Vulnerability
8196| [3990] ZPop3D Bad Login Logging Failure Vulnerability
8197| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
8198|
8199| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8200| [86382] Dovecot POP3 Service denial of service
8201| [84396] Dovecot IMAP APPEND denial of service
8202| [80453] Dovecot mail-search.c denial of service
8203| [71354] Dovecot SSL Common Name (CN) weak security
8204| [67675] Dovecot script-login security bypass
8205| [67674] Dovecot script-login directory traversal
8206| [67589] Dovecot header name denial of service
8207| [63267] Apple Mac OS X Dovecot information disclosure
8208| [62340] Dovecot mailbox security bypass
8209| [62339] Dovecot IMAP or POP3 denial of service
8210| [62256] Dovecot mailbox security bypass
8211| [62255] Dovecot ACL entry security bypass
8212| [60639] Dovecot ACL plugin weak security
8213| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8214| [56763] Dovecot header denial of service
8215| [54363] Dovecot base_dir privilege escalation
8216| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8217| [46323] Dovecot dovecot.conf information disclosure
8218| [46227] Dovecot message parsing denial of service
8219| [45669] Dovecot ACL mailbox security bypass
8220| [45667] Dovecot ACL plugin rights security bypass
8221| [41085] Dovecot TAB characters authentication bypass
8222| [41009] Dovecot mail_extra_groups option unauthorized access
8223| [39342] Dovecot LDAP auth cache configuration security bypass
8224| [35767] Dovecot ACL plugin security bypass
8225| [34082] Dovecot mbox-storage.c directory traversal
8226| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8227| [26578] Cyrus IMAP pop3d buffer overflow
8228| [26536] Dovecot IMAP LIST information disclosure
8229| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8230| [24709] Dovecot APPEND command denial of service
8231| [13018] akpop3d authentication code SQL injection
8232| [7345] Slackware Linux imapd and ipop3d core dump
8233| [6269] imap, ipop2d and ipop3d buffer overflows
8234| [5923] Linuxconf vpop3d symbolic link
8235| [4918] IPOP3D, Buffer overflow attack
8236| [1560] IPOP3D, user login successful
8237| [1559] IPOP3D user login to remote host successful
8238| [1525] IPOP3D, user logout
8239| [1524] IPOP3D, user auto-logout
8240| [1523] IPOP3D, user login failure
8241| [1522] IPOP3D, brute force attack
8242| [1521] IPOP3D, user kiss of death logout
8243| [418] pop3d mktemp creates insecure temporary files
8244|
8245| Exploit-DB - https://www.exploit-db.com:
8246| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8247| [23053] Vpop3d Remote Denial of Service Vulnerability
8248| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8249| [11893] tPop3d 1.5.3 DoS
8250| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8251| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8252| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8253| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8254|
8255| OpenVAS (Nessus) - http://www.openvas.org:
8256| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8257| [901025] Dovecot Version Detection
8258| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8259| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8260| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8261| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8262| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8263| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8264| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8265| [863272] Fedora Update for dovecot FEDORA-2011-7612
8266| [863115] Fedora Update for dovecot FEDORA-2011-7258
8267| [861525] Fedora Update for dovecot FEDORA-2007-664
8268| [861394] Fedora Update for dovecot FEDORA-2007-493
8269| [861333] Fedora Update for dovecot FEDORA-2007-1485
8270| [860845] Fedora Update for dovecot FEDORA-2008-9202
8271| [860663] Fedora Update for dovecot FEDORA-2008-2475
8272| [860169] Fedora Update for dovecot FEDORA-2008-2464
8273| [860089] Fedora Update for dovecot FEDORA-2008-9232
8274| [840950] Ubuntu Update for dovecot USN-1295-1
8275| [840668] Ubuntu Update for dovecot USN-1143-1
8276| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
8277| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
8278| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
8279| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
8280| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
8281| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
8282| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
8283| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
8284| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
8285| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
8286| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
8287| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
8288| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
8289| [70259] FreeBSD Ports: dovecot
8290| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
8291| [66522] FreeBSD Ports: dovecot
8292| [65010] Ubuntu USN-838-1 (dovecot)
8293| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
8294| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
8295| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
8296| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
8297| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
8298| [62854] FreeBSD Ports: dovecot-managesieve
8299| [61916] FreeBSD Ports: dovecot
8300| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
8301| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
8302| [60528] FreeBSD Ports: dovecot
8303| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
8304| [60089] FreeBSD Ports: dovecot
8305| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
8306| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
8307|
8308| SecurityTracker - https://www.securitytracker.com:
8309| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
8310| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
8311| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
8312|
8313| OSVDB - http://www.osvdb.org:
8314| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
8315| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
8316| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8317| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
8318| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
8319| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
8320| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
8321| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
8322| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
8323| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
8324| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
8325| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
8326| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
8327| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
8328| [66113] Dovecot Mail Root Directory Creation Permission Weakness
8329| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
8330| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
8331| [66110] Dovecot Multiple Unspecified Buffer Overflows
8332| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
8333| [64783] Dovecot E-mail Message Header Unspecified DoS
8334| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
8335| [62796] Dovecot mbox Format Email Header Handling DoS
8336| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
8337| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
8338| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
8339| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
8340| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
8341| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
8342| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
8343| [43137] Dovecot mail_extra_groups Symlink File Manipulation
8344| [42979] Dovecot passdbs Argument Injection Authentication Bypass
8345| [39876] Dovecot LDAP Auth Cache Security Bypass
8346| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
8347| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
8348| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
8349| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
8350| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
8351| [23281] Dovecot imap/pop3-login dovecot-auth DoS
8352| [23280] Dovecot Malformed APPEND Command DoS
8353| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
8354| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
8355| [5857] Linux pop3d Arbitrary Mail File Access
8356| [2471] akpop3d username SQL Injection
8357|_
8358139/tcp closed netbios-ssn
8359143/tcp open imap Dovecot imapd
8360| vulscan: VulDB - https://vuldb.com:
8361| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
8362| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
8363| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
8364| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
8365| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
8366| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
8367| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
8368| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
8369| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
8370| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
8371| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
8372| [69835] Dovecot 2.2.0/2.2.1 denial of service
8373| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
8374| [65684] Dovecot up to 2.2.6 unknown vulnerability
8375| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
8376| [63692] Dovecot up to 2.0.15 spoofing
8377| [7062] Dovecot 2.1.10 mail-search.c denial of service
8378| [59792] Cyrus IMAPd 2.4.11 weak authentication
8379| [57517] Dovecot up to 2.0.12 Login directory traversal
8380| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
8381| [57515] Dovecot up to 2.0.12 Crash denial of service
8382| [54944] Dovecot up to 1.2.14 denial of service
8383| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
8384| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
8385| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
8386| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
8387| [53277] Dovecot up to 1.2.10 denial of service
8388| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
8389| [45256] Dovecot up to 1.1.5 directory traversal
8390| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
8391| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8392| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
8393| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
8394| [40356] Dovecot 1.0.9 Cache unknown vulnerability
8395| [38222] Dovecot 1.0.2 directory traversal
8396| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
8397| [36376] Dovecot up to 1.0.x directory traversal
8398| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
8399| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
8400|
8401| MITRE CVE - https://cve.mitre.org:
8402| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
8403| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
8404| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
8405| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
8406| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
8407| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
8408| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
8409| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
8410| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
8411| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
8412| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8413| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
8414| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
8415| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
8416| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
8417| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
8418| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
8419| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
8420| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
8421| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
8422| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
8423| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
8424| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
8425| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
8426| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
8427| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
8428| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
8429| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
8430| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
8431| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
8432| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
8433| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
8434| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
8435| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
8436| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
8437| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
8438| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
8439| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
8440| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
8441| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
8442| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
8443| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
8444| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
8445| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
8446| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
8447| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
8448| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
8449| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
8450| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
8451| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
8452| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
8453| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
8454| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
8455| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
8456| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
8457| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
8458| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
8459| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
8460| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
8461|
8462| SecurityFocus - https://www.securityfocus.com/bid/:
8463| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
8464| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
8465| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
8466| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
8467| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
8468| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
8469| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
8470| [67306] Dovecot Denial of Service Vulnerability
8471| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
8472| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
8473| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
8474| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
8475| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
8476| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
8477| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
8478| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
8479| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
8480| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
8481| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
8482| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
8483| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
8484| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
8485| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
8486| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
8487| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
8488| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
8489| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
8490| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
8491| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
8492| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
8493| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
8494| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
8495| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
8496| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
8497| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
8498| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
8499| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
8500| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
8501| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
8502| [17961] Dovecot Remote Information Disclosure Vulnerability
8503| [16672] Dovecot Double Free Denial of Service Vulnerability
8504| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
8505| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
8506| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
8507| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
8508| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
8509| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
8510| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
8511| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
8512| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
8513| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
8514| [130] imapd Buffer Overflow Vulnerability
8515|
8516| IBM X-Force - https://exchange.xforce.ibmcloud.com:
8517| [86382] Dovecot POP3 Service denial of service
8518| [84396] Dovecot IMAP APPEND denial of service
8519| [80453] Dovecot mail-search.c denial of service
8520| [71354] Dovecot SSL Common Name (CN) weak security
8521| [70325] Cyrus IMAPd NNTP security bypass
8522| [67675] Dovecot script-login security bypass
8523| [67674] Dovecot script-login directory traversal
8524| [67589] Dovecot header name denial of service
8525| [63267] Apple Mac OS X Dovecot information disclosure
8526| [62340] Dovecot mailbox security bypass
8527| [62339] Dovecot IMAP or POP3 denial of service
8528| [62256] Dovecot mailbox security bypass
8529| [62255] Dovecot ACL entry security bypass
8530| [60639] Dovecot ACL plugin weak security
8531| [57267] Apple Mac OS X Dovecot Kerberos security bypass
8532| [56763] Dovecot header denial of service
8533| [54363] Dovecot base_dir privilege escalation
8534| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
8535| [47526] UW-imapd rfc822_output_char() denial of service
8536| [46323] Dovecot dovecot.conf information disclosure
8537| [46227] Dovecot message parsing denial of service
8538| [45669] Dovecot ACL mailbox security bypass
8539| [45667] Dovecot ACL plugin rights security bypass
8540| [41085] Dovecot TAB characters authentication bypass
8541| [41009] Dovecot mail_extra_groups option unauthorized access
8542| [39342] Dovecot LDAP auth cache configuration security bypass
8543| [35767] Dovecot ACL plugin security bypass
8544| [34082] Dovecot mbox-storage.c directory traversal
8545| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
8546| [26536] Dovecot IMAP LIST information disclosure
8547| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
8548| [24709] Dovecot APPEND command denial of service
8549| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
8550| [19460] Cyrus IMAP imapd buffer overflow
8551| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
8552| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
8553| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
8554| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
8555| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
8556| [7345] Slackware Linux imapd and ipop3d core dump
8557| [573] Imapd denial of service
8558|
8559| Exploit-DB - https://www.exploit-db.com:
8560| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
8561| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
8562| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
8563| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
8564| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
8565| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
8566| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
8567| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
8568| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
8569| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
8570| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
8571| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
8572| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
8573| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
8574| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
8575| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
8576| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
8577| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
8578| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
8579| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
8580| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
8581| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
8582| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
8583| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
8584| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
8585| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
8586| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
8587| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
8588| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
8589| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
8590| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
8591| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
8592| [340] Linux imapd Remote Overflow File Retrieve Exploit
8593|
8594| OpenVAS (Nessus) - http://www.openvas.org:
8595| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
8596| [901025] Dovecot Version Detection
8597| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
8598| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
8599| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
8600| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
8601| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
8602| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
8603| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
8604| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
8605| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
8606| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
8607| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
8608| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
8609| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
8610| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
8611| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
8612| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
8613| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
8614| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
8615| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
8616| [870607] RedHat Update for dovecot RHSA-2011:0600-01
8617| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
8618| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
8619| [870471] RedHat Update for dovecot RHSA-2011:1187-01
8620| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
8621| [870153] RedHat Update for dovecot RHSA-2008:0297-02
8622| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
8623| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
8624| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
8625| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
8626| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
8627| [863272] Fedora Update for dovecot FEDORA-2011-7612
8628| [863115] Fedora Update for dovecot FEDORA-2011-7258
8629| [861525] Fedora Update for dovecot FEDORA-2007-664
8630| [861394] Fedora Update for dovecot FEDORA-2007-493
8631| [861333] Fedora Update for dovecot FEDORA-2007-1485
8632| [860845] Fedora Update for dovecot FEDORA-2008-9202
8633| [860663] Fedora Update for dovecot FEDORA-2008-2475
8634| [860169] Fedora Update for dovecot FEDORA-2008-2464
8635| [860089] Fedora Update for dovecot FEDORA-2008-9232
8636| [840950] Ubuntu Update for dovecot USN-1295-1
8637| [840668] Ubuntu Update for dovecot USN-1143-1
8638| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
8639| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
8640| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
8641| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
8642| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
8643| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
8644| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
8645| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
8646| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
8647| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
8648| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
8649| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
8650| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
8651| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
8652| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
8653| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
8654| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
8655| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
8656| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
8657| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
8658| [70259] FreeBSD Ports: dovecot
8659| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
8660| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
8661| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
8662| [66522] FreeBSD Ports: dovecot
8663| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
8664| [66233] SLES10: Security update for Cyrus IMAPD
8665| [66226] SLES11: Security update for Cyrus IMAPD
8666| [66222] SLES9: Security update for Cyrus IMAPD
8667| [65938] SLES10: Security update for Cyrus IMAPD
8668| [65723] SLES11: Security update for Cyrus IMAPD
8669| [65523] SLES9: Security update for Cyrus IMAPD
8670| [65479] SLES9: Security update for cyrus-imapd
8671| [65094] SLES9: Security update for cyrus-imapd
8672| [65010] Ubuntu USN-838-1 (dovecot)
8673| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
8674| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
8675| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
8676| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
8677| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
8678| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
8679| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
8680| [64898] FreeBSD Ports: cyrus-imapd
8681| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
8682| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
8683| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
8684| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
8685| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
8686| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
8687| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
8688| [62854] FreeBSD Ports: dovecot-managesieve
8689| [61916] FreeBSD Ports: dovecot
8690| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
8691| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
8692| [60528] FreeBSD Ports: dovecot
8693| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
8694| [60089] FreeBSD Ports: dovecot
8695| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
8696| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
8697| [55807] Slackware Advisory SSA:2005-310-06 imapd
8698| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
8699| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
8700| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
8701| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
8702| [52297] FreeBSD Ports: cyrus-imapd
8703| [52296] FreeBSD Ports: cyrus-imapd
8704| [52295] FreeBSD Ports: cyrus-imapd
8705| [52294] FreeBSD Ports: cyrus-imapd
8706| [52172] FreeBSD Ports: cyrus-imapd
8707|
8708| SecurityTracker - https://www.securitytracker.com:
8709| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
8710| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
8711| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
8712| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
8713|
8714| OSVDB - http://www.osvdb.org:
8715| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
8716| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
8717| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
8718| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
8719| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
8720| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
8721| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
8722| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
8723| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
8724| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
8725| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
8726| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
8727| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
8728| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
8729| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
8730| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
8731| [66113] Dovecot Mail Root Directory Creation Permission Weakness
8732| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
8733| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
8734| [66110] Dovecot Multiple Unspecified Buffer Overflows
8735| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
8736| [64783] Dovecot E-mail Message Header Unspecified DoS
8737| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
8738| [62796] Dovecot mbox Format Email Header Handling DoS
8739| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
8740| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
8741| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
8742| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
8743| [52906] UW-imapd c-client Initial Request Remote Format String
8744| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
8745| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
8746| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
8747| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
8748| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
8749| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
8750| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
8751| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
8752| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
8753| [43137] Dovecot mail_extra_groups Symlink File Manipulation
8754| [42979] Dovecot passdbs Argument Injection Authentication Bypass
8755| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
8756| [39876] Dovecot LDAP Auth Cache Security Bypass
8757| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
8758| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
8759| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
8760| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
8761| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
8762| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
8763| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
8764| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
8765| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
8766| [23281] Dovecot imap/pop3-login dovecot-auth DoS
8767| [23280] Dovecot Malformed APPEND Command DoS
8768| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
8769| [13242] UW-imapd CRAM-MD5 Authentication Bypass
8770| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
8771| [12042] UoW imapd Multiple Unspecified Overflows
8772| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
8773| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
8774| [911] UoW imapd AUTHENTICATE Command Remote Overflow
8775| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
8776| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
8777|_
8778443/tcp open ssl/http Apache httpd
8779|_hnap-info: ERROR: Script execution failed (use -d to debug)
8780|_http-server-header: Apache
8781|_http-trane-info: ERROR: Script execution failed (use -d to debug)
8782| vulscan: VulDB - https://vuldb.com:
8783| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8784| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8785| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8786| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8787| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8788| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8789| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8790| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8791| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8792| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8793| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8794| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8795| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8796| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8797| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8798| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8799| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8800| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8801| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8802| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8803| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8804| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8805| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8806| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8807| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8808| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8809| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8810| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8811| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8812| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8813| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8814| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8815| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8816| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8817| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8818| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8819| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8820| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8821| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8822| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8823| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8824| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8825| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8826| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8827| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8828| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8829| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8830| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8831| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8832| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8833| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8834| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8835| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8836| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8837| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8838| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8839| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8840| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8841| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8842| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8843| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8844| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8845| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8846| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8847| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8848| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8849| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8850| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8851| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8852| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8853| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8854| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8855| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8856| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8857| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8858| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8859| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8860| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8861| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8862| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8863| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8864| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8865| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8866| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8867| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8868| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8869| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8870| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8871| [136370] Apache Fineract up to 1.2.x sql injection
8872| [136369] Apache Fineract up to 1.2.x sql injection
8873| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8874| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8875| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8876| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8877| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8878| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8879| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8880| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8881| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8882| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8883| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8884| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8885| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8886| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8887| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8888| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8889| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8890| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8891| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8892| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8893| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8894| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8895| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8896| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8897| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8898| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8899| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8900| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8901| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8902| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8903| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8904| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8905| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8906| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8907| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8908| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8909| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8910| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8911| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8912| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8913| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8914| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8915| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8916| [130629] Apache Guacamole Cookie Flag weak encryption
8917| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8918| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8919| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8920| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8921| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8922| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8923| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8924| [130123] Apache Airflow up to 1.8.2 information disclosure
8925| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8926| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8927| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8928| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8929| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8930| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8931| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8932| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8933| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8934| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8935| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8936| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8937| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8938| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8939| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8940| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8941| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8942| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8943| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8944| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8945| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8946| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8947| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8948| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8949| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8950| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8951| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8952| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8953| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8954| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8955| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8956| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8957| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8958| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8959| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8960| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8961| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8962| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8963| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8964| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8965| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8966| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8967| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8968| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8969| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8970| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8971| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8972| [127007] Apache Spark Request Code Execution
8973| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8974| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8975| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8976| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8977| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8978| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8979| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8980| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8981| [126346] Apache Tomcat Path privilege escalation
