· 6 years ago · Oct 24, 2019, 06:58 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname boylinks.net ISP Xs4all Internet BV
4Continent Europe Flag
5NL
6Country Netherlands Country Code NL
7Region South Holland Local time 24 Oct 2019 18:30 CEST
8City Rotterdam Postal Code 3085
9IP Address 82.94.222.132 Latitude 51.874
10 Longitude 4.489
11======================================================================================================================================
12#######################################################################################################################################
13> boylinks.net
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: boylinks.net
19Address: 82.94.222.132
20>
21#######################################################################################################################################
22 Domain Name: BOYLINKS.NET
23 Registry Domain ID: 5431180_DOMAIN_NET-VRSN
24 Registrar WHOIS Server: whois.joker.com
25 Registrar URL: http://www.joker.com
26 Updated Date: 2019-09-19T07:29:26Z
27 Creation Date: 1999-04-19T04:00:00Z
28 Registry Expiry Date: 2021-04-19T04:00:00Z
29 Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
30 Registrar IANA ID: 113
31 Registrar Abuse Contact Email: abuse@joker.com
32 Registrar Abuse Contact Phone: +49.21186767447
33 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
34 Name Server: NS1.FSCODNS.NET
35 Name Server: NS2.FSCODNS.NET
36 Name Server: NS3.FSCODNS.NET
37 DNSSEC: unsigned
38#######################################################################################################################################
39Domain Name: boylinks.net
40Registry Domain ID: 5431180_DOMAIN_NET-VRSN
41Registrar WHOIS Server: whois.joker.com
42Registrar URL: https://joker.com
43Updated Date: 2019-09-19T14:11:44Z
44Creation Date: 1999-04-19T04:00:00Z
45Registrar Registration Expiration Date: 2021-04-19T04:00:00Z
46Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
47Registrar IANA ID: 113
48Registrar Abuse Contact Email: abuse@joker.com
49Registrar Abuse Contact Phone: +49.21186767447
50Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
51Registrant Name: Domain Registrar
52Registrant Organization: Free Spirits
53Registrant Street: c/o IDPS International Domain Privacy Services GmbH
54Registrant Street: Hansaallee 191
55Registrant City: Duesseldorf
56Registrant Postal Code: 40549
57Registrant Country: DE
58Registrant Phone: +49.21186767448
59Registrant Fax: +49.211867676448
60Registrant Email: L7TLEUJ2S0AIIC0L7VXWLBWFECQ6XW1F@proxy-privacy.com
61Admin Name: - -
62Admin Organization: Free Spirits
63Admin Street: c/o IDPS International Domain Privacy Services GmbH
64Admin Street: Hansaallee 191
65Admin City: Duesseldorf
66Admin Postal Code: 40549
67Admin Country: DE
68Admin Phone: +49.21186767448
69Admin Fax: +49.211867676448
70Admin Email: P2MW2ZYNIV2LXVJJFMEUDVS956L2GVHN@proxy-privacy.com
71Tech Name: - -
72Tech Organization: Free Spirits
73Tech Street: c/o IDPS International Domain Privacy Services GmbH
74Tech Street: Hansaallee 191
75Tech City: Duesseldorf
76Tech Postal Code: 40549
77Tech Country: DE
78Tech Phone: +49.21186767448
79Tech Fax: +49.211867676448
80Tech Email: P2MW2ZYNIV2LXVJJFMEUDVS956L2GVHN@proxy-privacy.com
81Name Server: ns2.fscodns.net
82Name Server: ns1.fscodns.net
83Name Server: ns3.fscodns.net
84DNSSEC: unsigned
85#######################################################################################################################################
86[+] Target : boylinks.net
87
88[+] IP Address : 82.94.222.132
89
90[+] Headers :
91
92[+] Server : nginx
93[+] Date : Thu, 24 Oct 2019 16:36:33 GMT
94[+] Content-Type : text/html
95[+] Transfer-Encoding : chunked
96[+] Connection : keep-alive
97[+] Content-Encoding : gzip
98
99[+] SSL Certificate Information :
100
101[+] commonName : boylinks.net
102[+] countryName : US
103[+] organizationName : Let's Encrypt
104[+] commonName : Let's Encrypt Authority X3
105[+] Version : 3
106[+] Serial Number : 033E69037BA71E4315BD81CB32C15548346C
107[+] Not Before : Aug 3 23:07:57 2019 GMT
108[+] Not After : Nov 1 23:07:57 2019 GMT
109[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
110[+] subject Alt Name : (('DNS', 'boylinks.net'), ('DNS', 'boylinks.org'), ('DNS', 'www.boylinks.net'), ('DNS', 'www.boylinks.org'))
111[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
112
113[+] Whois Lookup :
114
115[+] NIR : None
116[+] ASN Registry : ripencc
117[+] ASN : 3265
118[+] ASN CIDR : 82.92.0.0/14
119[+] ASN Country Code : NL
120[+] ASN Date : 2003-11-25
121[+] ASN Description : XS4ALL-NL Amsterdam, NL
122[+] cidr : 82.94.222.128/28
123[+] name : XS4ALL-CUST
124[+] handle : XS42-RIPE
125[+] range : 82.94.222.128 - 82.94.222.143
126[+] description : Stichting B.C.C.O.
127[+] country : NL
128[+] state : None
129[+] city : None
130[+] address : XS4ALL Internet BV
131Postbus 1848
1321000BV Amsterdam
133The Netherlands
134[+] postal_code : None
135[+] emails : ['abuse@xs4all.nl']
136[+] created : 2015-03-09T15:51:55Z
137[+] updated : 2018-02-15T09:07:53Z
138
139[+] Crawling Target...
140
141[+] Looking for robots.txt........[ Found ]
142[+] Extracting robots Links.......[ 3 ]
143[+] Looking for sitemap.xml.......[ Not Found ]
144[+] Extracting CSS Links..........[ 0 ]
145[+] Extracting Javascript Links...[ 0 ]
146[+] Extracting Internal Links.....[ 1 ]
147[+] Extracting External Links.....[ 47 ]
148[+] Extracting Images.............[ 2 ]
149
150[+] Total Links Extracted : 53
151
152[+] Dumping Links in /opt/FinalRecon/dumps/boylinks.net.dump
153[+] Completed!
154#######################################################################################################################################
155[+] Starting At 2019-10-24 12:36:46.099890
156[+] Collecting Information On: http://boylinks.net/
157[#] Status: 200
158--------------------------------------------------
159[#] Web Server Detected: nginx
160[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
161- Server: nginx
162- Date: Thu, 24 Oct 2019 16:36:45 GMT
163- Content-Type: text/html; charset=UTF-8
164- Content-Length: 6740
165- Connection: keep-alive
166- Expires: Fri, 25 Oct 2019 16:36:45 GMT
167- Cache-Control: public, max-age=172800, pre-check=172800
168- Content-Language: en
169- Last-Modified: Sun, 22 Sep 2019 16:59:36 GMT
170- Vary: Accept-Encoding
171- Content-Encoding: gzip
172--------------------------------------------------
173[#] Finding Location..!
174[#] status: success
175[#] country: Netherlands
176[#] countryCode: NL
177[#] region: ZH
178[#] regionName: South Holland
179[#] city: Rotterdam
180[#] zip: 3085
181[#] lat: 51.8735
182[#] lon: 4.4894
183[#] timezone: Europe/Amsterdam
184[#] isp: XS4ALL networking
185[#] org: Xs4all Internet BV
186[#] as: AS3265 Xs4all Internet BV
187[#] query: 82.94.222.132
188--------------------------------------------------
189[x] Didn't Detect WAF Presence on: http://boylinks.net/
190--------------------------------------------------
191[#] Starting Reverse DNS
192[-] Failed ! Fail
193--------------------------------------------------
194[!] Scanning Open Port
195[#] 80/tcp open http
196[#] 443/tcp open https
197[#] 993/tcp open imaps
198--------------------------------------------------
199[+] Collecting Information Disclosure!
200[#] Detecting sitemap.xml file
201[-] sitemap.xml file not Found!?
202[#] Detecting robots.txt file
203[!] robots.txt File Found: http://boylinks.net//robots.txt
204[#] Detecting GNU Mailman
205[-] GNU Mailman App Not Detected!?
206--------------------------------------------------
207[+] Crawling Url Parameter On: http://boylinks.net/
208--------------------------------------------------
209[#] Searching Html Form !
210[-] No Html Form Found!?
211--------------------------------------------------
212[-] No DOM Paramter Found!?
213--------------------------------------------------
214[-] No internal Dynamic Parameter Found!?
215--------------------------------------------------
216[!] 10 External Dynamic Parameter Discovered
217[#] https://www.amazon.co.uk/dp/B07P7F122N/ref=sr_1_2?s=books&ie=UTF8&qid=1551695270&sr=1-2&keywords=Michael+Jackson%27s+Dangerous+Liaisons
218[#] https://www.imdb.com/name/nm7486593/?ref_=fn_al_nm_1
219[#] http://www.imdb.com/name/nm3069420/?ref_=tt_cl_t5
220[#] http://www.imdb.com/name/nm7827879/?ref_=ttfc_fc_cl_t13
221[#] https://www.imdb.com/name/nm8843902/bio?ref_=nm_ov_bio_sm
222[#] http://www.imdb.com/title/tt1433811/?ref_=fn_al_tt_1
223[#] http://www.imdb.com/title/tt0461613/?ref_=fn_al_tt_1
224[#] https://www.youtube.com/watch?v=zj57wkcqAtU
225[#] https://www.youtube.com/watch?v=TkQBdiLWg5w&t=1242s
226[#] https://www.youtube.com/watch?v=26O3mOIgixg
227--------------------------------------------------
228[!] 85 Internal links Discovered
229[+] http://boylinks.net//./
230[+] http://boylinks.net//./
231[+] http://boylinks.net//tos.html
232[+] http://boylinks.net//submission.html
233[+] http://boylinks.net//faq.html
234[+] http://boylinks.net//about.html
235[+] http://boylinks.net//submission.html
236[+] http://boylinks.net//a-a-e.html
237[+] http://boylinks.net//basics_whatisboylove.html
238[+] http://boylinks.net//discussion_boards.html
239[+] http://boylinks.net//discussion_chat.html
240[+] http://boylinks.net//discussion_newsgroups.html
241[+] http://boylinks.net//literature_artsandphotography.html
242[+] http://boylinks.net//literature_authors.html
243[+] http://boylinks.net//literature_comingofage.html
244[+] http://boylinks.net//literature_gayyouth.html
245[+] http://boylinks.net//literature_intergenerational.html
246[+] http://boylinks.net//literature_nonfiction.html
247[+] http://boylinks.net//literature_poetry.html
248[+] http://boylinks.net//literature_resources.html
249[+] http://boylinks.net//movies_actors.html
250[+] http://boylinks.net//movies_adultactors.html
251[+] http://boylinks.net//movies_comingofage.html
252[+] http://boylinks.net//movies_documentaries.html
253[+] http://boylinks.net//movies_gayyouth.html
254[+] http://boylinks.net//movies_intergenerational.html
255[+] http://boylinks.net//movies_resources.html
256[+] http://boylinks.net//music_choirs.html
257[+] http://boylinks.net//music_musicians.html
258[+] http://boylinks.net//music_musicians-adults.html
259[+] http://boylinks.net//music_resources.html
260[+] http://boylinks.net//music_videoclips.html
261[+] http://boylinks.net//personalsites_art.html
262[+] http://boylinks.net//personalsites_blogs.html
263[+] http://boylinks.net//personalsites_boylovers.html
264[+] http://boylinks.net//personalsites_boys.html
265[+] http://boylinks.net//personalsites_pictures.html
266[+] http://boylinks.net//personalsites_servers.html
267[+] http://boylinks.net//personalsites_sports.html
268[+] http://boylinks.net//personalsites_videos.html
269[+] http://boylinks.net//resources_ageofconsent.html
270[+] http://boylinks.net//resources_boylove.html
271[+] http://boylinks.net//resources_censorship.html
272[+] http://boylinks.net//resources_childabuse.html
273[+] http://boylinks.net//resources_childpornography.html
274[+] http://boylinks.net//resources_childsexuality.html
275[+] http://boylinks.net//resources_fun.html
276[+] http://boylinks.net//resources_gayyouth.html
277[+] http://boylinks.net//resources_history.html
278[+] http://boylinks.net//resources_hysteria.html
279[+] http://boylinks.net//resources_communityinvolvement.html
280[+] http://boylinks.net//resources_legislation.html
281[+] http://boylinks.net//resources_miscellaneous.html
282[+] http://boylinks.net//resources_pedophilia.html
283[+] http://boylinks.net//resources_podcastsandradio.html
284[+] http://boylinks.net//resources_privacyandsecurity.html
285[+] http://boylinks.net//resources_research.html
286[+] http://boylinks.net//resources_surveys.html
287[+] http://boylinks.net//onion-boards.html
288[+] http://boylinks.net//onion-links.html
289[+] https://www.boylinks.net/submission.html
290[+] http://boylinks.net//onion-boards.html
291[+] http://boylinks.net//onion-boards.html
292[+] http://boylinks.net//onion-boards.html
293[+] http://boylinks.net//nudity.html
294[+] http://boylinks.net//discussion_boards.html
295[+] http://boylinks.net//discussion_chat.html
296[+] http://boylinks.net//literature_artsandphotography.html
297[+] http://boylinks.net//literature_comingofage.html
298[+] http://boylinks.net//literature_gayyouth.html
299[+] http://boylinks.net//literature_intergenerational.html
300[+] http://boylinks.net//literature_nonfiction.html
301[+] http://boylinks.net//movies_actors.html
302[+] http://boylinks.net//movies_comingofage.html
303[+] http://boylinks.net//movies_resources.html
304[+] http://boylinks.net//music_musicians-adults.html
305[+] http://boylinks.net//music_choirs.html
306[+] http://boylinks.net//music_musicians.html
307[+] http://boylinks.net//personalsites_blogs.html
308[+] http://boylinks.net//personalsites_pictures.html
309[+] http://boylinks.net//personalsites_videos.html
310[+] http://boylinks.net//resources_history.html
311[+] http://boylinks.net//resources_podcastsandradio.html
312[+] http://boylinks.net//resources_research.html
313[+] http://boylinks.net//submission.html
314--------------------------------------------------
315[!] 38 External links Discovered
316[#] https://fsco.freespirits.info/fundraiser/
317[#] https://fsco.freespirits.info/notice/
318[#] https://fsco.freespirits.info/fundraiser/
319[#] https://boylandonline.com/
320[#] https://boyplanet.net/
321[#] https://www.boymoment.com
322[#] http://www.shfri.net/peers/peers.cgi
323[#] https://lifeline.chat
324[#] http://www.ethosonline.net
325[#] https://www.amazon.com/Nilo-Demetrius-Brothers-Classical-Greece/dp/1532067992
326[#] https://www.amazon.de/gro%C3%9Fe-Kamerad-Max-Meier-Jobst/dp/3743149044/
327[#] https://www.amazon.de/dp/B01MU81M6Y
328[#] https://meinlebenmitpeter.wordpress.com/
329[#] https://imagine-magazine.org/
330[#] https://www.brongersma.info/Kids_Club_Anthology_01
331[#] http://www.imdb.com/name/nm8071137/
332[#] http://outcast.wikia.com/wiki/Gabriel_Bateman
333[#] https://boymovies.top/
334[#] https://www.youtube.com/channel/UCfIUiUakyVosJ9SE_5yKuZw
335[#] http://www.monsterchildren.com/42377/the-helmets/
336[#] https://www.youtube.com/user/1jasonek
337[#] https://boyscycling.photo.blog/
338[#] https://tomocarroll.wordpress.com/
339[#] http://la-faute-aux-hormones.over-blog.com/
340[#] https://sonofganymedes.blogspot.com/
341[#] http://arabzplus.blogspot.com/
342[#] https://imgur.com/a/UmEcbXo
343[#] https://imgur.com/a/zQAD7tY
344[#] https://imgur.com/a/tOrX8Qj
345[#] https://imgur.com/a/H3eDHIu
346[#] https://imgur.com/a/3taQSDD
347[#] https://www.youtube.com/channel/UCfvLH5R0Rv_GWldg_YfYacA/videos
348[#] https://www.youtube.com/channel/UCUBOD3tNNyFhwygwMBh6eGw
349[#] http://www.greek-love.com
350[#] https://www.youtube.com/channel/UCFs6WXQMMmAq0XXQ0ty0Pdw
351[#] https://www.weirdpm.xyz/
352[#] https://link.springer.com/article/10.1007/s12119-018-9519-1
353[#] https://fsco.freespirits.info
354--------------------------------------------------
355[#] Mapping Subdomain..