8982| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8983| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8984| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8985| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8986| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8987| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8988| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8989| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8990| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8991| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8992| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8993| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8994| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8995| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8996| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8997| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8998| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8999| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9000| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9001| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9002| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9003| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9004| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9005| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9006| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9007| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9008| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9009| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9010| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9011| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9012| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9013| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9014| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9015| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9016| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9017| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9018| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9019| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9020| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9021| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9022| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9023| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9024| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9025| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9026| [123197] Apache Sentry up to 2.0.0 privilege escalation
9027| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9028| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9029| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9030| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9031| [122800] Apache Spark 1.3.0 REST API weak authentication
9032| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9033| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9034| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9035| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9036| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9037| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9038| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9039| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9040| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9041| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9042| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9043| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9044| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9045| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9046| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9047| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9048| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9049| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9050| [121354] Apache CouchDB HTTP API Code Execution
9051| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9052| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9053| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9054| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9055| [120168] Apache CXF weak authentication
9056| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9057| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9058| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9059| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9060| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9061| [119306] Apache MXNet Network Interface privilege escalation
9062| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9063| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9064| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9065| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9066| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9067| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9068| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9069| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9070| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9071| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9072| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9073| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9074| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9075| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9076| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9077| [117115] Apache Tika up to 1.17 tika-server command injection
9078| [116929] Apache Fineract getReportType Parameter privilege escalation
9079| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9080| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9081| [116926] Apache Fineract REST Parameter privilege escalation
9082| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9083| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9084| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9085| [115883] Apache Hive up to 2.3.2 privilege escalation
9086| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9087| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9088| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9089| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9090| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9091| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9092| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9093| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9094| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9095| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9096| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9097| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9098| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9099| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9100| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9101| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9102| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9103| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9104| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9105| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9106| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9107| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9108| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9109| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9110| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9111| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9112| [113895] Apache Geode up to 1.3.x Code Execution
9113| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9114| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9115| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9116| [113747] Apache Tomcat Servlets privilege escalation
9117| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9118| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9119| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9120| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9121| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9122| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9123| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9124| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9125| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9126| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9127| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9128| [112885] Apache Allura up to 1.8.0 File information disclosure
9129| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9130| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9131| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9132| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9133| [112625] Apache POI up to 3.16 Loop denial of service
9134| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9135| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9136| [112339] Apache NiFi 1.5.0 Header privilege escalation
9137| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9138| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9139| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9140| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9141| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9142| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9143| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9144| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9145| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9146| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9147| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9148| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9149| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9150| [112114] Oracle 9.1 Apache Log4j privilege escalation
9151| [112113] Oracle 9.1 Apache Log4j privilege escalation
9152| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9153| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9154| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9155| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9156| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9157| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9158| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9159| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9160| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9161| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9162| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9163| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9164| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9165| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9166| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9167| [110701] Apache Fineract Query Parameter sql injection
9168| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9169| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9170| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9171| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9172| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9173| [110106] Apache CXF Fediz Spring cross site request forgery
9174| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9175| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9176| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9177| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9178| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9179| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9180| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9181| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9182| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9183| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9184| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9185| [108938] Apple macOS up to 10.13.1 apache denial of service
9186| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9187| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9188| [108935] Apple macOS up to 10.13.1 apache denial of service
9189| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9190| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9191| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9192| [108931] Apple macOS up to 10.13.1 apache denial of service
9193| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9194| [108929] Apple macOS up to 10.13.1 apache denial of service
9195| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9196| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9197| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9198| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9199| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9200| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9201| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9202| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
9203| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9204| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9205| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9206| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9207| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9208| [108782] Apache Xerces2 XML Service denial of service
9209| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9210| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9211| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9212| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9213| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9214| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9215| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9216| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9217| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9218| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9219| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9220| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9221| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9222| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9223| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9224| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9225| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9226| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9227| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9228| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9229| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9230| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9231| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9232| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9233| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9234| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9235| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9236| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9237| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9238| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9239| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9240| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9241| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9242| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9243| [107639] Apache NiFi 1.4.0 XML External Entity
9244| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9245| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9246| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9247| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9248| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9249| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9250| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9251| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9252| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9253| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9254| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9255| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9256| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9257| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9258| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9259| [107084] Apache Struts up to 2.3.19 cross site scripting
9260| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9261| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9262| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9263| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9264| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9265| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9266| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9267| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9268| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9269| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9270| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9271| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9272| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9273| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9274| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9275| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9276| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9277| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9278| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9279| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9280| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9281| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9282| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9283| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9284| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9285| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9286| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9287| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9288| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9289| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9290| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9291| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9292| [105643] Apache Pony Mail up to 0.8b weak authentication
9293| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9294| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9295| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9296| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9297| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9298| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9299| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9300| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9301| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9302| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9303| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9304| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9305| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9306| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9307| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9308| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9309| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9310| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9311| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9312| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9313| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9314| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9315| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9316| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9317| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9318| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9319| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9320| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9321| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9322| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9323| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9324| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9325| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9326| [103690] Apache OpenMeetings 1.0.0 sql injection
9327| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9328| [103688] Apache OpenMeetings 1.0.0 weak encryption
9329| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9330| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9331| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9332| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9333| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9334| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9335| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9336| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9337| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9338| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9339| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9340| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9341| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9342| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9343| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9344| [103352] Apache Solr Node weak authentication
9345| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9346| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9347| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9348| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
9349| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9350| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9351| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9352| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9353| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9354| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9355| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9356| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9357| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9358| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9359| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9360| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9361| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9362| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9363| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9364| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
9365| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9366| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9367| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9368| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9369| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9370| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9371| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9372| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9373| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9374| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9375| [99937] Apache Batik up to 1.8 privilege escalation
9376| [99936] Apache FOP up to 2.1 privilege escalation
9377| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9378| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9379| [99930] Apache Traffic Server up to 6.2.0 denial of service
9380| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9381| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9382| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9383| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9384| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9385| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9386| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9387| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9388| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9389| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9390| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9391| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9392| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9393| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9394| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9395| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9396| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9397| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9398| [98605] Apple macOS up to 10.12.3 Apache denial of service
9399| [98604] Apple macOS up to 10.12.3 Apache denial of service
9400| [98603] Apple macOS up to 10.12.3 Apache denial of service
9401| [98602] Apple macOS up to 10.12.3 Apache denial of service
9402| [98601] Apple macOS up to 10.12.3 Apache denial of service
9403| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9404| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9405| [98199] Apache Camel Validation XML External Entity
9406| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9407| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9408| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9409| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9410| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9411| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9412| [97081] Apache Tomcat HTTPS Request denial of service
9413| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9414| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9415| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9416| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9417| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9418| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9419| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9420| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9421| [95311] Apache Storm UI Daemon privilege escalation
9422| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9423| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9424| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9425| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9426| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9427| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9428| [94540] Apache Tika 1.9 tika-server File information disclosure
9429| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9430| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9431| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9432| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9433| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9434| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9435| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9436| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9437| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9438| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9439| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9440| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9441| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9442| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9443| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9444| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9445| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9446| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9447| [93532] Apache Commons Collections Library Java privilege escalation
9448| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9449| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9450| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9451| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9452| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9453| [93098] Apache Commons FileUpload privilege escalation
9454| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9455| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9456| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9457| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9458| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9459| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9460| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9461| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9462| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9463| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9464| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9465| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9466| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9467| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9468| [92549] Apache Tomcat on Red Hat privilege escalation
9469| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9470| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9471| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9472| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9473| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9474| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9475| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9476| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9477| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9478| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9479| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9480| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9481| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9482| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9483| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9484| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9485| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9486| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9487| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9488| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9489| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9490| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9491| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9492| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9493| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9494| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9495| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9496| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9497| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9498| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9499| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9500| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9501| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9502| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9503| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9504| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9505| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9506| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9507| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9508| [90263] Apache Archiva Header denial of service
9509| [90262] Apache Archiva Deserialize privilege escalation
9510| [90261] Apache Archiva XML DTD Connection privilege escalation
9511| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9512| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9513| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9514| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9515| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9516| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9517| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9518| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9519| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9520| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9521| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9522| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9523| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9524| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9525| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9526| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9527| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9528| [87765] Apache James Server 2.3.2 Command privilege escalation
9529| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9530| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9531| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9532| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9533| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9534| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9535| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9536| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9537| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9538| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9539| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9540| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9541| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9542| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9543| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9544| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9545| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9546| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
9547| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9548| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9549| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9550| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9551| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9552| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9553| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9554| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9555| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9556| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9557| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9558| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9559| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9560| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9561| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9562| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9563| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9564| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9565| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9566| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9567| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9568| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9569| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9570| [82076] Apache Ranger up to 0.5.1 privilege escalation
9571| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9572| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9573| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9574| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9575| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9576| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9577| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9578| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9579| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9580| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9581| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9582| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9583| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9584| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9585| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9586| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9587| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9588| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9589| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9590| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9591| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9592| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9593| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9594| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9595| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9596| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9597| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9598| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9599| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9600| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9601| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9602| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9603| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9604| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9605| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9606| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9607| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9608| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9609| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9610| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9611| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9612| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9613| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9614| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9615| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9616| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9617| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9618| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9619| [78989] Apache Ambari up to 2.1.1 Open Redirect
9620| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9621| [78987] Apache Ambari up to 2.0.x cross site scripting
9622| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9623| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9624| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9625| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9626| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9627| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9628| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9629| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9630| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9631| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9632| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9633| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9634| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9635| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9636| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9637| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9638| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9639| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9640| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9641| [76567] Apache Struts 2.3.20 unknown vulnerability
9642| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9643| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9644| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9645| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9646| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9647| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9648| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9649| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9650| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9651| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9652| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9653| [74793] Apache Tomcat File Upload denial of service
9654| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9655| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9656| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9657| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9658| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9659| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9660| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9661| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9662| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9663| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9664| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9665| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9666| [74468] Apache Batik up to 1.6 denial of service
9667| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9668| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9669| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9670| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9671| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9672| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9673| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9674| [73731] Apache XML Security unknown vulnerability
9675| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9676| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9677| [73593] Apache Traffic Server up to 5.1.0 denial of service
9678| [73511] Apache POI up to 3.10 Deadlock denial of service
9679| [73510] Apache Solr up to 4.3.0 cross site scripting
9680| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9681| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9682| [73173] Apache CloudStack Stack-Based unknown vulnerability
9683| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9684| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9685| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9686| [72890] Apache Qpid 0.30 unknown vulnerability
9687| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9688| [72878] Apache Cordova 3.5.0 cross site request forgery
9689| [72877] Apache Cordova 3.5.0 cross site request forgery
9690| [72876] Apache Cordova 3.5.0 cross site request forgery
9691| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9692| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9693| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9694| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9695| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9696| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9697| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9698| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9699| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9700| [71629] Apache Axis2/C spoofing
9701| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9702| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9703| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9704| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9705| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9706| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9707| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9708| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9709| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9710| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9711| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9712| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9713| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9714| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9715| [70809] Apache POI up to 3.11 Crash denial of service
9716| [70808] Apache POI up to 3.10 unknown vulnerability
9717| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9718| [70749] Apache Axis up to 1.4 getCN spoofing
9719| [70701] Apache Traffic Server up to 3.3.5 denial of service
9720| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9721| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9722| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9723| [70661] Apache Subversion up to 1.6.17 denial of service
9724| [70660] Apache Subversion up to 1.6.17 spoofing
9725| [70659] Apache Subversion up to 1.6.17 spoofing
9726| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9727| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9728| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9729| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9730| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9731| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9732| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9733| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9734| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9735| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9736| [69846] Apache HBase up to 0.94.8 information disclosure
9737| [69783] Apache CouchDB up to 1.2.0 memory corruption
9738| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9739| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9740| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9741| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9742| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9743| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9744| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9745| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9746| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9747| [69431] Apache Archiva up to 1.3.6 cross site scripting
9748| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9749| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9750| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9751| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9752| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9753| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9754| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9755| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9756| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9757| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9758| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9759| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9760| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9761| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9762| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9763| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9764| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9765| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9766| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9767| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9768| [66356] Apache Wicket up to 6.8.0 information disclosure
9769| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9770| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9771| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9772| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9773| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9774| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9775| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9776| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9777| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9778| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9779| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9780| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9781| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9782| [65668] Apache Solr 4.0.0 Updater denial of service
9783| [65665] Apache Solr up to 4.3.0 denial of service
9784| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9785| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9786| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9787| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9788| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9789| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9790| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9791| [65410] Apache Struts 2.3.15.3 cross site scripting
9792| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9793| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9794| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9795| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9796| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9797| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9798| [65340] Apache Shindig 2.5.0 information disclosure
9799| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9800| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9801| [10826] Apache Struts 2 File privilege escalation
9802| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9803| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9804| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9805| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9806| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9807| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9808| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9809| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9810| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9811| [64722] Apache XML Security for C++ Heap-based memory corruption
9812| [64719] Apache XML Security for C++ Heap-based memory corruption
9813| [64718] Apache XML Security for C++ verify denial of service
9814| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9815| [64716] Apache XML Security for C++ spoofing
9816| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9817| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9818| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9819| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9820| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9821| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9822| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9823| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9824| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9825| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9826| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9827| [64467] Apache Geronimo 3.0 memory corruption
9828| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9829| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9830| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9831| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9832| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9833| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9834| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9835| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9836| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9837| [8873] Apache Struts 2.3.14 privilege escalation
9838| [8872] Apache Struts 2.3.14 privilege escalation
9839| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9840| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9841| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9842| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9843| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9844| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9845| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9846| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9847| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9848| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9849| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9850| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9851| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9852| [8427] Apache Tomcat Session Transaction weak authentication
9853| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9854| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9855| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9856| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9857| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9858| [63747] Apache Rave up to 0.20 User Account information disclosure
9859| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9860| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9861| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9862| [7687] Apache CXF up to 2.7.2 Token weak authentication
9863| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9864| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9865| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9866| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9867| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9868| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9869| [63090] Apache Tomcat up to 4.1.24 denial of service
9870| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9871| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9872| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9873| [62833] Apache CXF -/2.6.0 spoofing
9874| [62832] Apache Axis2 up to 1.6.2 spoofing
9875| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9876| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9877| [62826] Apache Libcloud up to 0.11.0 spoofing
9878| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9879| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9880| [62661] Apache Axis2 unknown vulnerability
9881| [62658] Apache Axis2 unknown vulnerability
9882| [62467] Apache Qpid up to 0.17 denial of service
9883| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9884| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9885| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9886| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9887| [62035] Apache Struts up to 2.3.4 denial of service
9888| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9889| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9890| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9891| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9892| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9893| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9894| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9895| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9896| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9897| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9898| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9899| [61229] Apache Sling up to 2.1.1 denial of service
9900| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9901| [61094] Apache Roller up to 5.0 cross site scripting
9902| [61093] Apache Roller up to 5.0 cross site request forgery
9903| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9904| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9905| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9906| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9907| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9908| [60708] Apache Qpid 0.12 unknown vulnerability
9909| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9910| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9911| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9912| [4882] Apache Wicket up to 1.5.4 directory traversal
9913| [4881] Apache Wicket up to 1.4.19 cross site scripting
9914| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9915| [60352] Apache Struts up to 2.2.3 memory corruption
9916| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9917| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9918| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9919| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9920| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9921| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9922| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9923| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9924| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9925| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9926| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9927| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9928| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9929| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9930| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9931| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9932| [59888] Apache Tomcat up to 6.0.6 denial of service
9933| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9934| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9935| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9936| [59850] Apache Geronimo up to 2.2.1 denial of service
9937| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9938| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9939| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9940| [58413] Apache Tomcat up to 6.0.10 spoofing
9941| [58381] Apache Wicket up to 1.4.17 cross site scripting
9942| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9943| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9944| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9945| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9946| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9947| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9948| [57568] Apache Archiva up to 1.3.4 cross site scripting
9949| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9950| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9951| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9952| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9953| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9954| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9955| [57025] Apache Tomcat up to 7.0.11 information disclosure
9956| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9957| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9958| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9959| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9960| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9961| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9962| [56512] Apache Continuum up to 1.4.0 cross site scripting
9963| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9964| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9965| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9966| [56441] Apache Tomcat up to 7.0.6 denial of service
9967| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9968| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9969| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9970| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9971| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9972| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9973| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9974| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9975| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9976| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9977| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9978| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9979| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9980| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9981| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9982| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9983| [54012] Apache Tomcat up to 6.0.10 denial of service
9984| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9985| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9986| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9987| [52894] Apache Tomcat up to 6.0.7 information disclosure
9988| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9989| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9990| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9991| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9992| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9993| [52584] Apache CouchDB up to 0.10.1 information disclosure
9994| [51757] Apache HTTP Server 2.0.44 cross site scripting
9995| [51756] Apache HTTP Server 2.0.44 spoofing
9996| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9997| [51690] Apache Tomcat up to 6.0 directory traversal
9998| [51689] Apache Tomcat up to 6.0 information disclosure
9999| [51688] Apache Tomcat up to 6.0 directory traversal
10000| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10001| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10002| [50626] Apache Solr 1.0.0 cross site scripting
10003| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10004| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10005| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10006| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10007| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10008| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10009| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10010| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10011| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10012| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10013| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10014| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10015| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10016| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10017| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10018| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10019| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10020| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10021| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10022| [47214] Apachefriends xampp 1.6.8 spoofing
10023| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10024| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10025| [47065] Apache Tomcat 4.1.23 cross site scripting
10026| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10027| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10028| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10029| [86625] Apache Struts directory traversal
10030| [44461] Apache Tomcat up to 5.5.0 information disclosure
10031| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10032| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10033| [43663] Apache Tomcat up to 6.0.16 directory traversal
10034| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10035| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10036| [43516] Apache Tomcat up to 4.1.20 directory traversal
10037| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10038| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10039| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10040| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10041| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10042| [40924] Apache Tomcat up to 6.0.15 information disclosure
10043| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10044| [40922] Apache Tomcat up to 6.0 information disclosure
10045| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10046| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10047| [40656] Apache Tomcat 5.5.20 information disclosure
10048| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10049| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10050| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10051| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10052| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10053| [40234] Apache Tomcat up to 6.0.15 directory traversal
10054| [40221] Apache HTTP Server 2.2.6 information disclosure
10055| [40027] David Castro Apache Authcas 0.4 sql injection
10056| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10057| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10058| [3414] Apache Tomcat WebDAV Stored privilege escalation
10059| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10060| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10061| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10062| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10063| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10064| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10065| [38524] Apache Geronimo 2.0 unknown vulnerability
10066| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10067| [38331] Apache Tomcat 4.1.24 information disclosure
10068| [38330] Apache Tomcat 4.1.24 information disclosure
10069| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10070| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10071| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10072| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10073| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10074| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10075| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10076| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10077| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10078| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10079| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10080| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10081| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10082| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10083| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10084| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10085| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10086| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10087| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10088| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10089| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10090| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10091| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10092| [34252] Apache HTTP Server denial of service
10093| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10094| [33877] Apache Opentaps 0.9.3 cross site scripting
10095| [33876] Apache Open For Business Project unknown vulnerability
10096| [33875] Apache Open For Business Project cross site scripting
10097| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
10098| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10099|
10100| MITRE CVE - https://cve.mitre.org:
10101| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10102| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10103| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10104| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10105| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10106| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10107| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10108| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10109| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10110| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10111| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10112| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10113| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10114| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10115| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10116| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10117| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10118| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10119| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10120| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10121| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10122| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10123| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10124| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10125| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10126| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10127| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10128| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10129| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10130| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10131| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10132| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10133| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10134| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10135| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10136| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10137| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10138| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10139| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10140| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10141| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10142| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10143| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10144| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10145| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10146| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10147| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10148| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10149| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10150| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10151| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10152| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10153| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10154| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10155| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10156| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10157| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10158| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10159| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10160| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10161| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10162| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10163| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10164| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10165| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10166| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10167| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10168| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10169| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10170| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10171| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10172| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10173| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10174| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10175| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10176| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10177| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10178| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10179| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10180| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10181| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10182| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10183| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10184| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10185| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10186| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10187| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10188| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10189| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10190| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10191| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10192| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10193| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10194| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10195| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10196| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10197| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10198| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10199| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10200| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10201| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10202| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10203| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10204| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10205| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10206| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10207| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10208| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10209| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10210| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10211| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10212| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10213| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10214| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10215| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10216| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10217| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10218| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10219| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10220| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10221| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10222| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10223| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10224| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10225| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10226| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10227| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10228| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10229| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10230| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10231| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10232| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10233| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10234| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10235| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10236| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10237| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10238| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10239| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10240| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10241| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10242| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10243| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10244| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10245| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10246| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10247| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10248| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10249| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10250| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10251| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10252| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10253| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10254| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10255| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10256| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10257| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10258| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10259| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10260| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10261| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10262| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10263| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10264| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10265| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10266| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10267| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10268| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10269| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10270| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10271| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10272| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10273| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10274| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10275| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10276| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10277| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10278| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10279| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10280| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10281| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10282| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10283| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10284| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10285| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10286| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10287| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10288| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10289| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10290| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10291| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10292| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10293| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10294| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10295| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10296| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10297| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10298| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10299| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10300| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10301| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10302| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10303| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10304| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10305| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10306| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10307| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10308| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10309| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10310| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10311| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10312| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10313| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10314| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10315| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10316| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10317| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10318| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10319| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10320| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10321| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10322| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10323| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10324| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10325| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10326| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10327| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10328| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10329| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10330| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10331| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10332| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10333| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10334| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10335| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10336| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10337| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10338| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10339| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10340| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10341| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10342| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10343| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10344| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10345| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10346| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10347| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10348| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10349| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10350| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10351| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10352| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10353| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10354| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10355| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10356| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10357| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10358| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10359| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10360| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10361| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10362| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10363| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10364| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10365| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10366| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10367| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10368| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10369| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10370| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10371| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10372| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10373| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10374| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10375| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10376| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10377| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10378| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10379| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10380| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10381| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10382| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10383| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10384| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10385| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10386| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10387| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10388| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10389| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10390| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10391| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10392| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10393| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10394| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10395| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10396| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10397| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10398| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10399| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10400| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10401| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10402| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10403| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10404| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10405| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10406| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10407| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10408| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10409| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10410| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10411| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10412| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10413| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10414| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10415| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10416| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10417| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10418| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10419| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10420| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10421| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10422| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10423| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10424| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10425| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10426| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10427| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10428| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10429| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10430| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10431| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10432| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10433| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10434| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10435| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10436| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10437| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10438| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10439| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10440| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10441| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10442| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10443| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10444| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10445| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10446| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10447| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10448| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10449| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10450| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10451| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10452| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10453| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10454| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10455| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10456| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10457| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10458| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10459| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10460| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10461| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10462| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10463| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10464| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10465| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10466| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10467| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10468| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10469| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10470| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10471| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10472| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10473| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10474| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10475| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10476| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10477| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10478| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10479| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10480| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10481| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10482| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10483| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10484| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10485| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10486| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10487| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10488| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10489| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10490| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10491| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10492| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10493| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10494| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10495| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10496| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10497| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10498| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10499| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10500| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10501| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10502| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10503| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10504| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10505| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10506| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10507| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10508| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10509| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10510| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10511| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10512| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10513| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10514| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10515| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10516| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10517| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10518| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10519| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10520| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10521| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10522| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10523| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10524| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10525| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10526| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10527| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10528| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10529| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10530| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10531| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10532| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10533| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10534| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10535| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10536| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10537| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10538| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10539| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10540| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10541| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10542| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10543| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10544| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10545| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10546| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10547| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10548| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10549| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10550| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10551| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10552| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10553| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10554| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10555| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10556| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10557| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10558| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10559| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10560| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10561| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10562| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10563| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10564| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10565| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10566| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10567| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10568| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10569| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10570| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10571| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10572| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10573| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10574| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10575| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10576| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10577| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10578| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10579| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10580| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10581| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10582| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10583| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10584| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10585| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10586| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10587| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10588| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10589| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10590| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10591| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10592| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10593| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10594| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10595| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10596| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10597| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10598| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10599| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10600| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10601| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10602| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10603| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10604| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10605| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10606| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10607| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10608| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10609| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10610| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10611| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10612| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10613| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10614| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10615| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10616| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10617| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10618| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10619| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10620| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10621| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10622| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10623| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10624| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10625| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10626| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10627| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10628| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10629| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10630| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10631| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10632| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10633| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10634| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10635| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10636| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10637| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10638| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10639| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10640| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10641| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10642| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10643| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10644| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10645| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10646| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10647| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10648| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10649| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10650| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10651| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10652| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10653| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10654| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10655| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10656| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10657| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10658| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10659| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10660| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10661| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10662| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10663| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10664| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10665| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10666| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10667| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10668| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10669| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10670| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10671| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10672| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10673| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10674| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10675| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10676| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10677| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10678| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10679| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10680| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10681| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10682| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10683| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10684| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10685| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10686| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10687| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10688| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10689| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10690| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10691| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10692| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10693| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10694| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10695| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10696| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10697| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10698| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10699| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10700| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10701| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10702| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10703| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10704| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10705| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10706| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10707| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10708| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10709| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10710|
10711| SecurityFocus - https://www.securityfocus.com/bid/:
10712| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10713| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10714| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10715| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10716| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10717| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10718| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10719| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10720| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10721| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10722| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10723| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10724| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10725| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10726| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10727| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10728| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10729| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10730| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10731| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10732| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10733| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10734| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10735| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10736| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10737| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10738| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10739| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10740| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10741| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10742| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10743| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10744| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10745| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10746| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10747| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10748| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10749| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10750| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10751| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10752| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10753| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10754| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10755| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10756| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10757| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10758| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10759| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10760| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10761| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10762| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10763| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10764| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10765| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10766| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10767| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10768| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10769| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10770| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10771| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10772| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10773| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10774| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10775| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10776| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10777| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10778| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10779| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10780| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10781| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10782| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10783| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10784| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10785| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10786| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10787| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10788| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10789| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10790| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10791| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10792| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10793| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10794| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10795| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10796| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10797| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10798| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10799| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10800| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10801| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10802| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10803| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10804| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10805| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10806| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10807| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10808| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10809| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10810| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10811| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10812| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10813| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10814| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10815| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10816| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10817| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10818| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10819| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10820| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10821| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10822| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10823| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10824| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10825| [100447] Apache2Triad Multiple Security Vulnerabilities
10826| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10827| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10828| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10829| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10830| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10831| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10832| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10833| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10834| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10835| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10836| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10837| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10838| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10839| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10840| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10841| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10842| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10843| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10844| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10845| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10846| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10847| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10848| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10849| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10850| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10851| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10852| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10853| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10854| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10855| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10856| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10857| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10858| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10859| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10860| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10861| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10862| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10863| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10864| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10865| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10866| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10867| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10868| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10869| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10870| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10871| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10872| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10873| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10874| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10875| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10876| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10877| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10878| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10879| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10880| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10881| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10882| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10883| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10884| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10885| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10886| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10887| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10888| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10889| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10890| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10891| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10892| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10893| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10894| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10895| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10896| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10897| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10898| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10899| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10900| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10901| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10902| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10903| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10904| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10905| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10906| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10907| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10908| [95675] Apache Struts Remote Code Execution Vulnerability
10909| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10910| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10911| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10912| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10913| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10914| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10915| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10916| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10917| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10918| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10919| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10920| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10921| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10922| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10923| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10924| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10925| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10926| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10927| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10928| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10929| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10930| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10931| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10932| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10933| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10934| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10935| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10936| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10937| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10938| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10939| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10940| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10941| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10942| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10943| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10944| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10945| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10946| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10947| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10948| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10949| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10950| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10951| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10952| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10953| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10954| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10955| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10956| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10957| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10958| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10959| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10960| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10961| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10962| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10963| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10964| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10965| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10966| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10967| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10968| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10969| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10970| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10971| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10972| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10973| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10974| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10975| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10976| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10977| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10978| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10979| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10980| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10981| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10982| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10983| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10984| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10985| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10986| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10987| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10988| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10989| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10990| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10991| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10992| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10993| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10994| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10995| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10996| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10997| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10998| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10999| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11000| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11001| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11002| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11003| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11004| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11005| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11006| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11007| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11008| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11009| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11010| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11011| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11012| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11013| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11014| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11015| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11016| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11017| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11018| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11019| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11020| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11021| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11022| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11023| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11024| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11025| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11026| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11027| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11028| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11029| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11030| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11031| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11032| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11033| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11034| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11035| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11036| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11037| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11038| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11039| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11040| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11041| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11042| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11043| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11044| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11045| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11046| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11047| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11048| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11049| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11050| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11051| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11052| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11053| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11054| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11055| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11056| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11057| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11058| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11059| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11060| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11061| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11062| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11063| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11064| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11065| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11066| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11067| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11068| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11069| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11070| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11071| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11072| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11073| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11074| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11075| [76933] Apache James Server Unspecified Command Execution Vulnerability
11076| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11077| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11078| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11079| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11080| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11081| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11082| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11083| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11084| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11085| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11086| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11087| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11088| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11089| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11090| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11091| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11092| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11093| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11094| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11095| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11096| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11097| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11098| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11099| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11100| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11101| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11102| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11103| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11104| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11105| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11106| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11107| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11108| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11109| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11110| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11111| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11112| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11113| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11114| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11115| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11116| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11117| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11118| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11119| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11120| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11121| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11122| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11123| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11124| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11125| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11126| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11127| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11128| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11129| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11130| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11131| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11132| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11133| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11134| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11135| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11136| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11137| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11138| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11139| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11140| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11141| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11142| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11143| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11144| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11145| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11146| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11147| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11148| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11149| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11150| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11151| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11152| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11153| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11154| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11155| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11156| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11157| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11158| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11159| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11160| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11161| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11162| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11163| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11164| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11165| [68229] Apache Harmony PRNG Entropy Weakness
11166| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11167| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11168| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11169| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11170| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11171| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11172| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11173| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11174| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11175| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11176| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11177| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11178| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11179| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11180| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11181| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11182| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11183| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11184| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11185| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11186| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11187| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11188| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11189| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11190| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11191| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11192| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11193| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11194| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11195| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11196| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11197| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11198| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11199| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11200| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11201| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11202| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11203| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11204| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11205| [64780] Apache CloudStack Unauthorized Access Vulnerability