356[!] Found 1 Subdomain
357- boylinks.net
358--------------------------------------------------
359[!] Done At 2019-10-24 12:37:23.711574
360######################################################################################################################################
361[i] Scanning Site: http://boylinks.net
362
363
364
365B A S I C I N F O
366====================
367
368
369[+] Site Title: BoyLinks
370[+] IP address: 82.94.222.132
371[+] Web Server: nginx
372[+] CMS: Could Not Detect
373[+] Cloudflare: Not Detected
374[+] Robots File: Found
375
376-------------[ contents ]----------------
377User-agent: *
378Disallow: /personalsites_pictures.html
379Disallow: /nudity.html
380Disallow: /cgi/
381
382-----------[end of contents]-------------
383
384
385
386W H O I S L O O K U P
387========================
388
389 Domain Name: BOYLINKS.NET
390 Registry Domain ID: 5431180_DOMAIN_NET-VRSN
391 Registrar WHOIS Server: whois.joker.com
392 Registrar URL: http://www.joker.com
393 Updated Date: 2019-09-19T07:29:26Z
394 Creation Date: 1999-04-19T04:00:00Z
395 Registry Expiry Date: 2021-04-19T04:00:00Z
396 Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
397 Registrar IANA ID: 113
398 Registrar Abuse Contact Email: abuse@joker.com
399 Registrar Abuse Contact Phone: +49.21186767447
400 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
401 Name Server: NS1.FSCODNS.NET
402 Name Server: NS2.FSCODNS.NET
403 Name Server: NS3.FSCODNS.NET
404 DNSSEC: unsigned
405 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
406>>> Last update of whois database: 2019-10-24T16:36:47Z <<<
407
408For more information on Whois status codes, please visit https://icann.org/epp
409
410
411
412The Registry database contains ONLY .COM, .NET, .EDU domains and
413Registrars.
414
415
416
417
418G E O I P L O O K U P
419=========================
420
421[i] IP Address: 82.94.222.132
422[i] Country: Netherlands
423[i] State: South Holland
424[i] City: Leiderdorp
425[i] Latitude: 52.1658
426[i] Longitude: 4.5338
427
428
429
430
431H T T P H E A D E R S
432=======================
433
434
435[i] HTTP/1.1 200 OK
436[i] Server: nginx
437[i] Date: Thu, 24 Oct 2019 16:36:54 GMT
438[i] Content-Type: text/html; charset=UTF-8
439[i] Content-Length: 20123
440[i] Connection: close
441[i] Expires: Fri, 25 Oct 2019 16:36:54 GMT
442[i] Cache-Control: public, max-age=172800, pre-check=172800
443[i] Content-Language: en
444[i] Last-Modified: Sun, 22 Sep 2019 16:59:36 GMT
445[i] Vary: Accept-Encoding
446
447
448
449
450D N S L O O K U P
451===================
452
453boylinks.net. 1799 IN SOA ns1.fscodns.net. hostmaster.freespirits.info. 2017042301 1800 1200 604800 600
454boylinks.net. 1799 IN SPF "v=spf1 mx -all"
455boylinks.net. 1799 IN TXT "v=spf1 mx -all"
456boylinks.net. 1799 IN MX 10 box.isp-email.net.
457boylinks.net. 1799 IN A 82.94.222.132
458boylinks.net. 1799 IN NS ns4.freespirits.org.
459boylinks.net. 1799 IN NS ns1.fscodns.net.
460boylinks.net. 1799 IN NS ns3.freespirits.org.
461boylinks.net. 1799 IN NS ns3.fscodns.net.
462boylinks.net. 1799 IN NS ns2.fscodns.net.
463
464
465
466
467S U B N E T C A L C U L A T I O N
468====================================
469
470Address = 82.94.222.132
471Network = 82.94.222.132 / 32
472Netmask = 255.255.255.255
473Broadcast = not needed on Point-to-Point links
474Wildcard Mask = 0.0.0.0
475Hosts Bits = 0
476Max. Hosts = 1 (2^0 - 0)
477Host Range = { 82.94.222.132 - 82.94.222.132 }
478
479
480
481N M A P P O R T S C A N
482============================
483
484Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-24 16:36 UTC
485Nmap scan report for boylinks.net (82.94.222.132)
486Host is up (0.079s latency).
487
488PORT STATE SERVICE
48921/tcp filtered ftp
49022/tcp filtered ssh
49123/tcp filtered telnet
49280/tcp open http
493110/tcp closed pop3
494143/tcp filtered imap
495443/tcp open https
4963389/tcp filtered ms-wbt-server
497
498Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds
499
500#######################################################################################################################################
501[INFO] ------TARGET info------
502[*] TARGET: http://boylinks.net/
503[*] TARGET IP: 82.94.222.132
504[INFO] NO load balancer detected for boylinks.net...
505[*] DNS servers: ns1.fscodns.net.
506[*] TARGET server: nginx
507[*] CC: NL
508[*] Country: Netherlands
509[*] RegionCode: ZH
510[*] RegionName: South Holland
511[*] City: Rotterdam
512[*] ASN: AS3265
513[*] BGP_PREFIX: 82.92.0.0/14
514[*] ISP: XS4ALL-NL Xs4all Internet BV, NL
515[INFO] DNS enumeration:
516[INFO] Possible abuse mails are:
517[*] abuse@boylinks.net
518[*] abuse@xs4all.nl
519[INFO] NO PAC (Proxy Auto Configuration) file FOUND
520[ALERT] robots.txt file FOUND in http://boylinks.net/robots.txt
521[INFO] Checking for HTTP status codes recursively from http://boylinks.net/robots.txt
522[INFO] Status code Folders
523[*] 200 http://boylinks.net/nudity.html
524[*] 200 http://boylinks.net/personalsites_pictures.html
525[INFO] Starting FUZZing in http://boylinks.net/FUzZzZzZzZz...
526[INFO] Status code Folders
527[ALERT] Look in the source code. It may contain passwords
528[INFO] SAME content in http://boylinks.net/ AND http://82.94.222.132/
529[INFO] Links found from http://boylinks.net/:
530[*] http://arabzplus.blogspot.com/
531[*] http://boylinks.net/
532[*] http://boylinks.net/a-a-e.html
533[*] http://boylinks.net/about.html
534[*] http://boylinks.net/basics_whatisboylove.html
535[*] http://boylinks.net/discussion_boards.html
536[*] http://boylinks.net/discussion_chat.html
537[*] http://boylinks.net/discussion_newsgroups.html
538[*] http://boylinks.net/faq.html
539[*] http://boylinks.net/literature_artsandphotography.html
540[*] http://boylinks.net/literature_authors.html
541[*] http://boylinks.net/literature_comingofage.html
542[*] http://boylinks.net/literature_gayyouth.html
543[*] http://boylinks.net/literature_intergenerational.html
544[*] http://boylinks.net/literature_nonfiction.html
545[*] http://boylinks.net/literature_poetry.html
546[*] http://boylinks.net/literature_resources.html
547[*] http://boylinks.net/movies_actors.html
548[*] http://boylinks.net/movies_adultactors.html
549[*] http://boylinks.net/movies_comingofage.html
550[*] http://boylinks.net/movies_documentaries.html
551[*] http://boylinks.net/movies_gayyouth.html
552[*] http://boylinks.net/movies_intergenerational.html
553[*] http://boylinks.net/movies_resources.html
554[*] http://boylinks.net/music_choirs.html
555[*] http://boylinks.net/music_musicians-adults.html
556[*] http://boylinks.net/music_musicians.html
557[*] http://boylinks.net/music_resources.html
558[*] http://boylinks.net/music_videoclips.html
559[*] http://boylinks.net/nudity.html
560[*] http://boylinks.net/onion-boards.html
561[*] http://boylinks.net/onion-links.html
562[*] http://boylinks.net/personalsites_art.html
563[*] http://boylinks.net/personalsites_blogs.html
564[*] http://boylinks.net/personalsites_boylovers.html
565[*] http://boylinks.net/personalsites_boys.html
566[*] http://boylinks.net/personalsites_pictures.html
567[*] http://boylinks.net/personalsites_servers.html
568[*] http://boylinks.net/personalsites_sports.html
569[*] http://boylinks.net/personalsites_videos.html
570[*] http://boylinks.net/resources_ageofconsent.html
571[*] http://boylinks.net/resources_boylove.html
572[*] http://boylinks.net/resources_censorship.html
573[*] http://boylinks.net/resources_childabuse.html
574[*] http://boylinks.net/resources_childpornography.html
575[*] http://boylinks.net/resources_childsexuality.html
576[*] http://boylinks.net/resources_communityinvolvement.html
577[*] http://boylinks.net/resources_fun.html
578[*] http://boylinks.net/resources_gayyouth.html
579[*] http://boylinks.net/resources_history.html
580[*] http://boylinks.net/resources_hysteria.html
581[*] http://boylinks.net/resources_legislation.html
582[*] http://boylinks.net/resources_miscellaneous.html
583[*] http://boylinks.net/resources_pedophilia.html
584[*] http://boylinks.net/resources_podcastsandradio.html
585[*] http://boylinks.net/resources_privacyandsecurity.html
586[*] http://boylinks.net/resources_research.html
587[*] http://boylinks.net/resources_surveys.html
588[*] http://boylinks.net/submission.html
589[*] http://boylinks.net/tos.html
590[*] http://la-faute-aux-hormones.over-blog.com/
591[*] http://outcast.wikia.com/wiki/Gabriel_Bateman
592[*] https://boylandonline.com/
593[*] https://boymovies.top/
594[*] https://boyplanet.net/
595[*] https://boyscycling.photo.blog/
596[*] https://fsco.freespirits.info/
597[*] https://fsco.freespirits.info/fundraiser/
598[*] https://fsco.freespirits.info/notice/
599[*] https://imagine-magazine.org/
600[*] https://imgur.com/a/3taQSDD
601[*] https://imgur.com/a/H3eDHIu
602[*] https://imgur.com/a/tOrX8Qj
603[*] https://imgur.com/a/UmEcbXo
604[*] https://imgur.com/a/zQAD7tY
605[*] https://lifeline.chat/
606[*] https://link.springer.com/article/10.1007/s12119-018-9519-1
607[*] https://meinlebenmitpeter.wordpress.com/
608[*] https://sonofganymedes.blogspot.com/
609[*] https://tomocarroll.wordpress.com/
610[*] https://www.amazon.com/Nilo-Demetrius-Brothers-Classical-Greece/dp/1532067992
611[*] https://www.amazon.co.uk/dp/B07P7F122N/ref=sr_1_2?s=books&ie=UTF8&qid=1551695270&sr=1-2&keywords=Michael+Jackson's+Dangerous+Liaisons
612[*] https://www.amazon.de/dp/B01MU81M6Y
613[*] https://www.amazon.de/große-Kamerad-Max-Meier-Jobst/dp/3743149044/
614[*] https://www.boylinks.net/submission.html
615[*] https://www.boymoment.com/
616[*] https://www.brongersma.info/Kids_Club_Anthology_01
617[*] https://www.imdb.com/name/nm7486593/?ref_=fn_al_nm_1
618[*] https://www.imdb.com/name/nm8843902/bio?ref_=nm_ov_bio_sm
619[*] https://www.weirdpm.xyz/
620[*] https://www.youtube.com/channel/UCfIUiUakyVosJ9SE_5yKuZw
621[*] https://www.youtube.com/channel/UCFs6WXQMMmAq0XXQ0ty0Pdw
622[*] https://www.youtube.com/channel/UCfvLH5R0Rv_GWldg_YfYacA/videos
623[*] https://www.youtube.com/channel/UCUBOD3tNNyFhwygwMBh6eGw
624[*] https://www.youtube.com/user/1jasonek
625[*] https://www.youtube.com/watch?v=26O3mOIgixg
626[*] https://www.youtube.com/watch?v=TkQBdiLWg5w&t=1242s
627[*] https://www.youtube.com/watch?v=zj57wkcqAtU
628[*] http://www.ethosonline.net/
629[*] http://www.greek-love.com/
630[*] http://www.imdb.com/name/nm3069420/?ref_=tt_cl_t5
631[*] http://www.imdb.com/name/nm7827879/?ref_=ttfc_fc_cl_t13
632[*] http://www.imdb.com/name/nm8071137/
633[*] http://www.imdb.com/title/tt0461613/?ref_=fn_al_tt_1
634[*] http://www.imdb.com/title/tt1433811/?ref_=fn_al_tt_1
635[*] http://www.monsterchildren.com/42377/the-helmets/
636[*] http://www.shfri.net/peers/peers.cgi
637[INFO] GOOGLE has 149,000 results (0.22 seconds) about http://boylinks.net/
638[INFO] BING shows 82.94.222.132 is shared with 22 hosts/vhosts
639[INFO] Shodan detected the following opened ports on 82.94.222.132:
640[*] 1
641[*] 143
642[*] 25
643[*] 4
644[*] 443
645[*] 80
646[*] 993
647[INFO] ------VirusTotal SECTION------
648[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
649[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
650[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
651[INFO] ------Alexa Rank SECTION------
652[INFO] Percent of Visitors Rank in Country:
653[INFO] Percent of Search Traffic:
654[INFO] Percent of Unique Visits:
655[INFO] Total Sites Linking In:
656[*] Total Sites
657[INFO] Useful links related to boylinks.net - 82.94.222.132:
658[*] https://www.virustotal.com/pt/ip-address/82.94.222.132/information/
659[*] https://www.hybrid-analysis.com/search?host=82.94.222.132
660[*] https://www.shodan.io/host/82.94.222.132
661[*] https://www.senderbase.org/lookup/?search_string=82.94.222.132
662[*] https://www.alienvault.com/open-threat-exchange/ip/82.94.222.132
663[*] http://pastebin.com/search?q=82.94.222.132
664[*] http://urlquery.net/search.php?q=82.94.222.132
665[*] http://www.alexa.com/siteinfo/boylinks.net
666[*] http://www.google.com/safebrowsing/diagnostic?site=boylinks.net
667[*] https://censys.io/ipv4/82.94.222.132
668[*] https://www.abuseipdb.com/check/82.94.222.132
669[*] https://urlscan.io/search/#82.94.222.132
670[*] https://github.com/search?q=82.94.222.132&type=Code
671[INFO] Useful links related to AS3265 - 82.92.0.0/14:
672[*] http://www.google.com/safebrowsing/diagnostic?site=AS:3265
673[*] https://www.senderbase.org/lookup/?search_string=82.92.0.0/14
674[*] http://bgp.he.net/AS3265
675[*] https://stat.ripe.net/AS3265
676[INFO] Date: 24/10/19 | Time: 12:38:11
677[INFO] Total time: 1 minute(s) and 21 second(s)
678#######################################################################################################################################
679Trying "boylinks.net"
680;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8659
681;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 5, ADDITIONAL: 4
682
683;; QUESTION SECTION:
684;boylinks.net. IN ANY
685
686;; ANSWER SECTION:
687boylinks.net. 1800 IN A 82.94.222.132
688boylinks.net. 1800 IN MX 10 box.isp-email.net.
689boylinks.net. 1800 IN TXT "v=spf1 mx -all"
690boylinks.net. 1800 IN SPF "v=spf1 mx -all"
691boylinks.net. 1800 IN SOA ns1.fscodns.net. hostmaster.freespirits.info. 2017042301 1800 1200 604800 600
692boylinks.net. 1800 IN NS ns2.fscodns.net.
693boylinks.net. 1800 IN NS ns1.fscodns.net.
694boylinks.net. 1800 IN NS ns3.fscodns.net.
695boylinks.net. 1800 IN NS ns3.freespirits.org.
696boylinks.net. 1800 IN NS ns4.freespirits.org.
697
698;; AUTHORITY SECTION:
699boylinks.net. 1800 IN NS ns1.fscodns.net.
700boylinks.net. 1800 IN NS ns3.fscodns.net.
701boylinks.net. 1800 IN NS ns4.freespirits.org.
702boylinks.net. 1800 IN NS ns3.freespirits.org.
703boylinks.net. 1800 IN NS ns2.fscodns.net.
704
705;; ADDITIONAL SECTION:
706ns2.fscodns.net. 43200 IN A 88.80.6.203
707ns1.fscodns.net. 43200 IN A 82.94.222.130
708ns3.fscodns.net. 43200 IN A 88.80.6.203
709ns3.fscodns.net. 43200 IN A 82.94.228.252
710
711Received 440 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 169 ms
712#######################################################################################################################################
713[*] Performing General Enumeration of Domain: boylinks.net
714[-] DNSSEC is not configured for boylinks.net
715[*] SOA ns1.fscodns.net 82.94.222.130
716[*] NS ns3.fscodns.net 88.80.6.203
717[*] NS ns3.fscodns.net 82.94.228.252
718[*] Bind Version for 82.94.228.252
719[*] NS ns1.fscodns.net 82.94.222.130
720[*] Bind Version for 82.94.222.130 private
721[*] NS ns2.fscodns.net 88.80.6.203
722[*] MX box.isp-email.net 79.124.7.219
723[*] A boylinks.net 82.94.222.132
724[*] SPF v=spf1 mx -all
725[*] TXT boylinks.net v=spf1 mx -all
726[*] Enumerating SRV Records
727[-] No SRV Records Found for boylinks.net
728[+] 0 Records Found
729#######################################################################################################################################
730[*] Processing domain boylinks.net
731[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
732[+] Getting nameservers
733[-] Getting nameservers failed
734[-] Zone transfer failed
735
736[+] MX records found, added to target list
73710 box.isp-email.net.
738
739[*] Scanning boylinks.net for A records
74082.94.222.132 - boylinks.net
74182.94.222.132 - www.boylinks.net
742
743#######################################################################################################################################
744
745 AVAILABLE PLUGINS
746 -----------------
747
748 OpenSslCcsInjectionPlugin
749 SessionResumptionPlugin
750 EarlyDataPlugin
751 CertificateInfoPlugin
752 HeartbleedPlugin
753 RobotPlugin
754 OpenSslCipherSuitesPlugin
755 SessionRenegotiationPlugin
756 CompressionPlugin
757 FallbackScsvPlugin
758 HttpHeadersPlugin
759
760
761
762 CHECKING HOST(S) AVAILABILITY
763 -----------------------------
764
765 82.94.222.132:443 => 82.94.222.132
766
767
768
769
770 SCAN RESULTS FOR 82.94.222.132:443 - 82.94.222.132
771 --------------------------------------------------
772
773 * Downgrade Attacks:
774 TLS_FALLBACK_SCSV: OK - Supported
775
776 * Session Renegotiation:
777 Client-initiated Renegotiation: OK - Rejected
778 Secure Renegotiation: OK - Supported
779
780 * TLS 1.2 Session Resumption Support:
781 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
782 With TLS Tickets: OK - Supported
783
784 * OpenSSL CCS Injection:
785 OK - Not vulnerable to OpenSSL CCS injection
786
787 * SSLV2 Cipher Suites:
788 Server rejected all cipher suites.
789
790 * Deflate Compression:
791 OK - Compression disabled
792
793 * ROBOT Attack:
794 OK - Not vulnerable, RSA cipher suites not supported
795
796 * TLSV1_3 Cipher Suites:
797 Server rejected all cipher suites.
798
799 * SSLV3 Cipher Suites:
800 Server rejected all cipher suites.
801
802 * Certificate Information:
803 Content
804 SHA1 Fingerprint: d7d1b3a8df84dad5ce54cdaeb1532f7e6e23a790
805 Common Name: boylinks.net
806 Issuer: Let's Encrypt Authority X3
807 Serial Number: 282573951568803766485766353952086996563052
808 Not Before: 2019-08-03 23:07:57
809 Not After: 2019-11-01 23:07:57
810 Signature Algorithm: sha256
811 Public Key Algorithm: RSA
812 Key Size: 2048
813 Exponent: 65537 (0x10001)
814 DNS Subject Alternative Names: ['boylinks.net', 'boylinks.org', 'www.boylinks.net', 'www.boylinks.org']
815
816 Trust
817 Hostname Validation: FAILED - Certificate does NOT match 82.94.222.132
818 Android CA Store (9.0.0_r9): OK - Certificate is trusted
819 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
820 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
821 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
822 Windows CA Store (2019-05-27): OK - Certificate is trusted
823 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
824 Received Chain: boylinks.net --> Let's Encrypt Authority X3
825 Verified Chain: boylinks.net --> Let's Encrypt Authority X3 --> DST Root CA X3
826 Received Chain Contains Anchor: OK - Anchor certificate not sent
827 Received Chain Order: OK - Order is valid
828 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
829
830 Extensions
831 OCSP Must-Staple: NOT SUPPORTED - Extension not found
832 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
833
834 OCSP Stapling
835 NOT SUPPORTED - Server did not send back an OCSP response
836
837 * TLSV1_1 Cipher Suites:
838 Forward Secrecy OK - Supported
839 RC4 OK - Not Supported
840
841 Preferred:
842 None - Server followed client cipher suite preference.
843 Accepted:
844 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
845 Undefined - An unexpected error happened:
846 TLS_RSA_WITH_NULL_SHA ConnectionRefusedError - [Errno 111] Connection refused
847 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
848 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
849 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
850 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
851
852 * OpenSSL Heartbleed:
853 OK - Not vulnerable to Heartbleed
854
855 * TLSV1_2 Cipher Suites:
856 Forward Secrecy OK - Supported
857 RC4 OK - Not Supported
858
859 Preferred:
860 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
861 Accepted:
862 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
863 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
864 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
865 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
866 Undefined - An unexpected error happened:
867 TLS_RSA_WITH_RC4_128_SHA ConnectionRefusedError - [Errno 111] Connection refused
868 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
869 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
870 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ConnectionRefusedError - [Errno 111] Connection refused
871 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
872 TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
873 TLS_DH_anon_WITH_AES_128_CBC_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
874 TLS_DH_DSS_WITH_AES_256_GCM_SHA384 ConnectionRefusedError - [Errno 111] Connection refused
875 TLS_DH_DSS_WITH_AES_128_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
876 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
877 TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
878 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
879 ECDHE_ECDSA_WITH_AES_128_CCM_8 ConnectionRefusedError - [Errno 111] Connection refused
880
881 * TLSV1 Cipher Suites:
882 Forward Secrecy OK - Supported
883 RC4 OK - Not Supported
884
885 Preferred:
886 None - Server followed client cipher suite preference.
887 Accepted:
888 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
889 Undefined - An unexpected error happened:
890 TLS_RSA_WITH_NULL_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
891 TLS_RSA_WITH_AES_128_CBC_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
892 TLS_ECDH_anon_WITH_NULL_SHA ConnectionRefusedError - [Errno 111] Connection refused
893 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
894 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
895 TLS_ECDH_ECDSA_WITH_NULL_SHA ConnectionRefusedError - [Errno 111] Connection refused
896 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
897 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 ConnectionRefusedError - [Errno 111] Connection refused
898 TLS_ECDHE_RSA_WITH_NULL_SHA ConnectionRefusedError - [Errno 111] Connection refused
899 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ConnectionRefusedError - [Errno 111] Connection refused
900 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ConnectionRefusedError - [Errno 111] Connection refused
901 TLS_DH_anon_WITH_RC4_128_MD5 ConnectionRefusedError - [Errno 111] Connection refused
902 TLS_DH_RSA_WITH_AES_256_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
903 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ConnectionRefusedError - [Errno 111] Connection refused
904 TLS_DHE_RSA_WITH_AES_256_CBC_SHA ConnectionRefusedError - [Errno 111] Connection refused
905
906
907 SCAN COMPLETED IN 14.44 S
908 -------------------------
909#######################################################################################################################################
910Domains still to check: 1
911 Checking if the hostname boylinks.net. given is in fact a domain...
912
913Analyzing domain: boylinks.net.
914 Checking NameServers using system default resolver...
915 WARNING! It seems that the NS server does not have an IP!
916
917 Checking MailServers using system default resolver...
918 IP: 79.124.7.219 (Bulgaria)
919 HostName: box.isp-email.net Type: MX
920 HostName: box.isp-email.net Type: PTR
921
922 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
923
924 Checking SPF record...
925
926 Checking 192 most common hostnames using system default resolver...
927 IP: 82.94.222.132 (Netherlands)
928 HostName: www.boylinks.net. Type: A
929
930 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
931 Checking netblock 82.94.222.0
932 Checking netblock 79.124.7.0
933
934 Searching for boylinks.net. emails in Google
935 submissions@boylinks.net.
936
937 Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
938 Host 82.94.222.132 is up (reset ttl 64)
939 Host 79.124.7.219 is up (reset ttl 64)
940
941 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
942 Scanning ip 82.94.222.132 (www.boylinks.net.):
943 80/tcp open http syn-ack ttl 57 nginx
944 |_http-favicon: Unknown favicon MD5: 103A99152A03E4792CD8BC15B8E3DD5F
945 | http-methods:
946 |_ Supported Methods: GET HEAD POST OPTIONS
947 | http-robots.txt: 3 disallowed entries
948 |_/personalsites_pictures.html /nudity.html /cgi/
949 |_http-title: BoyLinks
950 443/tcp open ssl/http syn-ack ttl 57 nginx
951 |_http-favicon: Unknown favicon MD5: 103A99152A03E4792CD8BC15B8E3DD5F
952 | http-methods:
953 |_ Supported Methods: GET HEAD POST OPTIONS
954 | http-robots.txt: 3 disallowed entries
955 |_/personalsites_pictures.html /nudity.html /cgi/
956 |_http-title: 400 The plain HTTP request was sent to HTTPS port
957 | ssl-cert: Subject: commonName=boylinks.net
958 | Subject Alternative Name: DNS:boylinks.net, DNS:boylinks.org, DNS:www.boylinks.net, DNS:www.boylinks.org
959 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
960 | Public Key type: rsa
961 | Public Key bits: 2048
962 | Signature Algorithm: sha256WithRSAEncryption
963 | Not valid before: 2019-08-03T23:07:57
964 | Not valid after: 2019-11-01T23:07:57
965 | MD5: 8394 0a75 0c33 e508 777f b354 1e52 17d6
966 |_SHA-1: d7d1 b3a8 df84 dad5 ce54 cdae b153 2f7e 6e23 a790
967 993/tcp open ssl/imaps? syn-ack ttl 57
968 |_ssl-date: TLS randomness does not represent time
969 Device type: general purpose|storage-misc|broadband router|WAP|phone
970 Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (94%), HP embedded (91%), Asus embedded (88%), Google Android 4.X (87%)
971 Scanning ip 79.124.7.219 (box.isp-email.net (PTR)):
972 WebCrawling domain's web servers... up to 50 max links.
973
974 + URL to crawl: http://www.boylinks.net.
975 + Date: 2019-10-24
976
977 + Crawling URL: http://www.boylinks.net.:
978 + Links:
979 + Crawling http://www.boylinks.net.
980 + Crawling http://www.boylinks.net./tos.html
981 + Crawling http://www.boylinks.net./submission.html
982 + Crawling http://www.boylinks.net./faq.html
983 + Crawling http://www.boylinks.net./about.html
984 + Crawling http://www.boylinks.net./a-a-e.html
985 + Crawling http://www.boylinks.net./basics_whatisboylove.html
986 + Crawling http://www.boylinks.net./discussion_boards.html
987 + Crawling http://www.boylinks.net./discussion_chat.html
988 + Crawling http://www.boylinks.net./discussion_newsgroups.html
989 + Crawling http://www.boylinks.net./literature_artsandphotography.html
990 + Crawling http://www.boylinks.net./literature_authors.html
991 + Crawling http://www.boylinks.net./literature_comingofage.html
992 + Crawling http://www.boylinks.net./literature_gayyouth.html
993 + Crawling http://www.boylinks.net./literature_intergenerational.html
994 + Crawling http://www.boylinks.net./literature_nonfiction.html
995 + Crawling http://www.boylinks.net./literature_poetry.html
996 + Crawling http://www.boylinks.net./literature_resources.html
997 + Crawling http://www.boylinks.net./movies_actors.html
998 + Crawling http://www.boylinks.net./movies_adultactors.html
999 + Crawling http://www.boylinks.net./movies_comingofage.html
1000 + Crawling http://www.boylinks.net./movies_documentaries.html
1001 + Crawling http://www.boylinks.net./movies_gayyouth.html
1002 + Crawling http://www.boylinks.net./movies_intergenerational.html
1003 + Crawling http://www.boylinks.net./movies_resources.html
1004 + Crawling http://www.boylinks.net./music_choirs.html
1005 + Crawling http://www.boylinks.net./music_musicians.html
1006 + Crawling http://www.boylinks.net./music_musicians-adults.html
1007 + Crawling http://www.boylinks.net./music_resources.html
1008 + Crawling http://www.boylinks.net./music_videoclips.html
1009 + Crawling http://www.boylinks.net./personalsites_art.html
1010 + Crawling http://www.boylinks.net./personalsites_blogs.html
1011 + Crawling http://www.boylinks.net./personalsites_boylovers.html
1012 + Crawling http://www.boylinks.net./personalsites_boys.html
1013 + Crawling http://www.boylinks.net./personalsites_pictures.html
1014 + Crawling http://www.boylinks.net./personalsites_servers.html
1015 + Crawling http://www.boylinks.net./personalsites_sports.html
1016 + Crawling http://www.boylinks.net./personalsites_videos.html
1017 + Crawling http://www.boylinks.net./resources_ageofconsent.html
1018 + Crawling http://www.boylinks.net./resources_boylove.html
1019 + Crawling http://www.boylinks.net./resources_censorship.html
1020 + Crawling http://www.boylinks.net./resources_childabuse.html
1021 + Crawling http://www.boylinks.net./resources_childpornography.html
1022 + Crawling http://www.boylinks.net./resources_childsexuality.html
1023 + Crawling http://www.boylinks.net./resources_fun.html
1024 + Crawling http://www.boylinks.net./resources_gayyouth.html
1025 + Crawling http://www.boylinks.net./resources_history.html
1026 + Crawling http://www.boylinks.net./resources_hysteria.html
1027 + Crawling http://www.boylinks.net./resources_communityinvolvement.html
1028 + Crawling http://www.boylinks.net./resources_legislation.html
1029 + Searching for directories...
1030 + Searching open folders...
1031 + Crawl finished successfully.
1032----------------------------------------------------------------------
1033Summary of http://http://www.boylinks.net.
1034----------------------------------------------------------------------
1035+ Links crawled:
1036 - http://www.boylinks.net.