11206| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11207| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11208| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11209| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11210| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11211| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11212| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11213| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11214| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11215| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11216| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11217| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11218| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11219| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11220| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11221| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11222| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11223| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11224| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11225| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11226| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11227| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11228| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11229| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11230| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11231| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11232| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11233| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11234| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11235| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11236| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11237| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11238| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11239| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11240| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11241| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11242| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11243| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11244| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11245| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11246| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11247| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11248| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11249| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11250| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11251| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11252| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11253| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11254| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11255| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11256| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11257| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11258| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11259| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11260| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11261| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11262| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11263| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11264| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11265| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11266| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11267| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11268| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11269| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11270| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11271| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11272| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11273| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11274| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11275| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11276| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11277| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11278| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11279| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11280| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11281| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11282| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11283| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11284| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11285| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11286| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11287| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11288| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11289| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11290| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11291| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11292| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11293| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11294| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11295| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11296| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11297| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11298| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11299| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11300| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11301| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11302| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11303| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11304| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11305| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11306| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11307| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11308| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11309| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11310| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11311| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11312| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11313| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11314| [54798] Apache Libcloud Man In The Middle Vulnerability
11315| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11316| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11317| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11318| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11319| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11320| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11321| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11322| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11323| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11324| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11325| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11326| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11327| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11328| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11329| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11330| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11331| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11332| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11333| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11334| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11335| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11336| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11337| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11338| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11339| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11340| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11341| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11342| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11343| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11344| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11345| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11346| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11347| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11348| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11349| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11350| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11351| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11352| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11353| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11354| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11355| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11356| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11357| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11358| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11359| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11360| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11361| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11362| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11363| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11364| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11365| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11366| [49290] Apache Wicket Cross Site Scripting Vulnerability
11367| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11368| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11369| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11370| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11371| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11372| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11373| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11374| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11375| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11376| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11377| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11378| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11379| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11380| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11381| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11382| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11383| [46953] Apache MPM-ITK Module Security Weakness
11384| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11385| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11386| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11387| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11388| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11389| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11390| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11391| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11392| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11393| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11394| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11395| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11396| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11397| [44616] Apache Shiro Directory Traversal Vulnerability
11398| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11399| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11400| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11401| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11402| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11403| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11404| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11405| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11406| [42492] Apache CXF XML DTD Processing Security Vulnerability
11407| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11408| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11409| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11410| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11411| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11412| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11413| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11414| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11415| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11416| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11417| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11418| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11419| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11420| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11421| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11422| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11423| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11424| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11425| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11426| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11427| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11428| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11429| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11430| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11431| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11432| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11433| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11434| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11435| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11436| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11437| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11438| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11439| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11440| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11441| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11442| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11443| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11444| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11445| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11446| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11447| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11448| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11449| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11450| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11451| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11452| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11453| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11454| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11455| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11456| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11457| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11458| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11459| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11460| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11461| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11462| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11463| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11464| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11465| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11466| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11467| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11468| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11469| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11470| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11471| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11472| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11473| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11474| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11475| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11476| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11477| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11478| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11479| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11480| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11481| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11482| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11483| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11484| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11485| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11486| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11487| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11488| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11489| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11490| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11491| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11492| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11493| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11494| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11495| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11496| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11497| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11498| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11499| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11500| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11501| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11502| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11503| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11504| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11505| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11506| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11507| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11508| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11509| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11510| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11511| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11512| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11513| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11514| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11515| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11516| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11517| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11518| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11519| [20527] Apache Mod_TCL Remote Format String Vulnerability
11520| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11521| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11522| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11523| [19106] Apache Tomcat Information Disclosure Vulnerability
11524| [18138] Apache James SMTP Denial Of Service Vulnerability
11525| [17342] Apache Struts Multiple Remote Vulnerabilities
11526| [17095] Apache Log4Net Denial Of Service Vulnerability
11527| [16916] Apache mod_python FileSession Code Execution Vulnerability
11528| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11529| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11530| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11531| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11532| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11533| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11534| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11535| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11536| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11537| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11538| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11539| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11540| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11541| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11542| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11543| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11544| [14106] Apache HTTP Request Smuggling Vulnerability
11545| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11546| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11547| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11548| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11549| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11550| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11551| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11552| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11553| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11554| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11555| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11556| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11557| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11558| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11559| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11560| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11561| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11562| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11563| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11564| [11094] Apache mod_ssl Denial Of Service Vulnerability
11565| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11566| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11567| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11568| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11569| [10478] ClueCentral Apache Suexec Patch Security Weakness
11570| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11571| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11572| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11573| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11574| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11575| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11576| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11577| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11578| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11579| [9733] Apache Cygwin Directory Traversal Vulnerability
11580| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11581| [9590] Apache-SSL Client Certificate Forging Vulnerability
11582| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11583| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11584| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11585| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11586| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11587| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11588| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11589| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11590| [8898] Red Hat Apache Directory Index Default Configuration Error
11591| [8883] Apache Cocoon Directory Traversal Vulnerability
11592| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11593| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11594| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11595| [8707] Apache htpasswd Password Entropy Weakness
11596| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11597| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11598| [8226] Apache HTTP Server Multiple Vulnerabilities
11599| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11600| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11601| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11602| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11603| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11604| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11605| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11606| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11607| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11608| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11609| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11610| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11611| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11612| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11613| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11614| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11615| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11616| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11617| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11618| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11619| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11620| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11621| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11622| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11623| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11624| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11625| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11626| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11627| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11628| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11629| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11630| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11631| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11632| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11633| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11634| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11635| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11636| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11637| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11638| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11639| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11640| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11641| [5485] Apache 2.0 Path Disclosure Vulnerability
11642| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11643| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11644| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11645| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11646| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11647| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11648| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11649| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11650| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11651| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11652| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11653| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11654| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11655| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11656| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11657| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11658| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11659| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11660| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11661| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11662| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11663| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11664| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11665| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11666| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11667| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11668| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11669| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11670| [3596] Apache Split-Logfile File Append Vulnerability
11671| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11672| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11673| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11674| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11675| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11676| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11677| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11678| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11679| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11680| [3169] Apache Server Address Disclosure Vulnerability
11681| [3009] Apache Possible Directory Index Disclosure Vulnerability
11682| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11683| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11684| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11685| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11686| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11687| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11688| [2216] Apache Web Server DoS Vulnerability
11689| [2182] Apache /tmp File Race Vulnerability
11690| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11691| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11692| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11693| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11694| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11695| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11696| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11697| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11698| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11699| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11700| [1457] Apache::ASP source.asp Example Script Vulnerability
11701| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11702| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11703|
11704| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11705| [86258] Apache CloudStack text fields cross-site scripting
11706| [85983] Apache Subversion mod_dav_svn module denial of service
11707| [85875] Apache OFBiz UEL code execution
11708| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11709| [85871] Apache HTTP Server mod_session_dbd unspecified
11710| [85756] Apache Struts OGNL expression command execution
11711| [85755] Apache Struts DefaultActionMapper class open redirect
11712| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11713| [85574] Apache HTTP Server mod_dav denial of service
11714| [85573] Apache Struts Showcase App OGNL code execution
11715| [85496] Apache CXF denial of service
11716| [85423] Apache Geronimo RMI classloader code execution
11717| [85326] Apache Santuario XML Security for C++ buffer overflow
11718| [85323] Apache Santuario XML Security for Java spoofing
11719| [85319] Apache Qpid Python client SSL spoofing
11720| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11721| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11722| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11723| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11724| [84952] Apache Tomcat CVE-2012-3544 denial of service
11725| [84763] Apache Struts CVE-2013-2135 security bypass
11726| [84762] Apache Struts CVE-2013-2134 security bypass
11727| [84719] Apache Subversion CVE-2013-2088 command execution
11728| [84718] Apache Subversion CVE-2013-2112 denial of service
11729| [84717] Apache Subversion CVE-2013-1968 denial of service
11730| [84577] Apache Tomcat security bypass
11731| [84576] Apache Tomcat symlink
11732| [84543] Apache Struts CVE-2013-2115 security bypass
11733| [84542] Apache Struts CVE-2013-1966 security bypass
11734| [84154] Apache Tomcat session hijacking
11735| [84144] Apache Tomcat denial of service
11736| [84143] Apache Tomcat information disclosure
11737| [84111] Apache HTTP Server command execution
11738| [84043] Apache Virtual Computing Lab cross-site scripting
11739| [84042] Apache Virtual Computing Lab cross-site scripting
11740| [83782] Apache CloudStack information disclosure
11741| [83781] Apache CloudStack security bypass
11742| [83720] Apache ActiveMQ cross-site scripting
11743| [83719] Apache ActiveMQ denial of service
11744| [83718] Apache ActiveMQ denial of service
11745| [83263] Apache Subversion denial of service
11746| [83262] Apache Subversion denial of service
11747| [83261] Apache Subversion denial of service
11748| [83259] Apache Subversion denial of service
11749| [83035] Apache mod_ruid2 security bypass
11750| [82852] Apache Qpid federation_tag security bypass
11751| [82851] Apache Qpid qpid::framing::Buffer denial of service
11752| [82758] Apache Rave User RPC API information disclosure
11753| [82663] Apache Subversion svn_fs_file_length() denial of service
11754| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11755| [82641] Apache Qpid AMQP denial of service
11756| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11757| [82618] Apache Commons FileUpload symlink
11758| [82360] Apache HTTP Server manager interface cross-site scripting
11759| [82359] Apache HTTP Server hostnames cross-site scripting
11760| [82338] Apache Tomcat log/logdir information disclosure
11761| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11762| [82268] Apache OpenJPA deserialization command execution
11763| [81981] Apache CXF UsernameTokens security bypass
11764| [81980] Apache CXF WS-Security security bypass
11765| [81398] Apache OFBiz cross-site scripting
11766| [81240] Apache CouchDB directory traversal
11767| [81226] Apache CouchDB JSONP code execution
11768| [81225] Apache CouchDB Futon user interface cross-site scripting
11769| [81211] Apache Axis2/C SSL spoofing
11770| [81167] Apache CloudStack DeployVM information disclosure
11771| [81166] Apache CloudStack AddHost API information disclosure
11772| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11773| [80518] Apache Tomcat cross-site request forgery security bypass
11774| [80517] Apache Tomcat FormAuthenticator security bypass
11775| [80516] Apache Tomcat NIO denial of service
11776| [80408] Apache Tomcat replay-countermeasure security bypass
11777| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11778| [80317] Apache Tomcat slowloris denial of service
11779| [79984] Apache Commons HttpClient SSL spoofing
11780| [79983] Apache CXF SSL spoofing
11781| [79830] Apache Axis2/Java SSL spoofing
11782| [79829] Apache Axis SSL spoofing
11783| [79809] Apache Tomcat DIGEST security bypass
11784| [79806] Apache Tomcat parseHeaders() denial of service
11785| [79540] Apache OFBiz unspecified
11786| [79487] Apache Axis2 SAML security bypass
11787| [79212] Apache Cloudstack code execution
11788| [78734] Apache CXF SOAP Action security bypass
11789| [78730] Apache Qpid broker denial of service
11790| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11791| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11792| [78562] Apache mod_pagespeed module security bypass
11793| [78454] Apache Axis2 security bypass
11794| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11795| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11796| [78321] Apache Wicket unspecified cross-site scripting
11797| [78183] Apache Struts parameters denial of service
11798| [78182] Apache Struts cross-site request forgery
11799| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11800| [77987] mod_rpaf module for Apache denial of service
11801| [77958] Apache Struts skill name code execution
11802| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11803| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11804| [77568] Apache Qpid broker security bypass
11805| [77421] Apache Libcloud spoofing
11806| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11807| [77046] Oracle Solaris Apache HTTP Server information disclosure
11808| [76837] Apache Hadoop information disclosure
11809| [76802] Apache Sling CopyFrom denial of service
11810| [76692] Apache Hadoop symlink
11811| [76535] Apache Roller console cross-site request forgery
11812| [76534] Apache Roller weblog cross-site scripting
11813| [76152] Apache CXF elements security bypass
11814| [76151] Apache CXF child policies security bypass
11815| [75983] MapServer for Windows Apache file include
11816| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11817| [75558] Apache POI denial of service
11818| [75545] PHP apache_request_headers() buffer overflow
11819| [75302] Apache Qpid SASL security bypass
11820| [75211] Debian GNU/Linux apache 2 cross-site scripting
11821| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11822| [74871] Apache OFBiz FlexibleStringExpander code execution
11823| [74870] Apache OFBiz multiple cross-site scripting
11824| [74750] Apache Hadoop unspecified spoofing
11825| [74319] Apache Struts XSLTResult.java file upload
11826| [74313] Apache Traffic Server header buffer overflow
11827| [74276] Apache Wicket directory traversal
11828| [74273] Apache Wicket unspecified cross-site scripting
11829| [74181] Apache HTTP Server mod_fcgid module denial of service
11830| [73690] Apache Struts OGNL code execution
11831| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11832| [73100] Apache MyFaces in directory traversal
11833| [73096] Apache APR hash denial of service
11834| [73052] Apache Struts name cross-site scripting
11835| [73030] Apache CXF UsernameToken security bypass
11836| [72888] Apache Struts lastName cross-site scripting
11837| [72758] Apache HTTP Server httpOnly information disclosure
11838| [72757] Apache HTTP Server MPM denial of service
11839| [72585] Apache Struts ParameterInterceptor security bypass
11840| [72438] Apache Tomcat Digest security bypass
11841| [72437] Apache Tomcat Digest security bypass
11842| [72436] Apache Tomcat DIGEST security bypass
11843| [72425] Apache Tomcat parameter denial of service
11844| [72422] Apache Tomcat request object information disclosure
11845| [72377] Apache HTTP Server scoreboard security bypass
11846| [72345] Apache HTTP Server HTTP request denial of service
11847| [72229] Apache Struts ExceptionDelegator command execution
11848| [72089] Apache Struts ParameterInterceptor directory traversal
11849| [72088] Apache Struts CookieInterceptor command execution
11850| [72047] Apache Geronimo hash denial of service
11851| [72016] Apache Tomcat hash denial of service
11852| [71711] Apache Struts OGNL expression code execution
11853| [71654] Apache Struts interfaces security bypass
11854| [71620] Apache ActiveMQ failover denial of service
11855| [71617] Apache HTTP Server mod_proxy module information disclosure
11856| [71508] Apache MyFaces EL security bypass
11857| [71445] Apache HTTP Server mod_proxy security bypass
11858| [71203] Apache Tomcat servlets privilege escalation
11859| [71181] Apache HTTP Server ap_pregsub() denial of service
11860| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11861| [70336] Apache HTTP Server mod_proxy information disclosure
11862| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11863| [69472] Apache Tomcat AJP security bypass
11864| [69396] Apache HTTP Server ByteRange filter denial of service
11865| [69394] Apache Wicket multi window support cross-site scripting
11866| [69176] Apache Tomcat XML information disclosure
11867| [69161] Apache Tomcat jsvc information disclosure
11868| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11869| [68541] Apache Tomcat sendfile information disclosure
11870| [68420] Apache XML Security denial of service
11871| [68238] Apache Tomcat JMX information disclosure
11872| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11873| [67804] Apache Subversion control rules information disclosure
11874| [67803] Apache Subversion control rules denial of service
11875| [67802] Apache Subversion baselined denial of service
11876| [67672] Apache Archiva multiple cross-site scripting
11877| [67671] Apache Archiva multiple cross-site request forgery
11878| [67564] Apache APR apr_fnmatch() denial of service
11879| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11880| [67515] Apache Tomcat annotations security bypass
11881| [67480] Apache Struts s:submit information disclosure
11882| [67414] Apache APR apr_fnmatch() denial of service
11883| [67356] Apache Struts javatemplates cross-site scripting
11884| [67354] Apache Struts Xwork cross-site scripting
11885| [66676] Apache Tomcat HTTP BIO information disclosure
11886| [66675] Apache Tomcat web.xml security bypass
11887| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11888| [66241] Apache HttpComponents information disclosure
11889| [66154] Apache Tomcat ServletSecurity security bypass
11890| [65971] Apache Tomcat ServletSecurity security bypass
11891| [65876] Apache Subversion mod_dav_svn denial of service
11892| [65343] Apache Continuum unspecified cross-site scripting
11893| [65162] Apache Tomcat NIO connector denial of service
11894| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11895| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11896| [65159] Apache Tomcat ServletContect security bypass
11897| [65050] Apache CouchDB web-based administration UI cross-site scripting
11898| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11899| [64473] Apache Subversion blame -g denial of service
11900| [64472] Apache Subversion walk() denial of service
11901| [64407] Apache Axis2 CVE-2010-0219 code execution
11902| [63926] Apache Archiva password privilege escalation
11903| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11904| [63493] Apache Archiva credentials cross-site request forgery
11905| [63477] Apache Tomcat HttpOnly session hijacking
11906| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11907| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11908| [62959] Apache Shiro filters security bypass
11909| [62790] Apache Perl cgi module denial of service
11910| [62576] Apache Qpid exchange denial of service
11911| [62575] Apache Qpid AMQP denial of service
11912| [62354] Apache Qpid SSL denial of service
11913| [62235] Apache APR-util apr_brigade_split_line() denial of service
11914| [62181] Apache XML-RPC SAX Parser information disclosure
11915| [61721] Apache Traffic Server cache poisoning
11916| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11917| [61186] Apache CouchDB Futon cross-site request forgery
11918| [61169] Apache CXF DTD denial of service
11919| [61070] Apache Jackrabbit search.jsp SQL injection
11920| [61006] Apache SLMS Quoting cross-site request forgery
11921| [60962] Apache Tomcat time cross-site scripting
11922| [60883] Apache mod_proxy_http information disclosure
11923| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11924| [60264] Apache Tomcat Transfer-Encoding denial of service
11925| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11926| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11927| [59413] Apache mod_proxy_http timeout information disclosure
11928| [59058] Apache MyFaces unencrypted view state cross-site scripting
11929| [58827] Apache Axis2 xsd file include
11930| [58790] Apache Axis2 modules cross-site scripting
11931| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11932| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11933| [58056] Apache ActiveMQ .jsp source code disclosure
11934| [58055] Apache Tomcat realm name information disclosure
11935| [58046] Apache HTTP Server mod_auth_shadow security bypass
11936| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11937| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11938| [57429] Apache CouchDB algorithms information disclosure
11939| [57398] Apache ActiveMQ Web console cross-site request forgery
11940| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11941| [56653] Apache HTTP Server DNS spoofing
11942| [56652] Apache HTTP Server DNS cross-site scripting
11943| [56625] Apache HTTP Server request header information disclosure
11944| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11945| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11946| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11947| [55857] Apache Tomcat WAR files directory traversal
11948| [55856] Apache Tomcat autoDeploy attribute security bypass
11949| [55855] Apache Tomcat WAR directory traversal
11950| [55210] Intuit component for Joomla! Apache information disclosure
11951| [54533] Apache Tomcat 404 error page cross-site scripting
11952| [54182] Apache Tomcat admin default password
11953| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11954| [53666] Apache HTTP Server Solaris pollset support denial of service
11955| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11956| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11957| [53041] mod_proxy_ftp module for Apache denial of service
11958| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11959| [51953] Apache Tomcat Path Disclosure
11960| [51952] Apache Tomcat Path Traversal
11961| [51951] Apache stronghold-status Information Disclosure
11962| [51950] Apache stronghold-info Information Disclosure
11963| [51949] Apache PHP Source Code Disclosure
11964| [51948] Apache Multiviews Attack
11965| [51946] Apache JServ Environment Status Information Disclosure
11966| [51945] Apache error_log Information Disclosure
11967| [51944] Apache Default Installation Page Pattern Found
11968| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11969| [51942] Apache AXIS XML External Entity File Retrieval