1037 - http://www.boylinks.net./a-a-e.html
1038 - http://www.boylinks.net./about.html
1039 - http://www.boylinks.net./basics_whatisboylove.html
1040 - http://www.boylinks.net./discussion_boards.html
1041 - http://www.boylinks.net./discussion_chat.html
1042 - http://www.boylinks.net./discussion_newsgroups.html
1043 - http://www.boylinks.net./faq.html
1044 - http://www.boylinks.net./literature_artsandphotography.html
1045 - http://www.boylinks.net./literature_authors.html
1046 - http://www.boylinks.net./literature_comingofage.html
1047 - http://www.boylinks.net./literature_gayyouth.html
1048 - http://www.boylinks.net./literature_intergenerational.html
1049 - http://www.boylinks.net./literature_nonfiction.html
1050 - http://www.boylinks.net./literature_poetry.html
1051 - http://www.boylinks.net./literature_resources.html
1052 - http://www.boylinks.net./movies_actors.html
1053 - http://www.boylinks.net./movies_adultactors.html
1054 - http://www.boylinks.net./movies_comingofage.html
1055 - http://www.boylinks.net./movies_documentaries.html
1056 - http://www.boylinks.net./movies_gayyouth.html
1057 - http://www.boylinks.net./movies_intergenerational.html
1058 - http://www.boylinks.net./movies_resources.html
1059 - http://www.boylinks.net./music_choirs.html
1060 - http://www.boylinks.net./music_musicians-adults.html
1061 - http://www.boylinks.net./music_musicians.html
1062 - http://www.boylinks.net./music_resources.html
1063 - http://www.boylinks.net./music_videoclips.html
1064 - http://www.boylinks.net./personalsites_art.html
1065 - http://www.boylinks.net./personalsites_blogs.html
1066 - http://www.boylinks.net./personalsites_boylovers.html
1067 - http://www.boylinks.net./personalsites_boys.html
1068 - http://www.boylinks.net./personalsites_pictures.html
1069 - http://www.boylinks.net./personalsites_servers.html
1070 - http://www.boylinks.net./personalsites_sports.html
1071 - http://www.boylinks.net./personalsites_videos.html
1072 - http://www.boylinks.net./resources_ageofconsent.html
1073 - http://www.boylinks.net./resources_boylove.html
1074 - http://www.boylinks.net./resources_censorship.html
1075 - http://www.boylinks.net./resources_childabuse.html
1076 - http://www.boylinks.net./resources_childpornography.html
1077 - http://www.boylinks.net./resources_childsexuality.html
1078 - http://www.boylinks.net./resources_communityinvolvement.html
1079 - http://www.boylinks.net./resources_fun.html
1080 - http://www.boylinks.net./resources_gayyouth.html
1081 - http://www.boylinks.net./resources_history.html
1082 - http://www.boylinks.net./resources_hysteria.html
1083 - http://www.boylinks.net./resources_legislation.html
1084 - http://www.boylinks.net./submission.html
1085 - http://www.boylinks.net./tos.html
1086 Total links crawled: 50
1087
1088+ Links to files found:
1089 - http://www.boylinks.net./divider.gif
1090 - http://www.boylinks.net./logo2.gif
1091 Total links to files: 2
1092
1093+ Externals links found:
1094 - http://209.157.64.201/focus/f-news/1869843/posts
1095 - http://abcnews.go.com/Primetime/LegalCenter/story?id=1693362&page=1
1096 - http://agetaboo.org/
1097 - http://ahbandit-capturedmoments.blogspot.com/
1098 - http://ahbandit-capturedmoments3.blogspot.com/
1099 - http://alexander.fpc.li/
1100 - http://alexander6260.tripod.com/id4.html
1101 - http://alexandre.roman.free.fr
1102 - http://alexis.fpc.li/
1103 - http://almostangels.org/
1104 - http://alvaromonje.tripod.com/alvaromonje1.htm
1105 - http://antfarm.wikia.com/wiki/Jake_Short
1106 - http://anthro.palomar.edu/marriage/default.htm
1107 - http://antipreconceitointeretario.blogspot.com/
1108 - http://arabzplus.blogspot.com/
1109 - http://areallmenpedophiles.com/
1110 - http://arstechnica.com/tech-policy/news/2010/07/sexting-and-child-porn-are-they-any-different.ars
1111 - http://artcontroversies.wordpress.com/
1112 - http://articles.sfgate.com/2010-08-29/opinion/22949948_1_karzai-family-afghan-men-president-hamid-karzai
1113 - http://astore.amazon.com/movielad02-20
1114 - http://au.groups.yahoo.com/group/IvorsMegaboyArt/
1115 - http://barebear1.blogspot.com/p/about-me.html
1116 - http://barretoliverarchive.blogspot.com/
1117 - http://bldenicek.wz.cz/
1118 - http://blog.al.com/live/2008/06/forcing_suspect_to_divulge_pas.html
1119 - http://blog.livedoor.jp/o2ch/archives/1270943.html
1120 - http://blogoscoped.com/archive/2006-06-23-n12.html
1121 - http://blogs.wsj.com/digits/2010/11/11/pedophilia-book-removed-from-amazon-but-others-remain/
1122 - http://blossum_1984.tripod.com/risingstars_jakerichardson/
1123 - http://boijoi.blogspot.com/
1124 - http://books.google.com/books?id=C37q4LOUNcgC&pg=PA145&lpg=PA145&dq=Boylovers+and+Their+Influence+on+Boys&source=bl&ots=vp7ZuyaOtI&sig=ZAYoL5O_p7HuRtJSectp1jklBUA&hl=en&ei=0NgVS4mbAZKK4QaF1Z3LBg&sa=X&oi=book_result&ct=result&resnum=1&ved=0CAoQ6AEwAA
1125 - http://borngaybornthisway.blogspot.com/
1126 - http://borngaybornthisway.blogspot.com/2011/01/javier.html
1127 - http://borngaybornthisway.blogspot.com/2011/01/seth.html
1128 - http://boyactors.tripod.com
1129 - http://boymusical.blogspot.com/
1130 - http://boywrite.ivan.net/
1131 - http://breizhman.wordpress.com/
1132 - http://brendanmckensy.tripod.com/
1133 - http://britishpublicschools.over-blog.com
1134 - http://cadet.freewebspace.com/
1135 - http://carloz.fpc.li/
1136 - http://cecidilhaaoquadrado.wordpress.com/
1137 - http://charlie_lucas.tripod.com/
1138 - http://christianchildlove.blogspot.com/
1139 - http://ciniboiz.wordpress.com/
1140 - http://clerk.house.gov/evs/2003/roll127.xml
1141 - http://cpexplosion.wordpress.com/
1142 - http://cyber.law.harvard.edu/sites/cyber.law.harvard.edu/files/Sacco_Argudin_Maguire_Tallon_Sexting_Jun2010.pdf
1143 - http://damiandrake.de/buecher/ausradiert-wenn-hass-zu-liebe-wird.html
1144 - http://damiandrake.de/buecher/im-rausch-der-love-parade.html
1145 - http://dan4.wz.cz/
1146 - http://de.boywiki.org/
1147 - http://declangalbraith.greatnow.com
1148 - http://defendingthepaederotic.wordpress.com/
1149 - http://derekizatt.co.uk
1150 - http://destroyerjournal.com/
1151 - http://destroyermap.imgsrc.ru/
1152 - http://disney.wikia.com/wiki/Maxim_Knight
1153 - http://en.boywiki.org/
1154 - http://en.wikipedia.org/wiki/%C3%84ideist%C3%A4_parhain
1155 - http://en.wikipedia.org/wiki/Age_of_consent
1156 - http://en.wikipedia.org/wiki/Age_of_consent_reform
1157 - http://en.wikipedia.org/wiki/Child_pornography_laws_in_the_United_States
1158 - http://en.wikipedia.org/wiki/Day_care_sexual_abuse_hysteria
1159 - http://en.wikipedia.org/wiki/Die_Konsequenz
1160 - http://en.wikipedia.org/wiki/Extremely_Loud_and_Incredibly_Close
1161 - http://en.wikipedia.org/wiki/False_memories
1162 - http://en.wikipedia.org/wiki/Gerald_Amirault
1163 - http://en.wikipedia.org/wiki/Greyson_Chance
1164 - http://en.wikipedia.org/wiki/Kern_county_child_abuse_cases
1165 - http://en.wikipedia.org/wiki/Me_and_You_and_Everyone_We_Know
1166 - http://en.wikipedia.org/wiki/PROTECT_Act_of_2003
1167 - http://en.wikipedia.org/wiki/Pederasty
1168 - http://en.wikipedia.org/wiki/The_End_of_Alice
1169 - http://en.wikipedia.org/wiki/Uranian_poetry
1170 - http://en.wikipedia.org/wiki/Wee_Care_Nursery_School
1171 - http://en.wikipedia.org/wiki/Where_Eskimos_Live
1172 - http://erikrapp.com/
1173 - http://exitinterview.biz/
1174 - http://exitinterview.biz/rarities/ijglfull.htm
1175 - http://exitinterview.biz/rarities/kalfull.htm
1176 - http://exitinterview.biz/rarities/panfull.htm
1177 - http://fr.boywiki.org/
1178 - http://futurefilmstars.wordpress.com/
1179 - http://gayboysupport.com/
1180 - http://gnothe.net/
1181 - http://groups.google.com/
1182 - http://headshotsfaceboys.com/
1183 - http://histclo.com/app/index.html
1184 - http://ifap.ru/library/book414.pdf
1185 - http://il-sito-di-p.fpc.li/
1186 - http://imagine-magazine.org/store/comicality/
1187 - http://imdb.com/title/tt0389903/
1188 - http://imdb.com/title/tt0408664/
1189 - http://imgsrc.ru/boyshor12/34835189.html
1190 - http://imgsrc.ru/clovercds/a539349.html
1191 - http://imgsrc.ru/main/user.php?user=boyshor12
1192 - http://imgsrc.ru/main/user.php?user=excentrix001
1193 - http://imgsrc.ru/main/user.php?user=gerrymaause
1194 - http://imgsrc.ru/main/user.php?user=latteebl
1195 - http://imgsrc.ru/main/user.php?user=lukinha-br&nc=1493542405
1196 - http://imgsrc.ru/main/user.php?user=mykingfisher
1197 - http://imgsrc.ru/main/user.php?user=regentkreuz007
1198 - http://imgsrc.ru/main/user.php?user=stoner27
1199 - http://imgsrc.ru/main/user.php?user=torm1960
1200 - http://imgsrc.ru/users/boysinaddidas
1201 - http://imgsrc.ru/users/epicat
1202 - http://imgsrc.ru/users/rinrin
1203 - http://imgsrc.ru/users/snowboyes
1204 - http://iomfats.org/
1205 - http://is.muni.cz/repo/721572/?lang=en;so=td
1206 - http://jimmypinchak.com/
1207 - http://jiwo3.000webhostapp.com/Index.htm
1208 - http://joe_prospero.tripod.com/
1209 - http://jungsforum.net/
1210 - http://jungsforum.net/chat.htm
1211 - http://jungsforum.net/meta/
1212 - http://kajvandervoort.nl/
1213 - http://ketzerschriften.net
1214 - http://kidsmusic.info/artists
1215 - http://kidsvocal.discutforum.com
1216 - http://l.ogre.free.fr/index.htm
1217 - http://la-faute-aux-hormones.over-blog.com/
1218 - http://lawyersusaonline.com/benchmarks/2010/05/05/suggestive-interviewing-expert-allowed-in-child-molestation-trial/
1219 - http://legarcon.net/
1220 - http://legarcon.net/ycdtolg/
1221 - http://leo-howard.com/
1222 - http://louiesinger.wordpress.com/
1223 - http://mafianet.de/
1224 - http://malicieux.com/livres.html
1225 - http://marco-konegger.magix.net/website/
1226 - http://members.tripod.com/~zeusgany/Links.html
1227 - http://mikeblack.fpc.li/
1228 - http://movies.nytimes.com/movie/271781/The-Nature-of-Nicholas/overview
1229 - http://movies.nytimes.com/movie/319682/When-Beckham-Met-Owen/overview
1230 - http://mypicsandmovies.blogspot.com/
1231 - http://ndpr.nd.edu/review.cfm?id=1381
1232 - http://news.bbc.co.uk/1/hi/uk/61232.stm
1233 - http://news.bbc.co.uk/1/hi/uk_politics/1047291.stm
1234 - http://news.bbc.co.uk/1/hi/world/americas/4746760.stm
1235 - http://news.bbc.co.uk/2/hi/programmes/newsnight/8569219.stm
1236 - http://news.bbc.co.uk/2/hi/uk_news/7474692.stm
1237 - http://news.bbc.co.uk/2/hi/uk_news/england/staffordshire/5176802.stm
1238 - http://news.scotsman.com/edinburgh/Paedophile-jailed--for-life.6264173.jp
1239 - http://news.scotsman.com/features.cfm?id=63382005
1240 - http://nice-boys-films.blogspot.com/
1241 - http://niklas-komiks.50webs.com/menu.htm
1242 - http://noelfilms.com/
1243 - http://observer.guardian.co.uk/review/story/0,,1789768,00.html
1244 - http://observer.guardian.co.uk/uk_news/story/0,,1749997,00.html
1245 - http://online.wsj.com/article/SB10001424052748703779704576073752925629440.html
1246 - http://online.wsj.com/article/SB118782905698506010.html?mod=Moving-On
1247 - http://online.wsj.com/article/SB118903209653018615.html
1248 - http://ourlovefrontier.com/
1249 - http://ourlovenotreamour.blogspot.com/
1250 - http://outcast.wikia.com/wiki/Gabriel_Bateman
1251 - http://pca1978.wordpress.com/
1252 - http://pinroot.wordpress.com/2010/02/27/dad-branded-a-paedophile-over-pic-of-son/
1253 - http://politics.guardian.co.uk/homeaffairs/comment/0,11026,973480,00.html
1254 - http://pw1.netcom.com/~docx2/USB1.htm
1255 - http://resumes.actorsaccess.com/trentonrogers
1256 - http://rictornorton.co.uk/beefcake.htm
1257 - http://rictornorton.co.uk/symonds/index.htm
1258 - http://search.barnesandnoble.com/David-Is-a-Greek-Name/Stephen-John/e/9780595492190/?itm=3
1259 - http://singerboyvids.tumblr.com/
1260 - http://society.guardian.co.uk/children/story/0,1074,1408827,00.html
1261 - http://spatz194.fpc.li/
1262 - http://star-wars-canon.wikia.com/wiki/Temirlan_Blaev
1263 - http://susiebright.blogs.com/Adler_ThePerverseLawofChildPornography.pdf
1264 - http://taabc.org/
1265 - http://technology.guardian.co.uk/news/story/0,,1811338,00.html
1266 - http://theuncertainsex.over-blog.com/
1267 - http://theviolators.webs.com/index.htm
1268 - http://thomas.loc.gov/cgi-bin/query/z?c105:H.R.3494:
1269 - http://thomas.loc.gov/cgi-bin/query/z?c109:H.R.3132:
1270 - http://thomas.loc.gov/cgi-bin/query/z?c109:h.r.04472:
1271 - http://tobymillszivanovic.tripod.com/
1272 - http://troop72.com/
1273 - http://twinergyandtheboysofclearlake.wordpress.com/
1274 - http://ukrajina.7x.cz/
1275 - http://uryourstory.org/
1276 - http://us.imdb.com/title/tt0024803/
1277 - http://us.imdb.com/title/tt0039949/
1278 - http://us.imdb.com/title/tt0040765/
1279 - http://us.imdb.com/title/tt0049787/
1280 - http://us.imdb.com/title/tt0050934/
1281 - http://us.imdb.com/title/tt0054949/
1282 - http://us.imdb.com/title/tt0057842/
1283 - http://us.imdb.com/title/tt0066101/
1284 - http://us.imdb.com/title/tt0067445/
1285 - http://us.imdb.com/title/tt0067489/
1286 - http://us.imdb.com/title/tt0067959/
1287 - http://us.imdb.com/title/tt0074084/
1288 - http://us.imdb.com/title/tt0080662/
1289 - http://us.imdb.com/title/tt0083517/
1290 - http://us.imdb.com/title/tt0087685/
1291 - http://us.imdb.com/title/tt0089677/
1292 - http://us.imdb.com/title/tt0089748/
1293 - http://us.imdb.com/title/tt0091375/
1294 - http://us.imdb.com/title/tt0093371/
1295 - http://us.imdb.com/title/tt0094595/
1296 - http://us.imdb.com/title/tt0102494/
1297 - http://us.imdb.com/title/tt0102583/
1298 - http://us.imdb.com/title/tt0102840/
1299 - http://us.imdb.com/title/tt0104753/
1300 - http://us.imdb.com/title/tt0106473/
1301 - http://us.imdb.com/title/tt0107501/
1302 - http://us.imdb.com/title/tt0108504/
1303 - http://us.imdb.com/title/tt0109410/
1304 - http://us.imdb.com/title/tt0111102/
1305 - http://us.imdb.com/title/tt0111486/
1306 - http://us.imdb.com/title/tt0111666/
1307 - http://us.imdb.com/title/tt0112923/
1308 - http://us.imdb.com/title/tt0115640/
1309 - http://us.imdb.com/title/tt0117336/
1310 - http://us.imdb.com/title/tt0118043/
1311 - http://us.imdb.com/title/tt0119574/
1312 - http://us.imdb.com/title/tt0120510/
1313 - http://us.imdb.com/title/tt0123003/
1314 - http://us.imdb.com/title/tt0124207/
1315 - http://us.imdb.com/title/tt0138414/
1316 - http://us.imdb.com/title/tt0139499/
1317 - http://us.imdb.com/title/tt0146315/
1318 - http://us.imdb.com/title/tt0159307/
1319 - http://us.imdb.com/title/tt0175680/
1320 - http://us.imdb.com/title/tt0185102/
1321 - http://us.imdb.com/title/tt0242193/
1322 - http://us.imdb.com/title/tt0242587/
1323 - http://us.imdb.com/title/tt0249462/
1324 - http://us.imdb.com/title/tt0250478/
1325 - http://us.imdb.com/title/tt0250809/
1326 - http://us.imdb.com/title/tt0252501/
1327 - http://us.imdb.com/title/tt0253063/
1328 - http://us.imdb.com/title/tt0259072/
1329 - http://us.imdb.com/title/tt0288192/
1330 - http://us.imdb.com/title/tt0334405/
1331 - http://us.imdb.com/title/tt0342172/
1332 - http://us.imdb.com/title/tt0398861/
1333 - http://vimeo.com/10828494
1334 - http://vimeo.com/6781385
1335 - http://w-ribbon.tripod.com/
1336 - http://watchmor.blogspot.com/
1337 - http://waynedalglish.tripod.com/
1338 - http://wikileaks.org/wiki/An_insight_into_child_porn
1339 - http://williamapercy.com/wiki/index.php?title=Main_Page
1340 - http://world-unity.net
1341 - http://worldofboys.info/
1342 - http://writ.news.findlaw.com/colb/20050921.html/
1343 - http://writ.news.findlaw.com/hilden/20050830.html
1344 - http://www.10zenmonkeys.com/2007/07/06/sex-panic-an-interview-with-debbie-nathan/
1345 - http://www.1111movie.blogspot.com/
1346 - http://www.7dvt.com/2010sympathy-devil
1347 - http://www.AlterHeros.com
1348 - http://www.abc.net.au/news/stories/2010/07/21/2960252.htm
1349 - http://www.about-a-boy.com/
1350 - http://www.abqboychoir.org/
1351 - http://www.adopting.org/
1352 - http://www.adoptuskids.org
1353 - http://www.afn.org/~afn09744/childhood
1354 - http://www.aic.gov.au/events/aic%20upcoming%20events/1997/~/media/conferences/paedophilia/buchanan.ashx
1355 - http://www.alecinwilderland.com/
1356 - http://www.aljazeera.com/indepth/opinion/2012/10/2012101474052331874.html
1357 - http://www.amazon.com/Alexanders-Choice-Edmund-Marlowe/dp/1481222112/
1358 - http://www.amazon.com/Before-Homosexuality-Arab-Islamic-World-1500-1800/dp/0226729893/
1359 - http://www.amazon.com/Boyhood-Salad-Al-Stewart/dp/1449578756
1360 - http://www.amazon.com/Boys-Their-Contacts-Men-Friendships/dp/1557410054
1361 - http://www.amazon.com/California-Bernard-Alapetite/dp/1605300551
1362 - http://www.amazon.com/Defence-Uranian-Edward-Perry-Warren/dp/193455569X/
1363 - http://www.amazon.com/Gone-From-Daylight-ebook/dp/B008HFOH86
1364 - http://www.amazon.com/Kite-Music-Gary-Shellhart/dp/0934411077
1365 - http://www.amazon.com/Michael-Jackson-Was-My-Lover/dp/9562723054
1366 - http://www.amazon.com/Michael-Jacksons-Dangerous-Liaisons-Carl/dp/1848763409
1367 - http://www.amazon.com/Naked-Child-Dennis-Craig-Smith/dp/0865480567
1368 - http://www.amazon.com/Reasons-Heart-Bron-Nicholls/dp/0140230742
1369 - http://www.amazon.com/Return-Innocence-G-M-Frazier/dp/1463581793/
1370 - http://www.amazon.com/Sandel-ebook/dp/B00EGXTH60/
1371 - http://www.amazon.com/dp/B007J4DDRM
1372 - http://www.amazon.com/dp/B0098PZ6OI
1373 - http://www.amazon.com/exec/obidos/ASIN/0060194995/
1374 - http://www.amazon.com/exec/obidos/ASIN/0060541490/
1375 - http://www.amazon.com/exec/obidos/ASIN/0060563028/
1376 - http://www.amazon.com/exec/obidos/ASIN/0060563036/
1377 - http://www.amazon.com/exec/obidos/ASIN/0060568984/
1378 - http://www.amazon.com/exec/obidos/ASIN/0060926864/
1379 - http://www.amazon.com/exec/obidos/ASIN/0061091316/
1380 - http://www.amazon.com/exec/obidos/ASIN/006440174X/
1381 - http://www.amazon.com/exec/obidos/ASIN/0064470288/
1382 - http://www.amazon.com/exec/obidos/ASIN/0070409684/
1383 - http://www.amazon.com/exec/obidos/ASIN/0121631052/
1384 - http://www.amazon.com/exec/obidos/ASIN/0226092445/
1385 - http://www.amazon.com/exec/obidos/ASIN/0292701969/
1386 - http://www.amazon.com/exec/obidos/ASIN/0312097883/
1387 - http://www.amazon.com/exec/obidos/ASIN/0312104332/
1388 - http://www.amazon.com/exec/obidos/ASIN/0312169078/
1389 - http://www.amazon.com/exec/obidos/ASIN/0312263031/
1390 - http://www.amazon.com/exec/obidos/ASIN/0312283709/
1391 - http://www.amazon.com/exec/obidos/ASIN/0312289480/
1392 - http://www.amazon.com/exec/obidos/ASIN/0312305036/
1393 - http://www.amazon.com/exec/obidos/ASIN/031242227X/
1394 - http://www.amazon.com/exec/obidos/ASIN/0312422369/
1395 - http://www.amazon.com/exec/obidos/ASIN/0312722753/
1396 - http://www.amazon.com/exec/obidos/ASIN/0345453891/
1397 - http://www.amazon.com/exec/obidos/ASIN/0345467949/
1398 - http://www.amazon.com/exec/obidos/ASIN/0349113009/
1399 - http://www.amazon.com/exec/obidos/ASIN/0374237239/
1400 - http://www.amazon.com/exec/obidos/ASIN/0374517770/
1401 - http://www.amazon.com/exec/obidos/ASIN/0375403760/
1402 - http://www.amazon.com/exec/obidos/ASIN/0375726829/
1403 - http://www.amazon.com/exec/obidos/ASIN/0375759387/
1404 - http://www.amazon.com/exec/obidos/ASIN/0375824006/
1405 - http://www.amazon.com/exec/obidos/ASIN/0394523512/
1406 - http://www.amazon.com/exec/obidos/ASIN/0394569873/
1407 - http://www.amazon.com/exec/obidos/ASIN/0394716531/
1408 - http://www.amazon.com/exec/obidos/ASIN/0394718429/
1409 - http://www.amazon.com/exec/obidos/ASIN/0394751019/
1410 - http://www.amazon.com/exec/obidos/ASIN/0395353009/
1411 - http://www.amazon.com/exec/obidos/ASIN/0399135847/
1412 - http://www.amazon.com/exec/obidos/ASIN/0399518835/
1413 - http://www.amazon.com/exec/obidos/ASIN/0404615074/
1414 - http://www.amazon.com/exec/obidos/ASIN/0425190366/
1415 - http://www.amazon.com/exec/obidos/ASIN/0446364754/
1416 - http://www.amazon.com/exec/obidos/ASIN/0446394386/
1417 - http://www.amazon.com/exec/obidos/ASIN/0451170822/
1418 - http://www.amazon.com/exec/obidos/ASIN/0451181859/
1419 - http://www.amazon.com/exec/obidos/ASIN/0452258200/
1420 - http://www.amazon.com/exec/obidos/ASIN/0452260337/
1421 - http://www.amazon.com/exec/obidos/ASIN/0465071724/
1422 - http://www.amazon.com/exec/obidos/ASIN/0525941029/
1423 - http://www.amazon.com/exec/obidos/ASIN/0552998249/
1424 - http://www.amazon.com/exec/obidos/ASIN/0553378228/
1425 - http://www.amazon.com/exec/obidos/ASIN/0571208207/
1426 - http://www.amazon.com/exec/obidos/ASIN/0595245277/
1427 - http://www.amazon.com/exec/obidos/ASIN/0595274307/
1428 - http://www.amazon.com/exec/obidos/ASIN/0618329706/
1429 - http://www.amazon.com/exec/obidos/ASIN/0671743058/
1430 - http://www.amazon.com/exec/obidos/ASIN/067174707X/
1431 - http://www.amazon.com/exec/obidos/ASIN/0679417796/
1432 - http://www.amazon.com/exec/obidos/ASIN/0679435328/
1433 - http://www.amazon.com/exec/obidos/ASIN/0679454470/
1434 - http://www.amazon.com/exec/obidos/ASIN/0679741917/
1435 - http://www.amazon.com/exec/obidos/ASIN/0679766529/
1436 - http://www.amazon.com/exec/obidos/ASIN/0684849577/
1437 - http://www.amazon.com/exec/obidos/ASIN/0684853205/
1438 - http://www.amazon.com/exec/obidos/ASIN/068984445X/
1439 - http://www.amazon.com/exec/obidos/ASIN/0695811614/
1440 - http://www.amazon.com/exec/obidos/ASIN/0715627090/
1441 - http://www.amazon.com/exec/obidos/ASIN/0743222946/
1442 - http://www.amazon.com/exec/obidos/ASIN/0743236955/
1443 - http://www.amazon.com/exec/obidos/ASIN/0743437756
1444 - http://www.amazon.com/exec/obidos/ASIN/0743439929/
1445 - http://www.amazon.com/exec/obidos/ASIN/0745162363/
1446 - http://www.amazon.com/exec/obidos/ASIN/0786712473/
1447 - http://www.amazon.com/exec/obidos/ASIN/0789007436/
1448 - http://www.amazon.com/exec/obidos/ASIN/0789011999/
1449 - http://www.amazon.com/exec/obidos/ASIN/0802116353/
1450 - http://www.amazon.com/exec/obidos/ASIN/080213422X/
1451 - http://www.amazon.com/exec/obidos/ASIN/0802136958/
1452 - http://www.amazon.com/exec/obidos/ASIN/0802136966/
1453 - http://www.amazon.com/exec/obidos/ASIN/0802139280/
1454 - http://www.amazon.com/exec/obidos/ASIN/0802140017/
1455 - http://www.amazon.com/exec/obidos/ASIN/0805061835/
1456 - http://www.amazon.com/exec/obidos/ASIN/0807072621/
1457 - http://www.amazon.com/exec/obidos/ASIN/0810933292/
1458 - http://www.amazon.com/exec/obidos/ASIN/0811213358/
1459 - http://www.amazon.com/exec/obidos/ASIN/0814907733/
1460 - http://www.amazon.com/exec/obidos/ASIN/0816640068/
1461 - http://www.amazon.com/exec/obidos/ASIN/0837198089/
1462 - http://www.amazon.com/exec/obidos/ASIN/083971193X/
1463 - http://www.amazon.com/exec/obidos/ASIN/0847825868/
1464 - http://www.amazon.com/exec/obidos/ASIN/0856355593/
1465 - http://www.amazon.com/exec/obidos/ASIN/0874778875/
1466 - http://www.amazon.com/exec/obidos/ASIN/0874779197/
1467 - http://www.amazon.com/exec/obidos/ASIN/0893815187/
1468 - http://www.amazon.com/exec/obidos/ASIN/0914301233/
1469 - http://www.amazon.com/exec/obidos/ASIN/0939149958/
1470 - http://www.amazon.com/exec/obidos/ASIN/0940512491/
1471 - http://www.amazon.com/exec/obidos/ASIN/0975926403/
1472 - http://www.amazon.com/exec/obidos/ASIN/1403380627/
1473 - http://www.amazon.com/exec/obidos/ASIN/1425164188/
1474 - http://www.amazon.com/exec/obidos/ASIN/1555834930/
1475 - http://www.amazon.com/exec/obidos/ASIN/1555973671/
1476 - http://www.amazon.com/exec/obidos/ASIN/1556524641/
1477 - http://www.amazon.com/exec/obidos/ASIN/1560234385/
1478 - http://www.amazon.com/exec/obidos/ASIN/1563334623/
1479 - http://www.amazon.com/exec/obidos/ASIN/1563841908/
1480 - http://www.amazon.com/exec/obidos/ASIN/1569802475/
1481 - http://www.amazon.com/exec/obidos/ASIN/1589636376/
1482 - http://www.amazon.com/exec/obidos/ASIN/1591960371/
1483 - http://www.amazon.com/exec/obidos/ASIN/1843910314/
1484 - http://www.amazon.com/exec/obidos/ASIN/1877135623/
1485 - http://www.amazon.com/exec/obidos/ASIN/1882593693/
1486 - http://www.amazon.com/exec/obidos/ASIN/1884468012/
1487 - http://www.amazon.com/exec/obidos/ASIN/1901285286/
1488 - http://www.amazon.com/exec/obidos/ASIN/1901285448/
1489 - http://www.amazon.com/exec/obidos/ASIN/3931141128/
1490 - http://www.amazon.com/exec/obidos/ASIN/B0006AX5C4/
1491 - http://www.amazon.com/exec/obidos/ASIN/B0007DTMRM/
1492 - http://www.amazon.com/exec/obidos/ISBN=0140233903/
1493 - http://www.amazon.com/exec/obidos/ISBN=0140318909/
1494 - http://www.amazon.com/exec/obidos/ISBN=015128122X/
1495 - http://www.amazon.com/exec/obidos/ISBN=0252022092/
1496 - http://www.amazon.com/exec/obidos/ISBN=0312244444/
1497 - http://www.amazon.com/exec/obidos/ISBN=0374186294/
1498 - http://www.amazon.com/exec/obidos/ISBN=0385312377/
1499 - http://www.amazon.com/exec/obidos/ISBN=0393317013/
1500 - http://www.amazon.com/exec/obidos/ISBN=041591003X/
1501 - http://www.amazon.com/exec/obidos/ISBN=0415916771/
1502 - http://www.amazon.com/exec/obidos/ISBN=0486287149/
1503 - http://www.amazon.com/exec/obidos/ISBN=0684829924/
1504 - http://www.amazon.com/exec/obidos/ISBN=0821620037/
1505 - http://www.amazon.com/exec/obidos/ISBN=0822321939/
1506 - http://www.amazon.com/exec/obidos/ISBN=0854490981/
1507 - http://www.amazon.com/exec/obidos/ISBN=0854492313/
1508 - http://www.amazon.com/exec/obidos/ISBN=0890878536/
1509 - http://www.amazon.com/exec/obidos/ISBN=0893818534/
1510 - http://www.amazon.com/exec/obidos/ISBN=0968909612/
1511 - http://www.amazon.com/exec/obidos/ISBN=1555836011/
1512 - http://www.amazon.com/exec/obidos/ISBN=1573220876/
1513 - http://www.amazon.com/exec/obidos/asin/0854491546/
1514 - http://www.americanboychoir.org/
1515 - http://www.andreasvarady.com/
1516 - http://www.angelfire.com/biz2/YoungActors/josephmazzello.html
1517 - http://www.angelfire.com/co3/raoul/
1518 - http://www.angelfire.com/fl3/cousins/index.html
1519 - http://www.angelfire.com/me2/malloryjake/
1520 - http://www.angelfire.com/ns/ansset/
1521 - http://www.angelfire.com/ns/gyl/index.html
1522 - http://www.angelfire.com/pa2/baseballpics/index.html
1523 - http://www.angelfire.com/pa3/jenny5366/
1524 - http://www.angelfire.com/sc/actors/ryan.html
1525 - http://www.animenewsnetwork.com/article.php?id=8536
1526 - http://www.anotherealm.com/2003/ar011603.html
1527 - http://www.aolwatch.org/porndex.htm
1528 - http://www.appa-net.org/eweb/docs/appa/pubs/RML.pdf
1529 - http://www.arthur-georges.com/
1530 - http://www.ashesandsnow.org/
1531 - http://www.asstr.org/~pza/
1532 - http://www.asstr.org/~zack/
1533 - http://www.auschron.com/issues/vol14/issue45/arts.scanlines.html
1534 - http://www.austinmajors.com/