11970| [51941] Apache AXIS Sample Servlet Information Leak
11971| [51940] Apache access_log Information Disclosure
11972| [51626] Apache mod_deflate denial of service
11973| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11974| [51365] Apache Tomcat RequestDispatcher security bypass
11975| [51273] Apache HTTP Server Incomplete Request denial of service
11976| [51195] Apache Tomcat XML information disclosure
11977| [50994] Apache APR-util xml/apr_xml.c denial of service
11978| [50993] Apache APR-util apr_brigade_vprintf denial of service
11979| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11980| [50930] Apache Tomcat j_security_check information disclosure
11981| [50928] Apache Tomcat AJP denial of service
11982| [50884] Apache HTTP Server XML ENTITY denial of service
11983| [50808] Apache HTTP Server AllowOverride privilege escalation
11984| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11985| [50059] Apache mod_proxy_ajp information disclosure
11986| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11987| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11988| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11989| [49921] Apache ActiveMQ Web interface cross-site scripting
11990| [49898] Apache Geronimo Services/Repository directory traversal
11991| [49725] Apache Tomcat mod_jk module information disclosure
11992| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11993| [49712] Apache Struts unspecified cross-site scripting
11994| [49213] Apache Tomcat cal2.jsp cross-site scripting
11995| [48934] Apache Tomcat POST doRead method information disclosure
11996| [48211] Apache Tomcat header HTTP request smuggling
11997| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11998| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11999| [47709] Apache Roller "
12000| [47104] Novell Netware ApacheAdmin console security bypass
12001| [47086] Apache HTTP Server OS fingerprinting unspecified
12002| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12003| [45791] Apache Tomcat RemoteFilterValve security bypass
12004| [44435] Oracle WebLogic Apache Connector buffer overflow
12005| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12006| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12007| [44156] Apache Tomcat RequestDispatcher directory traversal
12008| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12009| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12010| [42987] Apache HTTP Server mod_proxy module denial of service
12011| [42915] Apache Tomcat JSP files path disclosure
12012| [42914] Apache Tomcat MS-DOS path disclosure
12013| [42892] Apache Tomcat unspecified unauthorized access
12014| [42816] Apache Tomcat Host Manager cross-site scripting
12015| [42303] Apache 403 error cross-site scripting
12016| [41618] Apache-SSL ExpandCert() authentication bypass
12017| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12018| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12019| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12020| [40562] Apache Geronimo init information disclosure
12021| [40478] Novell Web Manager webadmin-apache.conf security bypass
12022| [40411] Apache Tomcat exception handling information disclosure
12023| [40409] Apache Tomcat native (APR based) connector weak security
12024| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12025| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12026| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12027| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12028| [39804] Apache Tomcat SingleSignOn information disclosure
12029| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12030| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12031| [39608] Apache HTTP Server balancer manager cross-site request forgery
12032| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12033| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12034| [39472] Apache HTTP Server mod_status cross-site scripting
12035| [39201] Apache Tomcat JULI logging weak security
12036| [39158] Apache HTTP Server Windows SMB shares information disclosure
12037| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12038| [38951] Apache::AuthCAS Perl module cookie SQL injection
12039| [38800] Apache HTTP Server 413 error page cross-site scripting
12040| [38211] Apache Geronimo SQLLoginModule authentication bypass
12041| [37243] Apache Tomcat WebDAV directory traversal
12042| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12043| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12044| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12045| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12046| [36782] Apache Geronimo MEJB unauthorized access
12047| [36586] Apache HTTP Server UTF-7 cross-site scripting
12048| [36468] Apache Geronimo LoginModule security bypass
12049| [36467] Apache Tomcat functions.jsp cross-site scripting
12050| [36402] Apache Tomcat calendar cross-site request forgery
12051| [36354] Apache HTTP Server mod_proxy module denial of service
12052| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12053| [36336] Apache Derby lock table privilege escalation
12054| [36335] Apache Derby schema privilege escalation
12055| [36006] Apache Tomcat "
12056| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12057| [35999] Apache Tomcat \"
12058| [35795] Apache Tomcat CookieExample cross-site scripting
12059| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12060| [35384] Apache HTTP Server mod_cache module denial of service
12061| [35097] Apache HTTP Server mod_status module cross-site scripting
12062| [35095] Apache HTTP Server Prefork MPM module denial of service
12063| [34984] Apache HTTP Server recall_headers information disclosure
12064| [34966] Apache HTTP Server MPM content spoofing
12065| [34965] Apache HTTP Server MPM information disclosure
12066| [34963] Apache HTTP Server MPM multiple denial of service
12067| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12068| [34869] Apache Tomcat JSP example Web application cross-site scripting
12069| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12070| [34496] Apache Tomcat JK Connector security bypass
12071| [34377] Apache Tomcat hello.jsp cross-site scripting
12072| [34212] Apache Tomcat SSL configuration security bypass
12073| [34210] Apache Tomcat Accept-Language cross-site scripting
12074| [34209] Apache Tomcat calendar application cross-site scripting
12075| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12076| [34167] Apache Axis WSDL file path disclosure
12077| [34068] Apache Tomcat AJP connector information disclosure
12078| [33584] Apache HTTP Server suEXEC privilege escalation
12079| [32988] Apache Tomcat proxy module directory traversal
12080| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12081| [32708] Debian Apache tty privilege escalation
12082| [32441] ApacheStats extract() PHP call unspecified
12083| [32128] Apache Tomcat default account
12084| [31680] Apache Tomcat RequestParamExample cross-site scripting
12085| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12086| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12087| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12088| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12089| [29550] Apache mod_tcl set_var() format string
12090| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12091| [28357] Apache HTTP Server mod_alias script source information disclosure
12092| [28063] Apache mod_rewrite off-by-one buffer overflow
12093| [27902] Apache Tomcat URL information disclosure
12094| [26786] Apache James SMTP server denial of service
12095| [25680] libapache2 /tmp/svn file upload
12096| [25614] Apache Struts lookupMap cross-site scripting
12097| [25613] Apache Struts ActionForm denial of service
12098| [25612] Apache Struts isCancelled() security bypass
12099| [24965] Apache mod_python FileSession command execution
12100| [24716] Apache James spooler memory leak denial of service
12101| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12102| [24158] Apache Geronimo jsp-examples cross-site scripting
12103| [24030] Apache auth_ldap module multiple format strings
12104| [24008] Apache mod_ssl custom error message denial of service
12105| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12106| [23612] Apache mod_imap referer field cross-site scripting
12107| [23173] Apache Struts error message cross-site scripting
12108| [22942] Apache Tomcat directory listing denial of service
12109| [22858] Apache Multi-Processing Module code allows denial of service
12110| [22602] RHSA-2005:582 updates for Apache httpd not installed
12111| [22520] Apache mod-auth-shadow "
12112| [22466] ApacheTop symlink
12113| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12114| [22006] Apache HTTP Server byte-range filter denial of service
12115| [21567] Apache mod_ssl off-by-one buffer overflow
12116| [21195] Apache HTTP Server header HTTP request smuggling
12117| [20383] Apache HTTP Server htdigest buffer overflow
12118| [19681] Apache Tomcat AJP12 request denial of service
12119| [18993] Apache HTTP server check_forensic symlink attack
12120| [18790] Apache Tomcat Manager cross-site scripting
12121| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12122| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12123| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12124| [17961] Apache Web server ServerTokens has not been set
12125| [17930] Apache HTTP Server HTTP GET request denial of service
12126| [17785] Apache mod_include module buffer overflow
12127| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12128| [17473] Apache HTTP Server Satisfy directive allows access to resources
12129| [17413] Apache htpasswd buffer overflow
12130| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12131| [17382] Apache HTTP Server IPv6 apr_util denial of service
12132| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12133| [17273] Apache HTTP Server speculative mode denial of service
12134| [17200] Apache HTTP Server mod_ssl denial of service
12135| [16890] Apache HTTP Server server-info request has been detected
12136| [16889] Apache HTTP Server server-status request has been detected
12137| [16705] Apache mod_ssl format string attack
12138| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12139| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12140| [16230] Apache HTTP Server PHP denial of service
12141| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12142| [15958] Apache HTTP Server authentication modules memory corruption
12143| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12144| [15540] Apache HTTP Server socket starvation denial of service
12145| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12146| [15422] Apache HTTP Server mod_access information disclosure
12147| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12148| [15293] Apache for Cygwin "
12149| [15065] Apache-SSL has a default password
12150| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12151| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12152| [14751] Apache Mod_python output filter information disclosure
12153| [14125] Apache HTTP Server mod_userdir module information disclosure
12154| [14075] Apache HTTP Server mod_php file descriptor leak
12155| [13703] Apache HTTP Server account
12156| [13689] Apache HTTP Server configuration allows symlinks
12157| [13688] Apache HTTP Server configuration allows SSI
12158| [13687] Apache HTTP Server Server: header value
12159| [13685] Apache HTTP Server ServerTokens value
12160| [13684] Apache HTTP Server ServerSignature value
12161| [13672] Apache HTTP Server config allows directory autoindexing
12162| [13671] Apache HTTP Server default content
12163| [13670] Apache HTTP Server config file directive references outside content root
12164| [13668] Apache HTTP Server httpd not running in chroot environment
12165| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12166| [13664] Apache HTTP Server config file contains ScriptAlias entry
12167| [13663] Apache HTTP Server CGI support modules loaded
12168| [13661] Apache HTTP Server config file contains AddHandler entry
12169| [13660] Apache HTTP Server 500 error page not CGI script
12170| [13659] Apache HTTP Server 413 error page not CGI script
12171| [13658] Apache HTTP Server 403 error page not CGI script
12172| [13657] Apache HTTP Server 401 error page not CGI script
12173| [13552] Apache HTTP Server mod_cgid module information disclosure
12174| [13550] Apache GET request directory traversal
12175| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12176| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12177| [13429] Apache Tomcat non-HTTP request denial of service
12178| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12179| [13295] Apache weak password encryption
12180| [13254] Apache Tomcat .jsp cross-site scripting
12181| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12182| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12183| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12184| [12662] Apache HTTP Server rotatelogs denial of service
12185| [12554] Apache Tomcat stores password in plain text
12186| [12553] Apache HTTP Server redirects and subrequests denial of service
12187| [12552] Apache HTTP Server FTP proxy server denial of service
12188| [12551] Apache HTTP Server prefork MPM denial of service
12189| [12550] Apache HTTP Server weaker than expected encryption
12190| [12549] Apache HTTP Server type-map file denial of service
12191| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12192| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12193| [12091] Apache HTTP Server apr_password_validate denial of service
12194| [12090] Apache HTTP Server apr_psprintf code execution
12195| [11804] Apache HTTP Server mod_access_referer denial of service
12196| [11750] Apache HTTP Server could leak sensitive file descriptors
12197| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12198| [11703] Apache long slash path allows directory listing
12199| [11695] Apache HTTP Server LF (Line Feed) denial of service
12200| [11694] Apache HTTP Server filestat.c denial of service
12201| [11438] Apache HTTP Server MIME message boundaries information disclosure
12202| [11412] Apache HTTP Server error log terminal escape sequence injection
12203| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12204| [11195] Apache Tomcat web.xml could be used to read files
12205| [11194] Apache Tomcat URL appended with a null character could list directories
12206| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12207| [11126] Apache HTTP Server illegal character file disclosure
12208| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12209| [11124] Apache HTTP Server DOS device name denial of service
12210| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12211| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12212| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12213| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12214| [10499] Apache HTTP Server WebDAV HTTP POST view source
12215| [10457] Apache HTTP Server mod_ssl "
12216| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12217| [10414] Apache HTTP Server htdigest multiple buffer overflows
12218| [10413] Apache HTTP Server htdigest temporary file race condition
12219| [10412] Apache HTTP Server htpasswd temporary file race condition
12220| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12221| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12222| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12223| [10280] Apache HTTP Server shared memory scorecard overwrite
12224| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12225| [10241] Apache HTTP Server Host: header cross-site scripting
12226| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12227| [10208] Apache HTTP Server mod_dav denial of service
12228| [10206] HP VVOS Apache mod_ssl denial of service
12229| [10200] Apache HTTP Server stderr denial of service
12230| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12231| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12232| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12233| [10098] Slapper worm targets OpenSSL/Apache systems
12234| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12235| [9875] Apache HTTP Server .var file request could disclose installation path
12236| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12237| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12238| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12239| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12240| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12241| [9396] Apache Tomcat null character to threads denial of service
12242| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12243| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12244| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12245| [8932] Apache Tomcat example class information disclosure
12246| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12247| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12248| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12249| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12250| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12251| [8400] Apache HTTP Server mod_frontpage buffer overflows
12252| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12253| [8308] Apache "
12254| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12255| [8119] Apache and PHP OPTIONS request reveals "
12256| [8054] Apache is running on the system
12257| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12258| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12259| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12260| [7836] Apache HTTP Server log directory denial of service
12261| [7815] Apache for Windows "
12262| [7810] Apache HTTP request could result in unexpected behavior
12263| [7599] Apache Tomcat reveals installation path
12264| [7494] Apache "
12265| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12266| [7363] Apache Web Server hidden HTTP requests
12267| [7249] Apache mod_proxy denial of service
12268| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12269| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12270| [7059] Apache "
12271| [7057] Apache "
12272| [7056] Apache "
12273| [7055] Apache "
12274| [7054] Apache "
12275| [6997] Apache Jakarta Tomcat error message may reveal information
12276| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12277| [6970] Apache crafted HTTP request could reveal the internal IP address
12278| [6921] Apache long slash path allows directory listing
12279| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12280| [6527] Apache Web Server for Windows and OS2 denial of service
12281| [6316] Apache Jakarta Tomcat may reveal JSP source code
12282| [6305] Apache Jakarta Tomcat directory traversal
12283| [5926] Linux Apache symbolic link
12284| [5659] Apache Web server discloses files when used with php script
12285| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12286| [5204] Apache WebDAV directory listings
12287| [5197] Apache Web server reveals CGI script source code
12288| [5160] Apache Jakarta Tomcat default installation
12289| [5099] Trustix Secure Linux installs Apache with world writable access
12290| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12291| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12292| [4931] Apache source.asp example file allows users to write to files
12293| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12294| [4205] Apache Jakarta Tomcat delivers file contents
12295| [2084] Apache on Debian by default serves the /usr/doc directory
12296| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12297| [697] Apache HTTP server beck exploit
12298| [331] Apache cookies buffer overflow
12299|
12300| Exploit-DB - https://www.exploit-db.com:
12301| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12302| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12303| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12304| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12305| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12306| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12307| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12308| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12309| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12310| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12311| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12312| [29859] Apache Roller OGNL Injection
12313| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12314| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12315| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12316| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12317| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12318| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12319| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12320| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12321| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12322| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12323| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12324| [27096] Apache Geronimo 1.0 Error Page XSS
12325| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12326| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12327| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12328| [25986] Plesk Apache Zeroday Remote Exploit
12329| [25980] Apache Struts includeParams Remote Code Execution
12330| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12331| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12332| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12333| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12334| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12335| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12336| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12337| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12338| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12339| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12340| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12341| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12342| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12343| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12344| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12345| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12346| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12347| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12348| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12349| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12350| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12351| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12352| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12353| [21719] Apache 2.0 Path Disclosure Vulnerability
12354| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12355| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12356| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12357| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12358| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12359| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12360| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12361| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12362| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12363| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12364| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12365| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12366| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12367| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12368| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12369| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12370| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12371| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12372| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12373| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12374| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12375| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12376| [20558] Apache 1.2 Web Server DoS Vulnerability
12377| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12378| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12379| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12380| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12381| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12382| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12383| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12384| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12385| [19231] PHP apache_request_headers Function Buffer Overflow
12386| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12387| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12388| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12389| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12390| [18442] Apache httpOnly Cookie Disclosure
12391| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12392| [18221] Apache HTTP Server Denial of Service
12393| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12394| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12395| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12396| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12397| [16782] Apache Win32 Chunked Encoding
12398| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12399| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12400| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12401| [15319] Apache 2.2 (Windows) Local Denial of Service
12402| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12403| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12404| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12405| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12406| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12407| [12330] Apache OFBiz - Multiple XSS
12408| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12409| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12410| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12411| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12412| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12413| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12414| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12415| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12416| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12417| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12418| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12419| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12420| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12421| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12422| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12423| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12424| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12425| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12426| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12427| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12428| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12429| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12430| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12431| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12432| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12433| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12434| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12435| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12436| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12437| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12438| [466] htpasswd Apache 1.3.31 - Local Exploit
12439| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12440| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12441| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12442| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12443| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12444| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12445| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12446| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12447| [9] Apache HTTP Server 2.x Memory Leak Exploit
12448|
12449| OpenVAS (Nessus) - http://www.openvas.org:
12450| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12451| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12452| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12453| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12454| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12455| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12456| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12457| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12458| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12459| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12460| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12461| [900571] Apache APR-Utils Version Detection
12462| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12463| [900496] Apache Tiles Multiple XSS Vulnerability
12464| [900493] Apache Tiles Version Detection
12465| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12466| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12467| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12468| [870175] RedHat Update for apache RHSA-2008:0004-01
12469| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12470| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12471| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12472| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12473| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12474| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12475| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12476| [855821] Solaris Update for Apache 1.3 122912-19
12477| [855812] Solaris Update for Apache 1.3 122911-19
12478| [855737] Solaris Update for Apache 1.3 122911-17
12479| [855731] Solaris Update for Apache 1.3 122912-17
12480| [855695] Solaris Update for Apache 1.3 122911-16
12481| [855645] Solaris Update for Apache 1.3 122912-16
12482| [855587] Solaris Update for kernel update and Apache 108529-29
12483| [855566] Solaris Update for Apache 116973-07
12484| [855531] Solaris Update for Apache 116974-07
12485| [855524] Solaris Update for Apache 2 120544-14
12486| [855494] Solaris Update for Apache 1.3 122911-15
12487| [855478] Solaris Update for Apache Security 114145-11
12488| [855472] Solaris Update for Apache Security 113146-12
12489| [855179] Solaris Update for Apache 1.3 122912-15
12490| [855147] Solaris Update for kernel update and Apache 108528-29
12491| [855077] Solaris Update for Apache 2 120543-14
12492| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12493| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12494| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12495| [841209] Ubuntu Update for apache2 USN-1627-1
12496| [840900] Ubuntu Update for apache2 USN-1368-1
12497| [840798] Ubuntu Update for apache2 USN-1259-1
12498| [840734] Ubuntu Update for apache2 USN-1199-1
12499| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12500| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12501| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12502| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12503| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12504| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12505| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12506| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12507| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12508| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12509| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12510| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12511| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12512| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12513| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12514| [835188] HP-UX Update for Apache HPSBUX02308
12515| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12516| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12517| [835172] HP-UX Update for Apache HPSBUX02365
12518| [835168] HP-UX Update for Apache HPSBUX02313
12519| [835148] HP-UX Update for Apache HPSBUX01064
12520| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12521| [835131] HP-UX Update for Apache HPSBUX00256
12522| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12523| [835104] HP-UX Update for Apache HPSBUX00224
12524| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12525| [835101] HP-UX Update for Apache HPSBUX01232
12526| [835080] HP-UX Update for Apache HPSBUX02273
12527| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12528| [835044] HP-UX Update for Apache HPSBUX01019
12529| [835040] HP-UX Update for Apache PHP HPSBUX00207
12530| [835025] HP-UX Update for Apache HPSBUX00197
12531| [835023] HP-UX Update for Apache HPSBUX01022
12532| [835022] HP-UX Update for Apache HPSBUX02292
12533| [835005] HP-UX Update for Apache HPSBUX02262
12534| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12535| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12536| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12537| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12538| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12539| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12540| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12541| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12542| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12543| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12544| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12545| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12546| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12547| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12548| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12549| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12550| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12551| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12552| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12553| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12554| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12555| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12556| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12557| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12558| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12559| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12560| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12561| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12562| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12563| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12564| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12565| [801942] Apache Archiva Multiple Vulnerabilities
12566| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12567| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12568| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12569| [801284] Apache Derby Information Disclosure Vulnerability
12570| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12571| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12572| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12573| [800680] Apache APR Version Detection
12574| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12575| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12576| [800677] Apache Roller Version Detection
12577| [800279] Apache mod_jk Module Version Detection
12578| [800278] Apache Struts Cross Site Scripting Vulnerability
12579| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12580| [800276] Apache Struts Version Detection
12581| [800271] Apache Struts Directory Traversal Vulnerability
12582| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12583| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12584| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12585| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12586| [103074] Apache Continuum Cross Site Scripting Vulnerability
12587| [103073] Apache Continuum Detection
12588| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12589| [101023] Apache Open For Business Weak Password security check
12590| [101020] Apache Open For Business HTML injection vulnerability
12591| [101019] Apache Open For Business service detection
12592| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12593| [100923] Apache Archiva Detection
12594| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12595| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12596| [100813] Apache Axis2 Detection
12597| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12598| [100795] Apache Derby Detection
12599| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12600| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12601| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12602| [100514] Apache Multiple Security Vulnerabilities
12603| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12604| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12605| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12606| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12607| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12608| [72612] FreeBSD Ports: apache22
12609| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12610| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12611| [71512] FreeBSD Ports: apache
12612| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12613| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12614| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12615| [70737] FreeBSD Ports: apache
12616| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12617| [70600] FreeBSD Ports: apache
12618| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12619| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12620| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12621| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12622| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12623| [67868] FreeBSD Ports: apache
12624| [66816] FreeBSD Ports: apache
12625| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12626| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12627| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12628| [66081] SLES11: Security update for Apache 2
12629| [66074] SLES10: Security update for Apache 2
12630| [66070] SLES9: Security update for Apache 2
12631| [65998] SLES10: Security update for apache2-mod_python
12632| [65893] SLES10: Security update for Apache 2
12633| [65888] SLES10: Security update for Apache 2
12634| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12635| [65510] SLES9: Security update for Apache 2
12636| [65472] SLES9: Security update for Apache
12637| [65467] SLES9: Security update for Apache
12638| [65450] SLES9: Security update for apache2
12639| [65390] SLES9: Security update for Apache2
12640| [65363] SLES9: Security update for Apache2
12641| [65309] SLES9: Security update for Apache and mod_ssl
12642| [65296] SLES9: Security update for webdav apache module
12643| [65283] SLES9: Security update for Apache2
12644| [65249] SLES9: Security update for Apache 2
12645| [65230] SLES9: Security update for Apache 2
12646| [65228] SLES9: Security update for Apache 2
12647| [65212] SLES9: Security update for apache2-mod_python
12648| [65209] SLES9: Security update for apache2-worker
12649| [65207] SLES9: Security update for Apache 2
12650| [65168] SLES9: Security update for apache2-mod_python
12651| [65142] SLES9: Security update for Apache2
12652| [65136] SLES9: Security update for Apache 2
12653| [65132] SLES9: Security update for apache
12654| [65131] SLES9: Security update for Apache 2 oes/CORE
12655| [65113] SLES9: Security update for apache2
12656| [65072] SLES9: Security update for apache and mod_ssl
12657| [65017] SLES9: Security update for Apache 2
12658| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12659| [64783] FreeBSD Ports: apache
12660| [64774] Ubuntu USN-802-2 (apache2)
12661| [64653] Ubuntu USN-813-2 (apache2)
12662| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12663| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12664| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12665| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12666| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12667| [64443] Ubuntu USN-802-1 (apache2)
12668| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12669| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12670| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12671| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12672| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12673| [64201] Ubuntu USN-787-1 (apache2)
12674| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12675| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12676| [63565] FreeBSD Ports: apache
12677| [63562] Ubuntu USN-731-1 (apache2)
12678| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12679| [61185] FreeBSD Ports: apache
12680| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12681| [60387] Slackware Advisory SSA:2008-045-02 apache
12682| [58826] FreeBSD Ports: apache-tomcat
12683| [58825] FreeBSD Ports: apache-tomcat
12684| [58804] FreeBSD Ports: apache
12685| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12686| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12687| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12688| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12689| [57335] Debian Security Advisory DSA 1167-1 (apache)
12690| [57201] Debian Security Advisory DSA 1131-1 (apache)
12691| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12692| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12693| [57145] FreeBSD Ports: apache
12694| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12695| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12696| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12697| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12698| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12699| [56067] FreeBSD Ports: apache
12700| [55803] Slackware Advisory SSA:2005-310-04 apache
12701| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12702| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12703| [55355] FreeBSD Ports: apache
12704| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12705| [55261] Debian Security Advisory DSA 805-1 (apache2)
12706| [55259] Debian Security Advisory DSA 803-1 (apache)
12707| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12708| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12709| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12710| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12711| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12712| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12713| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12714| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12715| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12716| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12717| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12718| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12719| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12720| [54439] FreeBSD Ports: apache
12721| [53931] Slackware Advisory SSA:2004-133-01 apache