1535 - http://www.avert.org/aofconsent.htm
1536 - http://www.axecop.com/
1537 - http://www.bagly.org/
1538 - http://www.bangkokpost.com/news/crimes/212051/pattaya-child-porn-peddlers
1539 - http://www.barthsburgery.com/fanpages/bcm66.htm
1540 - http://www.barthsburgery.com/fanpages/billyChapin.htm
1541 - http://www.barthsburgery.com/fanpages/billyL.htm
1542 - http://www.barthsburgery.com/fanpages/dwayneR.htm
1543 - http://www.barthsburgery.com/fanpages/michaelH.htm
1544 - http://www.barthsburgery.com/fanpages/raymie60.htm
1545 - http://www.barthsburgery.com/fanpages/robertDiamond.htm
1546 - http://www.barthsburgery.com/fanpages/sergiuszZ.htm
1547 - http://www.bbbsa.org/
1548 - http://www.bbc.co.uk/news/uk-11061577
1549 - http://www.bbc.co.uk/news/uk-11415851
1550 - http://www.bcboyschoir.org/
1551 - http://www.beamerwigley.com/
1552 - http://www.beautifulyouth.com/
1553 - http://www.billyelliotthemusical.com/
1554 - http://www.blurb.com/bookstore/detail/1509656
1555 - http://www.bonifantes.cz/
1556 - http://www.bowsersworld.com/files/13ghosts.htm
1557 - http://www.bowsersworld.com/files/alliwant.htm
1558 - http://www.bowsersworld.com/files/balloon.htm
1559 - http://www.bowsersworld.com/files/bayo.htm
1560 - http://www.bowsersworld.com/files/believers.htm
1561 - http://www.bowsersworld.com/files/bluejeans.htm
1562 - http://www.bowsersworld.com/files/bror.htm
1563 - http://www.bowsersworld.com/files/cotolay.htm
1564 - http://www.bowsersworld.com/files/daryl.htm
1565 - http://www.bowsersworld.com/files/david.htm
1566 - http://www.bowsersworld.com/files/dichter.htm
1567 - http://www.bowsersworld.com/files/durango.htm
1568 - http://www.bowsersworld.com/files/europa.htm
1569 - http://www.bowsersworld.com/files/extermin.htm
1570 - http://www.bowsersworld.com/files/final.htm
1571 - http://www.bowsersworld.com/files/flight.htm
1572 - http://www.bowsersworld.com/files/garden.htm
1573 - http://www.bowsersworld.com/files/gje.htm
1574 - http://www.bowsersworld.com/files/grandmasHouse.htm
1575 - http://www.bowsersworld.com/files/hansel.htm
1576 - http://www.bowsersworld.com/files/heaven.htm
1577 - http://www.bowsersworld.com/files/hodder.htm
1578 - http://www.bowsersworld.com/files/joshua.htm
1579 - http://www.bowsersworld.com/files/lovedance.htm
1580 - http://www.bowsersworld.com/files/mondo.htm
1581 - http://www.bowsersworld.com/files/mountain.htm
1582 - http://www.bowsersworld.com/files/neptune.htm
1583 - http://www.bowsersworld.com/files/nuuk.htm
1584 - http://www.bowsersworld.com/files/pianos.htm
1585 - http://www.bowsersworld.com/files/pietjeBellTwo.htm
1586 - http://www.bowsersworld.com/files/pinocchio.htm
1587 - http://www.bowsersworld.com/files/reflective.htm
1588 - http://www.bowsersworld.com/files/scifi.htm
1589 - http://www.bowsersworld.com/files/shark.htm
1590 - http://www.bowsersworld.com/files/step.htm
1591 - http://www.bowsersworld.com/files/swimZackSwim.htm
1592 - http://www.bowsersworld.com/files/tommy.htm
1593 - http://www.bowsersworld.com/files/traces.htm
1594 - http://www.bowsersworld.com/files/where.htm
1595 - http://www.bowsersworld.com/files/whisper.htm
1596 - http://www.bowsersworld.com/files/world.htm
1597 - http://www.boyactors.org.uk/
1598 - http://www.boyactors.org.uk/actor.php?ref=1134
1599 - http://www.boyactors.org.uk/actor.php?ref=1726
1600 - http://www.boyactors.org.uk/actor.php?ref=2839
1601 - http://www.boyactors.org.uk/actor.php?ref=515
1602 - http://www.boychoirs.org/
1603 - http://www.boyhunt.boox.co.nz/
1604 - http://www.boysoloist.com/
1605 - http://www.boysonyourscreen.org/
1606 - http://www.boywiki.org/
1607 - http://www.brothersdube.com/
1608 - http://www.buddytv.com/homeland/photos/cast-members/jackson-pace-photos-51993.aspx
1609 - http://www.canada.com/saskatoonstarphoenix/news/national/story.html?id=d7ca3765-b975-4bdc-9d2e-d757c64c069b
1610 - http://www.canada.com/vancouversun/news/editorial/story.html?id=cbaa67c4-6472-4e7c-9d90-d49ed3613d24
1611 - http://www.casafeschools.org/20040930.html
1612 - http://www.casperworld.com/
1613 - http://www.cbc.ca/world/story/2006/03/14/landslide-porn060314.html
1614 - http://www.cblf.org/
1615 - http://www.cblf.org/paraklesis/
1616 - http://www.cbsnews.com/stories/2006/03/09/60minutes/main1385230.shtml?CMP=ILC-SearchStories
1617 - http://www.cbsnews.com/stories/2010/10/29/national/main7003546.shtml
1618 - http://www.channel4.com/programmes/four-sons-versus-four-daughters/4od
1619 - http://www.chessbase.com/newsdetail.asp?newsid=1614
1620 - http://www.childerotica.net
1621 - http://www.childhoodinart.org/
1622 - http://www.childrennow.org/
1623 - http://www.choralnet.org/list/choir/554
1624 - http://www.chrisiorio.com/
1625 - http://www.christian.org.uk/news/20090319/scotland-drops-plans-to-legalise-teenage-oral-sex/
1626 - http://www.citypages.com/2011-03-23/news/women-s-funding-network-sex-trafficking-study-is-junk-science/
1627 - http://www.cjbr.co.uk
1628 - http://www.ckboyschoir.ca/
1629 - http://www.clga.ca/Material/Records/docs/hannon/ox/teach.htm
1630 - http://www.clintadams.net/
1631 - http://www.codysimpson.com/
1632 - http://www.coltonjacobson.com
1633 - http://www.columbia.edu/cu/lweb/eresources/exhibitions/sw25/bentham/index.html
1634 - http://www.comeawayohumanchild.net/
1635 - http://www.computerworld.com.au/article/357580/child_porn_filter_coming_mid-2011/
1636 - http://www.coreyhaim.us
1637 - http://www.cornercafe.us/
1638 - http://www.cpps90.com/luke/html/galleries/galleries.html
1639 - http://www.crimeandfederalism.com/2010/04/sex-hysteria-is-killing-mentorship.html
1640 - http://www.csicop.org/si/9503/memory.html
1641 - http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/20080501/consent_bill_080501/20080501
1642 - http://www.ctvbc.ctv.ca/servlet/an/local/CTVNews/20100729/bc_penis_sex_tests_halted_100729/20100729
1643 - http://www.dailyherald.com/story/?id=28205
1644 - http://www.dailymail.co.uk/news/article-1290518/Mothers-fury-Google-shows-3-year-old-son-naked-garden.html
1645 - http://www.dailymail.co.uk/news/article-1318937/School-dinner-lady-grooming-row-allowing-child-biscuit.html
1646 - http://www.dailymail.co.uk/news/article-1367426/One-pupils-admit-swapping-porn-images-text-message.html?ito=feeds-newsxml
1647 - http://www.dailymail.co.uk/news/article-394547/Dont-suncream-pupils-teachers-warned.html
1648 - http://www.dailymotion.com/video/x5ijbg_vacances_people
1649 - http://www.dailymotion.com/video/x7bqyk_marcel-pietruch_music
1650 - http://www.detivkino.ru/
1651 - http://www.dia.govt.nz/Pubforms.nsf/URL/entirereport.pdf/$file/entirereport.pdf
1652 - http://www.dino.hr/
1653 - http://www.distancepreps.com/gprofile.php?mgroup_id=31488&do=videos&video_id=118701
1654 - http://www.ebaumsworld.com/video/watch/80815158/
1655 - http://www.ecfaweb.org/network.htm
1656 - http://www.economist.com/node/16636027
1657 - http://www.edkrebs.com/
1658 - http://www.ehm.cz/
1659 - http://www.ejhs.org/volume3/Haroian/body.htm
1660 - http://www.ethosonline.net
1661 - http://www.expatica.com/fr/news/french-news/air-france-staff-protest-move-to-separate-kids-from-adults_92865.html
1662 - http://www.facebook.com/pages/Thomas-Daley/23551258740
1663 - http://www.factuk.org/
1664 - http://www.falseabuse.com/ebook.html
1665 - http://www.famousfix.com/topic/nathan-gamble/photos
1666 - http://www.fanpop.com/spots/max-baldry
1667 - http://www.fija.org/
1668 - http://www.foxnews.com/scitech/2010/06/25/exclusive-pedophiles-find-home-on-wikipedia/
1669 - http://www.foxnews.com/story/0,2933,194397,00.html
1670 - http://www.foxnews.com/story/0,2933,196455,00.html
1671 - http://www.foxnews.com/story/0,2933,203884,00.html
1672 - http://www.foxnews.com/us/2010/04/08/maine-commission-moves-ban-gender-specific-school-bathrooms-teams/
1673 - http://www.freechild.org/
1674 - http://www.freespirits.info
1675 - http://www.freethechildren.org/
1676 - http://www.friardale.co.uk/
1677 - http://www.gay-news.com/article.php?sid=114
1678 - http://www.gaylawnet.com/
1679 - http://www.goodreads.com/book/show/13114464-a-death-on-the-wolf
1680 - http://www.govteen.com/
1681 - http://www.greek-love.com
1682 - http://www.guardian.co.uk/japan/story/0,,1778415,00.html
1683 - http://www.guardian.co.uk/uk/2005/nov/11/schools.education
1684 - http://www.highrocks.com/camp/index.htm
1685 - http://www.hmso.gov.uk/acts/acts1997/1997051.htm
1686 - http://www.huffingtonpost.com/2010/07/16/home-improvement-awkward_n_648919.html
1687 - http://www.huffingtonpost.com/david-segal/stop-the-internet-blackli_b_739836.html
1688 - http://www.ifcfilms.com/films/life-during-wartime-2
1689 - http://www.imdb.com/name/nm0012079/
1690 - http://www.imdb.com/name/nm0029400/
1691 - http://www.imdb.com/name/nm0160553/
1692 - http://www.imdb.com/name/nm0200452/bio
1693 - http://www.imdb.com/name/nm0233562/
1694 - http://www.imdb.com/name/nm0605601/
1695 - http://www.imdb.com/name/nm0665822/
1696 - http://www.imdb.com/name/nm1455235/
1697 - http://www.imdb.com/name/nm1503655/
1698 - http://www.imdb.com/name/nm1591666/
1699 - http://www.imdb.com/name/nm2180198/
1700 - http://www.imdb.com/name/nm2360755/
1701 - http://www.imdb.com/name/nm2864800/
1702 - http://www.imdb.com/name/nm3069420/?ref_=tt_cl_t5
1703 - http://www.imdb.com/name/nm3121911/
1704 - http://www.imdb.com/name/nm4677867/?ref_=nmbio_bio_nm
1705 - http://www.imdb.com/name/nm6807858/?ref_=ttfc_fc_cl_t16
1706 - http://www.imdb.com/name/nm6907855/
1707 - http://www.imdb.com/name/nm7661453/?ref_=ttfc_fc_cl_t3
1708 - http://www.imdb.com/name/nm7827879/?ref_=ttfc_fc_cl_t13
1709 - http://www.imdb.com/name/nm8071137/
1710 - http://www.imdb.com/name/nm8158408/?ref_=ttfc_fc_cl_t4
1711 - http://www.imdb.com/name/nm8354830/
1712 - http://www.imdb.com/title/tt0028691/
1713 - http://www.imdb.com/title/tt0039417/
1714 - http://www.imdb.com/title/tt0040185/
1715 - http://www.imdb.com/title/tt0042898/
1716 - http://www.imdb.com/title/tt0048956/
1717 - http://www.imdb.com/title/tt0053198/
1718 - http://www.imdb.com/title/tt0055740/
1719 - http://www.imdb.com/title/tt0056111/
1720 - http://www.imdb.com/title/tt0057261/
1721 - http://www.imdb.com/title/tt0057842/
1722 - http://www.imdb.com/title/tt0057977/
1723 - http://www.imdb.com/title/tt0060740/
1724 - http://www.imdb.com/title/tt0063513/
1725 - http://www.imdb.com/title/tt0064285/
1726 - http://www.imdb.com/title/tt0064827/
1727 - http://www.imdb.com/title/tt0064940/
1728 - http://www.imdb.com/title/tt0065393/
1729 - http://www.imdb.com/title/tt0067439/
1730 - http://www.imdb.com/title/tt0067778/
1731 - http://www.imdb.com/title/tt0067803/
1732 - http://www.imdb.com/title/tt0068142/
1733 - http://www.imdb.com/title/tt0071502/
1734 - http://www.imdb.com/title/tt0073118/
1735 - http://www.imdb.com/title/tt0073839/
1736 - http://www.imdb.com/title/tt0074152/
1737 - http://www.imdb.com/title/tt0074404/
1738 - http://www.imdb.com/title/tt0077946/
1739 - http://www.imdb.com/title/tt0078122/
1740 - http://www.imdb.com/title/tt0078872/
1741 - http://www.imdb.com/title/tt0078875/
1742 - http://www.imdb.com/title/tt0079070/
1743 - http://www.imdb.com/title/tt0079111/
1744 - http://www.imdb.com/title/tt0079806/
1745 - http://www.imdb.com/title/tt0080419/
1746 - http://www.imdb.com/title/tt0080453/
1747 - http://www.imdb.com/title/tt0080671/
1748 - http://www.imdb.com/title/tt0081614/
1749 - http://www.imdb.com/title/tt0082912/
1750 - http://www.imdb.com/title/tt0083552/
1751 - http://www.imdb.com/title/tt0084088/
1752 - http://www.imdb.com/title/tt0085295/
1753 - http://www.imdb.com/title/tt0085688/
1754 - http://www.imdb.com/title/tt0085908/
1755 - http://www.imdb.com/title/tt0087060/
1756 - http://www.imdb.com/title/tt0088979/
1757 - http://www.imdb.com/title/tt0089114/
1758 - http://www.imdb.com/title/tt0089606/
1759 - http://www.imdb.com/title/tt0090576/
1760 - http://www.imdb.com/title/tt0090665/
1761 - http://www.imdb.com/title/tt0091251/
1762 - http://www.imdb.com/title/tt0091628/
1763 - http://www.imdb.com/title/tt0092965/
1764 - http://www.imdb.com/title/tt0093199/
1765 - http://www.imdb.com/title/tt0093713/
1766 - http://www.imdb.com/title/tt0093898/
1767 - http://www.imdb.com/title/tt0094816/
1768 - http://www.imdb.com/title/tt0094886/
1769 - http://www.imdb.com/title/tt0095183/
1770 - http://www.imdb.com/title/tt0095564/
1771 - http://www.imdb.com/title/tt0097223/
1772 - http://www.imdb.com/title/tt0099669/
1773 - http://www.imdb.com/title/tt0099904/
1774 - http://www.imdb.com/title/tt0099990/
1775 - http://www.imdb.com/title/tt0100054/
1776 - http://www.imdb.com/title/tt0100469/
1777 - http://www.imdb.com/title/tt0101003/
1778 - http://www.imdb.com/title/tt0101276/
1779 - http://www.imdb.com/title/tt0102141/
1780 - http://www.imdb.com/title/tt0102316/
1781 - http://www.imdb.com/title/tt0104782/
1782 - http://www.imdb.com/title/tt0104922/
1783 - http://www.imdb.com/title/tt0106332/
1784 - http://www.imdb.com/title/tt0107034/mediaviewer/rm3267377408
1785 - http://www.imdb.com/title/tt0107247/
1786 - http://www.imdb.com/title/tt0107277/
1787 - http://www.imdb.com/title/tt0107426/
1788 - http://www.imdb.com/title/tt0107808/
1789 - http://www.imdb.com/title/tt0108065/
1790 - http://www.imdb.com/title/tt0108330/
1791 - http://www.imdb.com/title/tt0109842/
1792 - http://www.imdb.com/title/tt0110013/
1793 - http://www.imdb.com/title/tt0111543/
1794 - http://www.imdb.com/title/tt0112286/
1795 - http://www.imdb.com/title/tt0112757/
1796 - http://www.imdb.com/title/tt0113540/
1797 - http://www.imdb.com/title/tt0116790/
1798 - http://www.imdb.com/title/tt0117076/
1799 - http://www.imdb.com/title/tt0118636/
1800 - http://www.imdb.com/title/tt0118804/
1801 - http://www.imdb.com/title/tt0118849/
1802 - http://www.imdb.com/title/tt0118865/
1803 - http://www.imdb.com/title/tt0119590/
1804 - http://www.imdb.com/title/tt0120090/
1805 - http://www.imdb.com/title/tt0120453/
1806 - http://www.imdb.com/title/tt0124879/
1807 - http://www.imdb.com/title/tt0140888/
1808 - http://www.imdb.com/title/tt0156812/
1809 - http://www.imdb.com/title/tt0162236/
1810 - http://www.imdb.com/title/tt0166503/
1811 - http://www.imdb.com/title/tt0166695/
1812 - http://www.imdb.com/title/tt0175701/
1813 - http://www.imdb.com/title/tt0202856/
1814 - http://www.imdb.com/title/tt0209077/
1815 - http://www.imdb.com/title/tt0209322/
1816 - http://www.imdb.com/title/tt0211387/
1817 - http://www.imdb.com/title/tt0212720/
1818 - http://www.imdb.com/title/tt0238924/
1819 - http://www.imdb.com/title/tt0242587
1820 - http://www.imdb.com/title/tt0245090/
1821 - http://www.imdb.com/title/tt0263868/
1822 - http://www.imdb.com/title/tt0271580/
1823 - http://www.imdb.com/title/tt0275491/
1824 - http://www.imdb.com/title/tt0286516/
1825 - http://www.imdb.com/title/tt0291172/
1826 - http://www.imdb.com/title/tt0297221/
1827 - http://www.imdb.com/title/tt0299659/
1828 - http://www.imdb.com/title/tt0316396/
1829 - http://www.imdb.com/title/tt0326977/
1830 - http://www.imdb.com/title/tt0329002/
1831 - http://www.imdb.com/title/tt0329388/
1832 - http://www.imdb.com/title/tt0337876/
1833 - http://www.imdb.com/title/tt0346039/
1834 - http://www.imdb.com/title/tt0350755/
1835 - http://www.imdb.com/title/tt0359045/
1836 - http://www.imdb.com/title/tt0361127/
1837 - http://www.imdb.com/title/tt0367089/
1838 - http://www.imdb.com/title/tt0368186/
1839 - http://www.imdb.com/title/tt0370986/
1840 - http://www.imdb.com/title/tt0372824/
1841 - http://www.imdb.com/title/tt0376968/
1842 - http://www.imdb.com/title/tt0380599/
1843 - http://www.imdb.com/title/tt0384488/
1844 - http://www.imdb.com/title/tt0384680/
1845 - http://www.imdb.com/title/tt0388784/
1846 - http://www.imdb.com/title/tt0401385/
1847 - http://www.imdb.com/title/tt0417069/
1848 - http://www.imdb.com/title/tt0417385/
1849 - http://www.imdb.com/title/tt0419887/
1850 - http://www.imdb.com/title/tt0420206/
1851 - http://www.imdb.com/title/tt0430768/
1852 - http://www.imdb.com/title/tt0433693/
1853 - http://www.imdb.com/title/tt0436727/
1854 - http://www.imdb.com/title/tt0436852/
1855 - http://www.imdb.com/title/tt0438205/
1856 - http://www.imdb.com/title/tt0461613/
1857 - http://www.imdb.com/title/tt0461613/?ref_=fn_al_tt_1
1858 - http://www.imdb.com/title/tt0465436/
1859 - http://www.imdb.com/title/tt0471009/
1860 - http://www.imdb.com/title/tt0477916/
1861 - http://www.imdb.com/title/tt0478175/
1862 - http://www.imdb.com/title/tt0479506/
1863 - http://www.imdb.com/title/tt0480753/
1864 - http://www.imdb.com/title/tt0493450/
1865 - http://www.imdb.com/title/tt0857355/
1866 - http://www.imdb.com/title/tt1075110/
1867 - http://www.imdb.com/title/tt1118084/
1868 - http://www.imdb.com/title/tt1210796/
1869 - http://www.imdb.com/title/tt1220873/
1870 - http://www.imdb.com/title/tt1226334/
1871 - http://www.imdb.com/title/tt1247673/
1872 - http://www.imdb.com/title/tt1265596/
1873 - http://www.imdb.com/title/tt1289396/
1874 - http://www.imdb.com/title/tt1327819/
1875 - http://www.imdb.com/title/tt1433811/?ref_=fn_al_tt_1
1876 - http://www.imdb.com/title/tt1518211/
1877 - http://www.imdb.com/title/tt1560139/
1878 - http://www.imdb.com/title/tt1585650/
1879 - http://www.imdb.com/title/tt1591622/
1880 - http://www.imdb.com/title/tt1630239/
1881 - http://www.imdb.com/title/tt1687281/
1882 - http://www.imdb.com/title/tt1727388/
1883 - http://www.imdb.com/title/tt1935179/
1884 - http://www.imdb.com/title/tt1935179/?ref_=fn_al_tt_1
1885 - http://www.imdb.com/title/tt2170299/
1886 - http://www.imdb.com/title/tt2668800/
1887 - http://www.imdb.com/title/tt3360038/
1888 - http://www.imdb.com/title/tt3898028/
1889 - http://www.indiana.edu/~kinsey/
1890 - http://www.indymedia.org.uk/en/regions/manchester/2010/09/462538.html
1891 - http://www.ipce.info/host/radicase/preface.htm
1892 - http://www.ipce.info/host/wilson/
1893 - http://www.ipce.info/host/wilson/index.htm
1894 - http://www.ipce.info/library_3/files/davidson.htm
1895 - http://www.ipce.info/library_3/files/hysteria.htm
1896 - http://www.ipce.info/library_3/files/laws/06apr19_crary.htm
1897 - http://www.ipce.info/library_3/files/laws/06jul21_bill_national_list.htm
1898 - http://www.ipce.info/library_3/files/laws/06jun30_scared.htm
1899 - http://www.ipt-forensics.com/
1900 - http://www.ipt-forensics.com/journal/
1901 - http://www.ipt-forensics.com/journal/volume4/j4_2_1.htm
1902 - http://www.isacelliot.com/
1903 - http://www.jacksonguthy.com/
1904 - http://www.jacktuttle.com/tuttlekids.html
1905 - http://www.jackvidgen.com/
1906 - http://www.jamie-williams.com/
1907 - http://www.jessekinch.com/
1908 - http://www.jimi-blue.de/neues/index.php
1909 - http://www.jmms.lv/boyschoir/?set_lang=en
1910 - http://www.jongensforum.net/
1911 - http://www.jongensforum.net/meta/
1912 - http://www.jordanjansen.com/
1913 - http://www.josephmcmanners.com/
1914 - http://www.joshhutcherson.com/
1915 - http://www.jsonline.com/story/index.aspx?id=651629
1916 - http://www.junioreurovision.tv/
1917 - http://www.justinbiebermusic.com/
1918 - http://www.kidactors.com/
1919 - http://www.kidactors.com/haley/default.asp
1920 - http://www.kidsmusic.net.ru/
1921 - http://www.kidswhorip.com/
1922 - http://www.kinderfilm-online.de/
1923 - http://www.knabenchor.de/
1924 - http://www.knabenkantorei.ch/
1925 - http://www.lancekerwin.homestead.com/
1926 - http://www.latimes.com/news/local/la-me-sex-offenders-20101105,0,6413324.story
1927 - http://www.libera.org.uk
1928 - http://www.lifesite.net/ldn/2007/jul/07073008.html
1929 - http://www.liveleak.com/view?i=564_1300823999
1930 - http://www.lorettalux.de/
1931 - http://www.loveandliberation.info/
1932 - http://www.lulu.com/content/4728386
1933 - http://www.manchestereveningnews.co.uk/news/technology/s/219/219941_software_helps_perverts_escape_justice.html
1934 - http://www.maniacworld.com/kid-sings-for-mom.html
1935 - http://www.marlonbaker.com/buecher/comics/a-little-boys-dream.html
1936 - http://www.mentoring.org/
1937 - http://www.metacafe.com/watch/101941/is_my_son_gay/
1938 - http://www.metacafe.com/watch/78308/ronaldinho_teaches_soccer_tricks/
1939 - http://www.mhamic.org/
1940 - http://www.mhamic.org/intro/introduction_print.htm
1941 - http://www.michaelangarano.net/photos/sb/default.htm
1942 - http://www.michaelbannett.com/
1943 - http://www.mirror.co.uk/news/tm_objectid=17302617&method=full&siteid=94762&headline=paedo-hol-ban--name_page.html
1944 - http://www.mmkaylor.com/
1945 - http://www.moichlopcy.pl/
1946 - http://www.monsterchildren.com/42377/the-helmets/
1947 - http://www.motherjones.com/news/feature/1996/07/levine.html
1948 - http://www.mylesjeffrey.com/
1949 - http://www.myspace.com/colecitrenbaum
1950 - http://www.myspace.com/deadletterdiaries
1951 - http://www.myspace.com/theflairz
1952 - http://www.myspace.com/thetheoryof6degrees
1953 - http://www.myspace.com/xink
1954 - http://www.nbcnewyork.com/news/local/Sex-Offender-Video-Game-Ban-Operation-Game-Over-NY-146323895.html
1955 - http://www.ncrj.org/
1956 - http://www.news.com.au/breaking-news/world/all-internet-porn-will-be-blocked-to-protect-children-under-uk-government-plan/story-e6frfkui-1225973481287
1957 - http://www.news.com.au/world/cops-bust-seven-men-playing-chess-in-upper-manhattan-park/story-e6frfkyi-1225956380377
1958 - http://www.newstatesman.com/society/2008/06/vetting-adults-scheme-children
1959 - http://www.nidarosdomensguttekor.no/
1960 - http://www.nifty.org/
1961 - http://www.nj.com/mercer/index.ssf/2010/07/going_global_-_house_advances.html
1962 - http://www.normalboys.com/
1963 - http://www.nytimes.com/2007/07/22/magazine/22juvenile-t.html?_r=1&ex=1185681600&en=196c9dda9dd0ed5c&ei=5099&partner=TOPIXNEWS&pagewanted=print&oref=slogin
1964 - http://www.nytimes.com/2007/08/03/us/03homeless.html?_r=3&adxnnl=1&oref=slogin&pagewanted=print&adxnnlx=1197799412-hMVRXO6UsGfSUlOB8U5dPg
1965 - http://www.nytimes.com/2010/05/22/nyregion/22judge.html?_r=1
1966 - http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1&pagewanted=all
1967 - http://www.nzherald.co.nz/section/story.cfm?c_id=1&ObjectID=10391771
1968 - http://www.olimali.cz
1969 - http://www.opsi.gov.uk/RevisedStatutes/Acts/ukpga/1978/cukpga_19780037_en_1
1970 - http://www.paboychoir.org/
1971 - http://www.pacificboychoir.org/
1972 - http://www.paddedroom.us/
1973 - http://www.parentdish.co.uk/2010/12/29/outrage-over-no-touching-rule-for-music-teachers/
1974 - http://www.parl.gc.ca/common/Bills_ls.asp?lang=E&source=library_prb&Parl=38&Ses=1&ls=C2
1975 - http://www.pathguy.com/abuse.htm
1976 - http://www.pbs.org/wgbh/pages/frontline/dancingboys/
1977 - http://www.pediatrics.org/cgi/content/full/101/4/e9
1978 - http://www.pedofilie-info.cz/
1979 - http://www.physorg.com/news/2010-11-legalizing-child-pornography-linked-sex.html
1980 - http://www.pierre-joubert.org/
1981 - http://www.portaldenoticias.com/video/yt-uxPbJW7GEMg
1982 - http://www.positive.org/Home/index.html
1983 - http://www.post-gazette.com/pg/06207/708596-85.stm
1984 - http://www.promisesproject.org
1985 - http://www.prsx.info/
1986 - http://www.qrd.org/qrd/browse/north.american.glb.resources
1987 - http://www.qrd.org/qrd/orgs/NAMBLA/
1988 - http://www.qrd.org/qrd/youth/
1989 - http://www.radio.cz/en/article/77099
1990 - http://www.ragazzi.org/
1991 - http://www.ralfclub.nl/nl
1992 - http://www.randyshelly.com/
1993 - http://www.reformsexoffenderlaws.org/
1994 - http://www.religioustolerance.org/wenatche.htm
1995 - http://www.reverbnation.com/myhiddenside
1996 - http://www.rnw.nl/english/article/child-pornography-comics-%E2%80%93-a-good-idea
1997 - http://www.robby.net/
1998 - http://www.robinsharpe.ca
1999 - http://www.ronanparke.com/
2000 - http://www.sacredantinous.com/ST-Epistles/000Introduction.html
2001 - http://www.safet.net/info/index.html
2002 - http://www.salon.com/1998/05/27/27feature_4/
2003 - http://www.salon.com/mwt/feature/2009/05/04/free_range_kids/
2004 - http://www.samverlinden.com/
2005 - http://www.savagerecords.com/
2006 - http://www.savethechildren.org/
2007 - http://www.scouting.org/
2008 - http://www.setcelebs.com/img/ben-watton-03.html
2009 - http://www.sethadkins.net/
2010 - http://www.sexarchive.info/BIB/grkanl.htm
2011 - http://www.sfweekly.com/2007-07-11/news/girl-boy-interrupted/full
2012 - http://www.shfri.net/alter/alter.cgi
2013 - http://www.shfri.net/complement/complement.cgi
2014 - http://www.shfri.net/define/redefine.cgi
2015 - http://www.shfri.net/deprive/deprive.cgi
2016 - http://www.shfri.net/dlr/bookburn.cgi
2017 - http://www.shfri.net/dlr/odes/odes.cgi
2018 - http://www.shfri.net/echols/
2019 - http://www.shfri.net/etiology/blsay.cgi
2020 - http://www.shfri.net/ffff/ffff.cgi
2021 - http://www.shfri.net/mech/mech.cgi
2022 - http://www.shfri.net/misopedia/misopedia.cgi
2023 - http://www.shfri.net/peers/peers.cgi
2024 - http://www.shfri.net/philos.html
2025 - http://www.shfri.net/shfp/beyond/beyond.html
2026 - http://www.shfri.net/shfp/notabused/notabused.html
2027 - http://www.shfri.net/shfp/shfp.cgi
2028 - http://www.shfri.net/shfp/ulbabl/ulbabl.html
2029 - http://www.shfri.net/shfp/wrong/wrong.html
2030 - http://www.shfri.net/trans/bernard/bernard.cgi
2031 - http://www.shfri.net/trans/bernard/roy-edward.cgi
2032 - http://www.shfri.net/trans/lautmann/lautmann.cgi
2033 - http://www.shfri.net/trans/schetsche/schetsche.cgi
2034 - http://www.shfri.net/trans/sigusch/sigusch.cgi
2035 - http://www.shfri.net/visceral/visceral.cgi
2036 - http://www.shorpy.com/historical-photographs-of-children
2037 - http://www.simcoe.com/news-story/2053945-former-teacher-gets-house-arrest-for-child-porn-possession/
2038 - http://www.singingsons.org/
2039 - http://www.slate.com/blogs/blogs/humannature/archive/2008/12/16/is-this-child-pornography.aspx?obref=obnetwork
2040 - http://www.smashwords.com/books/view/362857
2041 - http://www.smashwords.com/books/view/89669
2042 - http://www.smh.com.au/articles/2003/07/12/1057979647638.html
2043 - http://www.smh.com.au/entertainment/art-and-design/hospital-charity-rejects-exhibition-over-boy-photo-20110104-19f37.html
2044 - http://www.smh.com.au/news/national/outcry-over-pedophiles-web-site/2006/03/03/1141191832935.html
2045 - http://www.solresearch.org/
2046 - http://www.southfloridagaynews.com/news/world-news/819-soldiers-die-while-taliban-plays-with-boy-sex-slaves.html
2047 - http://www.spiegel.de/international/zeitgeist/0,1518,702679,00.html