12722| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12723| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12724| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12725| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12726| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12727| [53848] Debian Security Advisory DSA 131-1 (apache)
12728| [53784] Debian Security Advisory DSA 021-1 (apache)
12729| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12730| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12731| [53735] Debian Security Advisory DSA 187-1 (apache)
12732| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12733| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12734| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12735| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12736| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12737| [53282] Debian Security Advisory DSA 594-1 (apache)
12738| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12739| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12740| [53215] Debian Security Advisory DSA 525-1 (apache)
12741| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12742| [52529] FreeBSD Ports: apache+ssl
12743| [52501] FreeBSD Ports: apache
12744| [52461] FreeBSD Ports: apache
12745| [52390] FreeBSD Ports: apache
12746| [52389] FreeBSD Ports: apache
12747| [52388] FreeBSD Ports: apache
12748| [52383] FreeBSD Ports: apache
12749| [52339] FreeBSD Ports: apache+mod_ssl
12750| [52331] FreeBSD Ports: apache
12751| [52329] FreeBSD Ports: ru-apache+mod_ssl
12752| [52314] FreeBSD Ports: apache
12753| [52310] FreeBSD Ports: apache
12754| [15588] Detect Apache HTTPS
12755| [15555] Apache mod_proxy content-length buffer overflow
12756| [15554] Apache mod_include priviledge escalation
12757| [14771] Apache <= 1.3.33 htpasswd local overflow
12758| [14177] Apache mod_access rule bypass
12759| [13644] Apache mod_rootme Backdoor
12760| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12761| [12280] Apache Connection Blocking Denial of Service
12762| [12239] Apache Error Log Escape Sequence Injection
12763| [12123] Apache Tomcat source.jsp malformed request information disclosure
12764| [12085] Apache Tomcat servlet/JSP container default files
12765| [11438] Apache Tomcat Directory Listing and File disclosure
12766| [11204] Apache Tomcat Default Accounts
12767| [11092] Apache 2.0.39 Win32 directory traversal
12768| [11046] Apache Tomcat TroubleShooter Servlet Installed
12769| [11042] Apache Tomcat DOS Device Name XSS
12770| [11041] Apache Tomcat /servlet Cross Site Scripting
12771| [10938] Apache Remote Command Execution via .bat files
12772| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12773| [10773] MacOS X Finder reveals contents of Apache Web files
12774| [10766] Apache UserDir Sensitive Information Disclosure
12775| [10756] MacOS X Finder reveals contents of Apache Web directories
12776| [10752] Apache Auth Module SQL Insertion Attack
12777| [10704] Apache Directory Listing
12778| [10678] Apache /server-info accessible
12779| [10677] Apache /server-status accessible
12780| [10440] Check for Apache Multiple / vulnerability
12781|
12782| SecurityTracker - https://www.securitytracker.com:
12783| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12784| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12785| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12786| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12787| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12788| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12789| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12790| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12791| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12792| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12793| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12794| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12795| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12796| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12797| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12798| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12799| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12800| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12801| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12802| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12803| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12804| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12805| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12806| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12807| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12808| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12809| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12810| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12811| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12812| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12813| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12814| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12815| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12816| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12817| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12818| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12819| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12820| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12821| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12822| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12823| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12824| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12825| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12826| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12827| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12828| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12829| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12830| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12831| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12832| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12833| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12834| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12835| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12836| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12837| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12838| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12839| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12840| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12841| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12842| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12843| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12844| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12845| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12846| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12847| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12848| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12849| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12850| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12851| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12852| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12853| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12854| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12855| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12856| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12857| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12858| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12859| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12860| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12861| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12862| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12863| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12864| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12865| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12866| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12867| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12868| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12869| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12870| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12871| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12872| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12873| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12874| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12875| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12876| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12877| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12878| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12879| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12880| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12881| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12882| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12883| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12884| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12885| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12886| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12887| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12888| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12889| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12890| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12891| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12892| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12893| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12894| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12895| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12896| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12897| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12898| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12899| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12900| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12901| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12902| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12903| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12904| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12905| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12906| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12907| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12908| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12909| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12910| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12911| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12912| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12913| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12914| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12915| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12916| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12917| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12918| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12919| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12920| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12921| [1008920] Apache mod_digest May Validate Replayed Client Responses
12922| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12923| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12924| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12925| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12926| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12927| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12928| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12929| [1008029] Apache mod_alias Contains a Buffer Overflow
12930| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12931| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12932| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12933| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12934| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12935| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12936| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12937| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12938| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12939| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12940| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12941| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12942| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12943| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12944| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12945| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12946| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12947| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12948| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12949| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12950| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12951| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12952| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12953| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12954| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12955| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12956| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12957| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12958| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12959| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12960| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12961| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12962| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12963| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12964| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12965| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12966| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12967| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12968| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12969| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12970| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12971| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12972| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12973| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12974| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12975| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12976| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12977| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12978| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12979| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12980| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12981| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12982| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12983| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12984| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12985| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12986|
12987| OSVDB - http://www.osvdb.org:
12988| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12989| [96077] Apache CloudStack Global Settings Multiple Field XSS
12990| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12991| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12992| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12993| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12994| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12995| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12996| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12997| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12998| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12999| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13000| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13001| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13002| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13003| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13004| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13005| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13006| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13007| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13008| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13009| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13010| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13011| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13012| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13013| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13014| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13015| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13016| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13017| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13018| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13019| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13020| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13021| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13022| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13023| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13024| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13025| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13026| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13027| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13028| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13029| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13030| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13031| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13032| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13033| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13034| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13035| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13036| [94279] Apache Qpid CA Certificate Validation Bypass
13037| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13038| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13039| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13040| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13041| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13042| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13043| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13044| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13045| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13046| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13047| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13048| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13049| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13050| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13051| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13052| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13053| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13054| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13055| [93541] Apache Solr json.wrf Callback XSS
13056| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13057| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13058| [93520] Apache CloudStack Default SSL Key Weakness
13059| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13060| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13061| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13062| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13063| [93515] Apache HBase table.jsp name Parameter XSS
13064| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13065| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13066| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13067| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13068| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13069| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13070| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13071| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13072| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13073| [93252] Apache Tomcat FORM Authenticator Session Fixation
13074| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13075| [93171] Apache Sling HtmlResponse Error Message XSS
13076| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13077| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13078| [93168] Apache Click ErrorReport.java id Parameter XSS
13079| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13080| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13081| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13082| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13083| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13084| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13085| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13086| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13087| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13088| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13089| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13090| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13091| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13092| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13093| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13094| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13095| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13096| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13097| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13098| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13099| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13100| [93144] Apache Solr Admin Command Execution CSRF
13101| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13102| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13103| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13104| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13105| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13106| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13107| [92748] Apache CloudStack VM Console Access Restriction Bypass
13108| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13109| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13110| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13111| [92706] Apache ActiveMQ Debug Log Rendering XSS
13112| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13113| [92270] Apache Tomcat Unspecified CSRF
13114| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13115| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13116| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13117| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13118| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13119| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13120| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13121| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13122| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13123| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13124| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13125| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13126| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13127| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13128| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13129| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13130| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13131| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13132| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13133| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13134| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13135| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13136| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13137| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13138| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13139| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13140| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13141| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13142| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13143| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13144| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13145| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13146| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13147| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13148| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13149| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13150| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13151| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13152| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13153| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13154| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13155| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13156| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13157| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13158| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13159| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13160| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13161| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13162| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13163| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13164| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13165| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13166| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13167| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13168| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13169| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13170| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13171| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13172| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13173| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13174| [86901] Apache Tomcat Error Message Path Disclosure
13175| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13176| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13177| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13178| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13179| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13180| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13181| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13182| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13183| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13184| [85430] Apache mod_pagespeed Module Unspecified XSS
13185| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13186| [85249] Apache Wicket Unspecified XSS
13187| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13188| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13189| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13190| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13191| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13192| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13193| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13194| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13195| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13196| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13197| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13198| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13199| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13200| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13201| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13202| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13203| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13204| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13205| [83339] Apache Roller Blogger Roll Unspecified XSS
13206| [83270] Apache Roller Unspecified Admin Action CSRF
13207| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13208| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13209| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13210| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13211| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13212| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13213| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13214| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13215| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13216| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13217| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13218| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13219| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13220| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13221| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13222| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13223| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13224| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13225| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13226| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13227| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13228| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13229| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13230| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13231| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13232| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13233| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13234| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13235| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13236| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13237| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13238| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13239| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13240| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13241| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13242| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13243| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13244| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13245| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13246| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13247| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13248| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13249| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13250| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13251| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13252| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13253| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13254| [77593] Apache Struts Conversion Error OGNL Expression Injection
13255| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13256| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13257| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13258| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13259| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13260| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13261| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13262| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13263| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13264| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13265| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13266| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13267| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13268| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13269| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13270| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13271| [74725] Apache Wicket Multi Window Support Unspecified XSS
13272| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13273| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13274| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13275| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13276| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13277| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13278| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13279| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13280| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13281| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13282| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13283| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13284| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13285| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13286| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13287| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13288| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13289| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13290| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13291| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13292| [73154] Apache Archiva Multiple Unspecified CSRF
13293| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13294| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13295| [72238] Apache Struts Action / Method Names <
13296| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13297| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13298| [71557] Apache Tomcat HTML Manager Multiple XSS
13299| [71075] Apache Archiva User Management Page XSS
13300| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13301| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13302| [70924] Apache Continuum Multiple Admin Function CSRF
13303| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13304| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13305| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13306| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13307| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13308| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13309| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13310| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13311| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13312| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13313| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13314| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13315| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13316| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13317| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13318| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13319| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13320| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13321| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13322| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13323| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13324| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13325| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13326| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13327| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13328| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13329| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13330| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13331| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13332| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13333| [65054] Apache ActiveMQ Jetty Error Handler XSS
13334| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13335| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13336| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13337| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13338| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13339| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13340| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13341| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13342| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13343| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13344| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13345| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13346| [63895] Apache HTTP Server mod_headers Unspecified Issue
13347| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13348| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13349| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13350| [63140] Apache Thrift Service Malformed Data Remote DoS
13351| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13352| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13353| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13354| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13355| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13356| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13357| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13358| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13359| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13360| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13361| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13362| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13363| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13364| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13365| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13366| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13367| [60678] Apache Roller Comment Email Notification Manipulation DoS
13368| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13369| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13370| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13371| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13372| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13373| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13374| [60232] PHP on Apache php.exe Direct Request Remote DoS
13375| [60176] Apache Tomcat Windows Installer Admin Default Password
13376| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13377| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13378| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13379| [59944] Apache Hadoop jobhistory.jsp XSS
13380| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13381| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13382| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13383| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13384| [59019] Apache mod_python Cookie Salting Weakness
13385| [59018] Apache Harmony Error Message Handling Overflow
13386| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13387| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13388| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13389| [59010] Apache Solr get-file.jsp XSS
13390| [59009] Apache Solr action.jsp XSS
13391| [59008] Apache Solr analysis.jsp XSS
13392| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13393| [59006] Apache Beehive select / checkbox Tag XSS
13394| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13395| [59004] Apache Beehive Error Message XSS
13396| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13397| [59002] Apache Jetspeed default-page.psml URI XSS
13398| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13399| [59000] Apache CXF Unsigned Message Policy Bypass
13400| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13401| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13402| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13403| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13404| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13405| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13406| [58993] Apache Hadoop browseBlock.jsp XSS
13407| [58991] Apache Hadoop browseDirectory.jsp XSS
13408| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13409| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13410| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13411| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13412| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13413| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13414| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13415| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13416| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13417| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13418| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13419| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13420| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13421| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13422| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13423| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13424| [58974] Apache Sling /apps Script User Session Management Access Weakness
13425| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13426| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13427| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13428| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13429| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13430| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13431| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13432| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13433| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13434| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13435| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13436| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13437| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13438| [58805] Apache Derby Unauthenticated Database / Admin Access
13439| [58804] Apache Wicket Header Contribution Unspecified Issue
13440| [58803] Apache Wicket Session Fixation
13441| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13442| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13443| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13444| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13445| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13446| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13447| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13448| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13449| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13450| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13451| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13452| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13453| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13454| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13455| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13456| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13457| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13458| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13459| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13460| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13461| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13462| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13463| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13464| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13465| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13466| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13467| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13468| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13469| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13470| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13471| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13472| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13473| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13474| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13475| [58755] Apache Harmony DRLVM Non-public Class Member Access
13476| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13477| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13478| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13479| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13480| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13481| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13482| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13483| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13484| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13485| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13486| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13487| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13488| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13489| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13490| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13491| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13492| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13493| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13494| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13495| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13496| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13497| [58724] Apache Roller Logout Functionality Failure Session Persistence
13498| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13499| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13500| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13501| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13502| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13503| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13504| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13505| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13506| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13507| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13508| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13509| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13510| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13511| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13512| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13513| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13514| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13515| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13516| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13517| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13518| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13519| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13520| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13521| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13522| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13523| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13524| [58687] Apache Axis Invalid wsdl Request XSS
13525| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13526| [58685] Apache Velocity Template Designer Privileged Code Execution
13527| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13528| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13529| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13530| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13531| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13532| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13533| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13534| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13535| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13536| [58667] Apache Roller Database Cleartext Passwords Disclosure
13537| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13538| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13539| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13540| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13541| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13542| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13543| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13544| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13545| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13546| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13547| [56984] Apache Xerces2 Java Malformed XML Input DoS
13548| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13549| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13550| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13551| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13552| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13553| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13554| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13555| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13556| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13557| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13558| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13559| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13560| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13561| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13562| [55056] Apache Tomcat Cross-application TLD File Manipulation
13563| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13564| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13565| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13566| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13567| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13568| [54589] Apache Jserv Nonexistent JSP Request XSS
13569| [54122] Apache Struts s:a / s:url Tag href Element XSS
13570| [54093] Apache ActiveMQ Web Console JMS Message XSS
13571| [53932] Apache Geronimo Multiple Admin Function CSRF
13572| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13573| [53930] Apache Geronimo /console/portal/ URI XSS
13574| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13575| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13576| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13577| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13578| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13579| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13580| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13581| [53380] Apache Struts Unspecified XSS
13582| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13583| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13584| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13585| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13586| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13587| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13588| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13589| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13590| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13591| [51151] Apache Roller Search Function q Parameter XSS
13592| [50482] PHP with Apache php_value Order Unspecified Issue
13593| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13594| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13595| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13596| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13597| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13598| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13599| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13600| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13601| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13602| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13603| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13604| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13605| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13606| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13607| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13608| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13609| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13610| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13611| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13612| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13613| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13614| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13615| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13616| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13617| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13618| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13619| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13620| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13621| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13622| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13623| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13624| [43452] Apache Tomcat HTTP Request Smuggling
13625| [43309] Apache Geronimo LoginModule Login Method Bypass
13626| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13627| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13628| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13629| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13630| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13631| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13632| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13633| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13634| [42091] Apache Maven Site Plugin Installation Permission Weakness
13635| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13636| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13637| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13638| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13639| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13640| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13641| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13642| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13643| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13644| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13645| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13646| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13647| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13648| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13649| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13650| [40262] Apache HTTP Server mod_status refresh XSS
13651| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13652| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13653| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13654| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13655| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13656| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13657| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13658| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13659| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13660| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13661| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13662| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13663| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13664| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13665| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13666| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13667| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13668| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13669| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13670| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13671| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13672| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13673| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13674| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13675| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13676| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13677| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13678| [36079] Apache Tomcat Manager Uploaded Filename XSS
13679| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13680| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13681| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13682| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13683| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13684| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13685| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13686| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13687| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13688| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13689| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13690| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13691| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13692| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13693| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13694| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13695| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13696| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13697| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13698| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13699| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13700| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13701| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13702| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13703| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13704| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13705| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13706| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13707| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13708| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13709| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13710| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13711| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13712| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13713| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13714| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13715| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13716| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13717| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13718| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13719| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13720| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13721| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13722| [24365] Apache Struts Multiple Function Error Message XSS
13723| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13724| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13725| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13726| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13727| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13728| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13729| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13730| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13731| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13732| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13733| [22459] Apache Geronimo Error Page XSS
13734| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13735| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13736| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13737| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13738| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13739| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13740| [21021] Apache Struts Error Message XSS
13741| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13742| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13743| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13744| [20439] Apache Tomcat Directory Listing Saturation DoS
13745| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13746| [20285] Apache HTTP Server Log File Control Character Injection
13747| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13748| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13749| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13750| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13751| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13752| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13753| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13754| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13755| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13756| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13757| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13758| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13759| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13760| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13761| [18233] Apache HTTP Server htdigest user Variable Overfow
13762| [17738] Apache HTTP Server HTTP Request Smuggling
13763| [16586] Apache HTTP Server Win32 GET Overflow DoS
13764| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13765| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13766| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13767| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13768| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13769| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13770| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13771| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13772| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13773| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13774| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13775| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13776| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13777| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13778| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13779| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13780| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13781| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13782| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13783| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13784| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13785| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13786| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13787| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13788| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13789| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13790| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13791| [13304] Apache Tomcat realPath.jsp Path Disclosure
13792| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13793| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13794| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13795| [12848] Apache HTTP Server htdigest realm Variable Overflow
13796| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13797| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13798| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13799| [12557] Apache HTTP Server prefork MPM accept Error DoS
13800| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13801| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13802| [12231] Apache Tomcat web.xml Arbitrary File Access
13803| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13804| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13805| [12178] Apache Jakarta Lucene results.jsp XSS
13806| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13807| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13808| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13809| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13810| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13811| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13812| [10471] Apache Xerces-C++ XML Parser DoS
13813| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13814| [10068] Apache HTTP Server htpasswd Local Overflow
13815| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13816| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13817| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13818| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13819| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13820| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13821| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13822| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13823| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13824| [9714] Apache Authentication Module Threaded MPM DoS
13825| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13826| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13827| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13828| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13829| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13830| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13831| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13832| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13833| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13834| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13835| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13836| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13837| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13838| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13839| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13840| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13841| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13842| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13843| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13844| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13845| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13846| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13847| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13848| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13849| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13850| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13851| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13852| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13853| [9208] Apache Tomcat .jsp Encoded Newline XSS
13854| [9204] Apache Tomcat ROOT Application XSS
13855| [9203] Apache Tomcat examples Application XSS
13856| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13857| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13858| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13859| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13860| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13861| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13862| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13863| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13864| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13865| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13866| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13867| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13868| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13869| [7611] Apache HTTP Server mod_alias Local Overflow
13870| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13871| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13872| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13873| [6882] Apache mod_python Malformed Query String Variant DoS
13874| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13875| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13876| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13877| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13878| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13879| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13880| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13881| [5278] Apache Tomcat web.xml Restriction Bypass
13882| [5051] Apache Tomcat Null Character DoS
13883| [4973] Apache Tomcat servlet Mapping XSS
13884| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13885| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13886| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13887| [4568] mod_survey For Apache ENV Tags SQL Injection
13888| [4553] Apache HTTP Server ApacheBench Overflow DoS
13889| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13890| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13891| [4383] Apache HTTP Server Socket Race Condition DoS
13892| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13893| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13894| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13895| [4231] Apache Cocoon Error Page Server Path Disclosure
13896| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13897| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13898| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13899| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13900| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13901| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13902| [3322] mod_php for Apache HTTP Server Process Hijack
13903| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13904| [2885] Apache mod_python Malformed Query String DoS
13905| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13906| [2733] Apache HTTP Server mod_rewrite Local Overflow
13907| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13908| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13909| [2149] Apache::Gallery Privilege Escalation
13910| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13911| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13912| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13913| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13914| [872] Apache Tomcat Multiple Default Accounts
13915| [862] Apache HTTP Server SSI Error Page XSS
13916| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13917| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13918| [845] Apache Tomcat MSDOS Device XSS
13919| [844] Apache Tomcat Java Servlet Error Page XSS
13920| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13921| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13922| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13923| [775] Apache mod_python Module Importing Privilege Function Execution
13924| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13925| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13926| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13927| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13928| [637] Apache HTTP Server UserDir Directive Username Enumeration
13929| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13930| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13931| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13932| [561] Apache Web Servers mod_status /server-status Information Disclosure
13933| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13934| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13935| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13936| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13937| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13938| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13939| [376] Apache Tomcat contextAdmin Arbitrary File Access
13940| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13941| [222] Apache HTTP Server test-cgi Arbitrary File Access
13942| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13943| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13944|_
13945445/tcp closed microsoft-ds
13946465/tcp open ssl/smtp Exim smtpd 4.92
13947| vulscan: VulDB - https://vuldb.com:
13948| [141327] Exim up to 4.92.1 Backslash privilege escalation
13949| [138827] Exim up to 4.92 Expansion Code Execution
13950| [135932] Exim up to 4.92 privilege escalation
13951| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
13952|
13953| MITRE CVE - https://cve.mitre.org:
13954| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
13955| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
13956| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
13957| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
13958| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
13959| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
13960| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
13961| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
13962| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
13963| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
13964| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
13965| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
13966| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
13967| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
13968| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
13969| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
13970|
13971| SecurityFocus - https://www.securityfocus.com/bid/:
13972| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
13973| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
13974| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
13975| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
13976| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
13977| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
13978| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
13979| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
13980| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
13981| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
13982| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
13983| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
13984| [45308] Exim Crafted Header Remote Code Execution Vulnerability
13985| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
13986| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
13987| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
13988| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
13989| [17110] sa-exim Unauthorized File Access Vulnerability
13990| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
13991| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
13992| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
13993| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
13994| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
13995| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
13996| [6314] Exim Internet Mailer Format String Vulnerability
13997| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
13998| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
13999| [2828] Exim Format String Vulnerability
14000| [1859] Exim Buffer Overflow Vulnerability
14001|
14002| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14003| [84758] Exim sender_address parameter command execution
14004| [84015] Exim command execution
14005| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14006| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14007| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14008| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14009| [67455] Exim DKIM processing code execution
14010| [67299] Exim dkim_exim_verify_finish() format string
14011| [65028] Exim open_log privilege escalation
14012| [63967] Exim config file privilege escalation
14013| [63960] Exim header buffer overflow
14014| [59043] Exim mail directory privilege escalation
14015| [59042] Exim MBX symlink
14016| [52922] ikiwiki teximg plugin information disclosure
14017| [34265] Exim spamd buffer overflow
14018| [25286] Sa-exim greylistclean.cron file deletion
14019| [22687] RHSA-2005:025 updates for exim not installed
14020| [18901] Exim dns_build_reverse buffer overflow
14021| [18764] Exim spa_base64_to_bits function buffer overflow
14022| [18763] Exim host_aton buffer overflow
14023| [16079] Exim require_verify buffer overflow
14024| [16077] Exim header_check_syntax buffer overflow
14025| [16075] Exim sender_verify buffer overflow
14026| [13067] Exim HELO or EHLO command heap overflow
14027| [10761] Exim daemon.c format string
14028| [8194] Exim configuration file -c command-line argument buffer overflow
14029| [7738] Exim allows attacker to hide commands in localhost names using pipes
14030| [6671] Exim "
14031| [1893] Exim MTA allows local users to gain root privileges
14032|
14033| Exploit-DB - https://www.exploit-db.com:
14034| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14035| [15725] Exim 4.63 Remote Root Exploit
14036| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14037| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14038| [796] Exim <= 4.42 Local Root Exploit
14039| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14040|
14041| OpenVAS (Nessus) - http://www.openvas.org:
14042| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14043|
14044| SecurityTracker - https://www.securitytracker.com:
14045| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14046| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14047| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14048| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14049| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14050| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14051| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14052| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14053| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14054| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14055| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14056| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14057|
14058| OSVDB - http://www.osvdb.org:
14059| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14060| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14061| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14062| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14063| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14064| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14065| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14066| [70696] Exim log.c open_log() Function Local Privilege Escalation
14067| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14068| [69685] Exim string_format Function Remote Overflow
14069| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14070| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14071| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14072| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14073| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14074| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14075| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14076| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14077| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14078| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14079| [10032] libXpm CreateXImage Function Integer Overflow
14080| [7160] Exim .forward :include: Option Privilege Escalation
14081| [6479] Vexim COOKIE Authentication Credential Disclosure
14082| [6478] Vexim Multiple Parameter SQL Injection
14083| [5930] Exim Parenthesis File Name Filter Bypass
14084| [5897] Exim header_syntax Function Remote Overflow
14085| [5896] Exim sender_verify Function Remote Overflow
14086| [5530] Exim Localhost Name Arbitrary Command Execution
14087| [5330] Exim Configuration File Variable Overflow
14088| [1855] Exim Batched SMTP Mail Header Format String
14089|_
14090587/tcp open smtp Exim smtpd 4.92
14091| vulscan: VulDB - https://vuldb.com:
14092| [141327] Exim up to 4.92.1 Backslash privilege escalation
14093| [138827] Exim up to 4.92 Expansion Code Execution
14094| [135932] Exim up to 4.92 privilege escalation
14095| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
14096|
14097| MITRE CVE - https://cve.mitre.org:
14098| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
14099| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
14100| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
14101| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
14102| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
14103| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
14104| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
14105| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
14106| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
14107| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
14108| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
14109| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
14110| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
14111| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
14112| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
14113| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
14114|
14115| SecurityFocus - https://www.securityfocus.com/bid/:
14116| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
14117| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
14118| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
14119| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
14120| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
14121| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
14122| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
14123| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
14124| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
14125| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
14126| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
14127| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
14128| [45308] Exim Crafted Header Remote Code Execution Vulnerability
14129| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
14130| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
14131| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
14132| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
14133| [17110] sa-exim Unauthorized File Access Vulnerability
14134| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
14135| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
14136| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
14137| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
14138| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
14139| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
14140| [6314] Exim Internet Mailer Format String Vulnerability
14141| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
14142| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
14143| [2828] Exim Format String Vulnerability
14144| [1859] Exim Buffer Overflow Vulnerability
14145|
14146| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14147| [84758] Exim sender_address parameter command execution
14148| [84015] Exim command execution
14149| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
14150| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
14151| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
14152| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
14153| [67455] Exim DKIM processing code execution
14154| [67299] Exim dkim_exim_verify_finish() format string
14155| [65028] Exim open_log privilege escalation
14156| [63967] Exim config file privilege escalation
14157| [63960] Exim header buffer overflow
14158| [59043] Exim mail directory privilege escalation
14159| [59042] Exim MBX symlink
14160| [52922] ikiwiki teximg plugin information disclosure
14161| [34265] Exim spamd buffer overflow
14162| [25286] Sa-exim greylistclean.cron file deletion
14163| [22687] RHSA-2005:025 updates for exim not installed
14164| [18901] Exim dns_build_reverse buffer overflow
14165| [18764] Exim spa_base64_to_bits function buffer overflow
14166| [18763] Exim host_aton buffer overflow
14167| [16079] Exim require_verify buffer overflow
14168| [16077] Exim header_check_syntax buffer overflow
14169| [16075] Exim sender_verify buffer overflow
14170| [13067] Exim HELO or EHLO command heap overflow
14171| [10761] Exim daemon.c format string
14172| [8194] Exim configuration file -c command-line argument buffer overflow
14173| [7738] Exim allows attacker to hide commands in localhost names using pipes
14174| [6671] Exim "
14175| [1893] Exim MTA allows local users to gain root privileges
14176|
14177| Exploit-DB - https://www.exploit-db.com:
14178| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
14179| [15725] Exim 4.63 Remote Root Exploit
14180| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
14181| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
14182| [796] Exim <= 4.42 Local Root Exploit
14183| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
14184|
14185| OpenVAS (Nessus) - http://www.openvas.org:
14186| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
14187|
14188| SecurityTracker - https://www.securitytracker.com:
14189| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
14190| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
14191| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
14192| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
14193| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
14194| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
14195| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
14196| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
14197| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
14198| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
14199| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
14200| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
14201|
14202| OSVDB - http://www.osvdb.org:
14203| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
14204| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
14205| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
14206| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
14207| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
14208| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
14209| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
14210| [70696] Exim log.c open_log() Function Local Privilege Escalation
14211| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
14212| [69685] Exim string_format Function Remote Overflow
14213| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
14214| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
14215| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
14216| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
14217| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
14218| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
14219| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
14220| [12726] Exim -be Command Line Option host_aton Function Local Overflow
14221| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
14222| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
14223| [10032] libXpm CreateXImage Function Integer Overflow
14224| [7160] Exim .forward :include: Option Privilege Escalation
14225| [6479] Vexim COOKIE Authentication Credential Disclosure
14226| [6478] Vexim Multiple Parameter SQL Injection
14227| [5930] Exim Parenthesis File Name Filter Bypass
14228| [5897] Exim header_syntax Function Remote Overflow
14229| [5896] Exim sender_verify Function Remote Overflow
14230| [5530] Exim Localhost Name Arbitrary Command Execution
14231| [5330] Exim Configuration File Variable Overflow
14232| [1855] Exim Batched SMTP Mail Header Format String
14233|_
14234993/tcp open ssl/imaps?
14235995/tcp open ssl/pop3s?
14236######################################################################################################################################
14237 Anonymous JTSEC #OpDefendTheWild Full Recon #6