2048 - http://www.sportsgallery.eu/
2049 - http://www.sterlingproductions.ca/
2050 - http://www.strahlemaennchen.de
2051 - http://www.straitalk.info/
2052 - http://www.stuff.co.nz/technology/digital-living/3175376/Young-kids-search-for-sex-online
2053 - http://www.tc.umn.edu/~under006/Library/Antisexuality.html
2054 - http://www.techdirt.com/articles/20090117/0557263447.shtml
2055 - http://www.teenidols4you.com/
2056 - http://www.teenidols4you.com/bio/Actors/492/skandar_keynes.html
2057 - http://www.teenidols4you.com/picture.html?g=Actors&pe=jaket&foto=554&act=2117&mv=1599&pic=147859
2058 - http://www.tegenwicht.org/13_rbt_eng/p_smear.htm
2059 - http://www.telegraph.co.uk/news/uknews/1502388/Why-political-correctness-is-killing-off-our-dying-swans.html
2060 - http://www.telegraph.co.uk/news/worldnews/europe/switzerland/1503054/Swiss-Santas-are-banned-from-sitting-children-on-their-laps.html
2061 - http://www.telegraph.co.uk/technology/news/7054432/Terrorism-and-child-pornography-used-to-justify-surveillance-society-says-academic.html
2062 - http://www.the-clitoris.com/f_html/abuse.htm
2063 - http://www.theage.com.au/news/opinion/the-bogeyman-myth/2007/07/07/1183351515157.html
2064 - http://www.theaustralian.com.au/news/nation/children-sexually-abusing-children-ignored-and-denied/story-e6frg6nf-1225896790165
2065 - http://www.thebody.com/content/news/art24255.html
2066 - http://www.theglobeandmail.com/news/national/british-columbia/bc-rights-group-complains-about-testing-of-young-sex-offenders/article1653973/
2067 - http://www.theinternetpatrol.com/downloading-porn-is-the-same-as-making-porn-says-court/
2068 - http://www.theskykid.com/
2069 - http://www.theyeshivaboyschoir.com/index.htm
2070 - http://www.thilo-berndt.de/
2071 - http://www.thomasberge.nl/
2072 - http://www.thomassangster.org/
2073 - http://www.time.com/time/world/article/0,8599,1981057,00.html
2074 - http://www.todaystars.com/
2075 - http://www.tokiohotel.de/
2076 - http://www.toolia2.de/user/tokio-hotel/
2077 - http://www.twitter.com/foreverasking
2078 - http://www.unshod.org/pfbc/
2079 - http://www.usatoday.com/news/nation/2006-05-23-sex-offenders_x.htm
2080 - http://www.valsbeschuldigd.org/
2081 - http://www.viamundblog.wordpress.com
2082 - http://www.vincentmartella.com/
2083 - http://www.violence.de/
2084 - http://www.virtualteen.org/forums/forumdisplay.php?f=94
2085 - http://www.volshebnikidvora.ru/
2086 - http://www.washingtonpost.com/world/asia_pacific/afganistans-dancing-boys-are-invisible-victims/2012/04/04/gIQAyreSwS_story.html
2087 - http://www.washingtonpost.com/wp-dyn/content/article/2006/06/19/AR2006061901429_pf.html
2088 - http://www.wired.com/threatlevel/2010/03/sexting-lawsuit/?intcid=inform_relatedContent
2089 - http://www.wsk.at/
2090 - http://www.ymca.net/
2091 - http://www.young-artists.com/
2092 - http://www.youngfashion.cf
2093 - http://www.youngfilmmakersclub.com/
2094 - http://www.younghollywoodhof.com/
2095 - http://www.youthcoalition.org/
2096 - http://www.youthresource.com/
2097 - http://www.youthrights.org/
2098 - http://www.youtube.com/ukfiction
2099 - http://www.youtube.com/user/Joutchkov
2100 - http://www.youtube.com/user/MattyBRaps
2101 - http://www.youtube.com/user/SterlingCanada2
2102 - http://www.youtube.com/user/ajsilmusic?feature=watch
2103 - http://www.youtube.com/user/iTr3vor
2104 - http://www.youtube.com/user/jdlueders
2105 - http://www.youtube.com/user/jwcfree
2106 - http://www.youtube.com/user/vulpesvideo
2107 - http://www.youtube.com/watch?v=-9SmJl-zvI0
2108 - http://www.youtube.com/watch?v=-Ij6FtLno5w
2109 - http://www.youtube.com/watch?v=0tn9MoVmnLo
2110 - http://www.youtube.com/watch?v=1GZ2IsN9U2M
2111 - http://www.youtube.com/watch?v=1St9Bzoq6g4
2112 - http://www.youtube.com/watch?v=1_pyvWZlzwk
2113 - http://www.youtube.com/watch?v=1_vfwqa9BEs
2114 - http://www.youtube.com/watch?v=2kS_pFY0KKE
2115 - http://www.youtube.com/watch?v=5FJ9-XwtijU
2116 - http://www.youtube.com/watch?v=6wCHxObOHA4
2117 - http://www.youtube.com/watch?v=7oI_4TRIDck
2118 - http://www.youtube.com/watch?v=8YBX6tAscUk
2119 - http://www.youtube.com/watch?v=8qvMFlL62XA
2120 - http://www.youtube.com/watch?v=9FGTGcP-stU
2121 - http://www.youtube.com/watch?v=B6Rs_yJU9JI
2122 - http://www.youtube.com/watch?v=BELrbmvJuAE
2123 - http://www.youtube.com/watch?v=DGJ8eQlHqiQ
2124 - http://www.youtube.com/watch?v=DNTMysFs3JM
2125 - http://www.youtube.com/watch?v=DilmvyzwakQ
2126 - http://www.youtube.com/watch?v=DrayXkAvGJ4&NR=1
2127 - http://www.youtube.com/watch?v=EjtVDG0drG0
2128 - http://www.youtube.com/watch?v=Fug7H-lAhe8
2129 - http://www.youtube.com/watch?v=G4r02-JYgoc
2130 - http://www.youtube.com/watch?v=HaaDzozF1YM
2131 - http://www.youtube.com/watch?v=IBlq6uRJtGo
2132 - http://www.youtube.com/watch?v=Ivvr2MEJp1Q
2133 - http://www.youtube.com/watch?v=JDcVdVCOE4I
2134 - http://www.youtube.com/watch?v=JW0yynlDmqQ
2135 - http://www.youtube.com/watch?v=KYNSP8aVj6E
2136 - http://www.youtube.com/watch?v=Kf0QF7cJn54
2137 - http://www.youtube.com/watch?v=KvO5D0Kk5mE
2138 - http://www.youtube.com/watch?v=LLdXGl0HI34
2139 - http://www.youtube.com/watch?v=LO3rhS1m75A
2140 - http://www.youtube.com/watch?v=NSOVgPgRIFs
2141 - http://www.youtube.com/watch?v=OR6GAZ_Waa0
2142 - http://www.youtube.com/watch?v=PjJHV6e7l5o
2143 - http://www.youtube.com/watch?v=R0nnU71ggro&feature=fvw
2144 - http://www.youtube.com/watch?v=R6_OZlEGxp0
2145 - http://www.youtube.com/watch?v=REHn8RvD6jo
2146 - http://www.youtube.com/watch?v=RnVNZ413yfE
2147 - http://www.youtube.com/watch?v=RxKsEmMtsCI
2148 - http://www.youtube.com/watch?v=SQ9AUxPLaR8
2149 - http://www.youtube.com/watch?v=SnMnBWX6oRk
2150 - http://www.youtube.com/watch?v=T1N3N3XApes
2151 - http://www.youtube.com/watch?v=TJU_V3H4gcY
2152 - http://www.youtube.com/watch?v=Tr6qS2yX-VA
2153 - http://www.youtube.com/watch?v=UxiUh9dAhms
2154 - http://www.youtube.com/watch?v=VABSoHYQr6k
2155 - http://www.youtube.com/watch?v=WcZqwR9tbJE
2156 - http://www.youtube.com/watch?v=WdyitUlZPCY
2157 - http://www.youtube.com/watch?v=WgHvNYTgk5Y
2158 - http://www.youtube.com/watch?v=XCywGhHQMEw
2159 - http://www.youtube.com/watch?v=XF27OwhD53k
2160 - http://www.youtube.com/watch?v=Xh9amUgJxVk
2161 - http://www.youtube.com/watch?v=XvdB9_Mp7YQ
2162 - http://www.youtube.com/watch?v=Z5RwHrc7yGk
2163 - http://www.youtube.com/watch?v=_ik3fxLcLHk
2164 - http://www.youtube.com/watch?v=aRFv_YKQ6fs
2165 - http://www.youtube.com/watch?v=c1iXStjIX18
2166 - http://www.youtube.com/watch?v=dhS13Bj6t3Q
2167 - http://www.youtube.com/watch?v=fCLaK5N1nGk
2168 - http://www.youtube.com/watch?v=fSfISmIkkiI
2169 - http://www.youtube.com/watch?v=gnXvYJwC3vU
2170 - http://www.youtube.com/watch?v=hnoJza2gReo
2171 - http://www.youtube.com/watch?v=iQi6NymyZoM&search=gay%20ad
2172 - http://www.youtube.com/watch?v=jU4oA3kkAWU
2173 - http://www.youtube.com/watch?v=jj3ISkbWwrU
2174 - http://www.youtube.com/watch?v=kTMq3Zuu0bc
2175 - http://www.youtube.com/watch?v=kxMrsZPu5x4
2176 - http://www.youtube.com/watch?v=mpaPBCBjSVc
2177 - http://www.youtube.com/watch?v=mtjWV07SVLY
2178 - http://www.youtube.com/watch?v=n0gJj7wBxSM
2179 - http://www.youtube.com/watch?v=nOqqsP0rFIA
2180 - http://www.youtube.com/watch?v=oGncPTQiy2c
2181 - http://www.youtube.com/watch?v=omlBeCGLFG4
2182 - http://www.youtube.com/watch?v=q4R-Si9xxfE
2183 - http://www.youtube.com/watch?v=rT2XTyNNnLU&feature=related
2184 - http://www.youtube.com/watch?v=sxg6I8CCFPY
2185 - http://www.youtube.com/watch?v=txqiwrbYGrs
2186 - http://www.youtube.com/watch?v=uCteMFc2poE
2187 - http://www.youtube.com/watch?v=vHYIoVeSNTk
2188 - http://www.youtube.com/watch?v=wgSyK1xgVyM
2189 - http://www.youtube.com/watch?v=x4-JKeH1t-c
2190 - http://www.youtube.com/watch?v=x6xAbQ2MK6E
2191 - http://www.youtube.com/watch?v=yVsimOYtrCU
2192 - http://www.youtube.com/watch?v=yoIUfbLphsw
2193 - http://www.zangerbob.nl/
2194 - http://www.zimbio.com/Celebrity+News/articles/r0KlPKCDv6a/Then+Now+Mason+Gamble+Dennis+Menace+Grown
2195 - http://youthonscreen.blogspot.de/
2196 - http://youthonscreen.tumblr.com/
2197 - http://youtube.com/watch?v=MsArjDLsxXc
2198 - http://youtube.com/watch?v=OMrcsRCDWtQ
2199 - http://youtube.com/watch?v=W-qJaow1Kf0
2200 - http://youtube.com/watch?v=_zd2xUPYa8c
2201 - http://yro.slashdot.org/article.pl?sid=06/06/23/2151227
2202 - https://bokku.net/
2203 - https://boylandonline.com/
2204 - https://boymovies.top/
2205 - https://boyplanet.net/
2206 - https://boyscycling.photo.blog/
2207 - https://chat.jungs.wtf
2208 - https://commons.wikimedia.org/wiki/Category:Nude_boys_in_art
2209 - https://daserwachenderunschuld.wordpress.com/
2210 - https://diesachemitpeter.wordpress.com
2211 - https://en.wikipedia.org/wiki/Anthony_Goicolea
2212 - https://en.wikipedia.org/wiki/Bradley_Steven_Perry
2213 - https://en.wikipedia.org/wiki/Chandler_Canterbury
2214 - https://en.wikipedia.org/wiki/David_Mazouz
2215 - https://en.wikipedia.org/wiki/Death_in_Venice
2216 - https://en.wikipedia.org/wiki/Dream_Boy_%28film%29
2217 - https://en.wikipedia.org/wiki/L.I.E.
2218 - https://en.wikipedia.org/wiki/Macaulay_Culkin
2219 - https://en.wikipedia.org/wiki/Max_Burkholder
2220 - https://en.wikipedia.org/wiki/Ryan_Cooley
2221 - https://en.wikipedia.org/wiki/Taylor_Lautner
2222 - https://fsco.freespirits.info
2223 - https://fsco.freespirits.info/fundraiser/
2224 - https://fsco.freespirits.info/notice/
2225 - https://imagine-magazine.org/
2226 - https://imgur.com/a/3taQSDD
2227 - https://imgur.com/a/H3eDHIu
2228 - https://imgur.com/a/UmEcbXo
2229 - https://imgur.com/a/tOrX8Qj
2230 - https://imgur.com/a/zQAD7tY
2231 - https://irc.jungs.wtf
2232 - https://jeracgallero.wordpress.com/tag/national-portrait-gallery/
2233 - https://lawandsexuality.wordpress.com/
2234 - https://lifeline.chat
2235 - https://link.springer.com/article/10.1007/s12119-018-9519-1
2236 - https://meinlebenmitpeter.wordpress.com/
2237 - https://oneordinaryman.wordpress.com/
2238 - https://paedoseite.home.blog/
2239 - https://ramasseursdeballes.shutterfly.com/
2240 - https://secure.boychat.org/
2241 - https://secure.boychat.org/mbc/
2242 - https://secure.boychat.org/oc/
2243 - https://secure.boychat.org/treehouse/
2244 - https://secure.boychat.org/ycdtobc/
2245 - https://sites.google.com/site/boynwhite1/home
2246 - https://sonofganymedes.blogspot.com/
2247 - https://tomocarroll.wordpress.com/
2248 - https://twitter.com/youthonscreen
2249 - https://wikispooks.com/wiki/Document:A_closer_look_at_child_abuse_networks_in_the_Netherlands_and_Belgium
2250 - https://www.academia.edu/4896865/Lovers_Legends_The_Gay_Greek_Myths
2251 - https://www.amazon.co.uk/Another-Way-Being-Sion-Liscannor-ebook/dp/B008EDP5LE/ref=sr_1_1?ie=UTF8&qid=1481064120&sr=8-1&keywords=sion+liscannor
2252 - https://www.amazon.co.uk/dp/B07P7F122N/ref=sr_1_2?s=books&ie=UTF8&qid=1551695270&sr=1-2&keywords=Michael+Jackson%27s+Dangerous+Liaisons
2253 - https://www.amazon.com/Nilo-Demetrius-Brothers-Classical-Greece/dp/1532067992
2254 - https://www.amazon.de/dp/B01MU81M6Y
2255 - https://www.amazon.de/gro%C3%9Fe-Kamerad-Max-Meier-Jobst/dp/3743149044/
2256 - https://www.boylinks.net/submission.html
2257 - https://www.boymoment.com
2258 - https://www.brongersma.info/Kids_Club_Anthology_01
2259 - https://www.chaseellison.org/gallery
2260 - https://www.cvmc.net/
2261 - https://www.facebook.com/PedrinhoriginalMC
2262 - https://www.famousbirthdays.com/people/montana-jordan.html
2263 - https://www.famousbirthdays.com/people/noah-gray-cabey.html
2264 - https://www.fandango.com/people/christian-byers-91897/biography
2265 - https://www.gettyimages.co.uk/photos/cayden-boyd
2266 - https://www.gettyimages.co.uk/photos/j-evan-bonifant?family=editorial&mediatype=photography&phrase=j%20evan%20bonifant&sort=mostpopular
2267 - https://www.google.ca/search?q=Macaulay+Culkin+home+alone+pics&rlz=1C1AVFC_enJP783CA783&tbm=isch&source=iu&ictx=1&fir=07PONXLEascEhM%253A%252ChOdoRXm3ybddoM%252C_&usg=__3Sva47VUozsWcfv7-6nHvkiSZu8%3D&sa=X&ved=0ahUKEwiRkLKN9-TZAhUjgK0KHUZ4AngQ9QEILDAA
2268 - https://www.google.ca/search?q=corey+feldman+photos&rlz=1C1AVFC_enJP783CA783&tbm=isch&source=iu&ictx=1&fir=0RdoWa80lu-BlM%253A%252CKz4Fq4K8aL_FlM%252C_&usg=__qMPAtYMRlupLZdm5PH1jCreufq8%3D&sa=X&ved=0ahUKEwiswqrslOXZAhVDXKwKHaWXBrMQ9QEILzAD
2269 - https://www.imdb.com/name/nm5016878/?ref_=nmls_hd
2270 - https://www.imdb.com/name/nm5153308/?ref_=nmls_hd
2271 - https://www.imdb.com/name/nm6236783/?ref_=nmls_hd
2272 - https://www.imdb.com/name/nm6236879/?ref_=nmls_hd
2273 - https://www.imdb.com/name/nm7486593/?ref_=fn_al_nm_1
2274 - https://www.imdb.com/name/nm8843902/bio?ref_=nm_ov_bio_sm
2275 - https://www.pinterest.ca/pin/360569513897709503/
2276 - https://www.weirdpm.xyz/
2277 - https://www.youtube.com/c/isaacdovine
2278 - https://www.youtube.com/channel/UC0mo0rxoCD5zqXqofTHnGgA
2279 - https://www.youtube.com/channel/UC4AleO-fCsHXot_bRrzaAPQ
2280 - https://www.youtube.com/channel/UCFs6WXQMMmAq0XXQ0ty0Pdw
2281 - https://www.youtube.com/channel/UCUBOD3tNNyFhwygwMBh6eGw
2282 - https://www.youtube.com/channel/UCfIUiUakyVosJ9SE_5yKuZw
2283 - https://www.youtube.com/channel/UCfvLH5R0Rv_GWldg_YfYacA/videos
2284 - https://www.youtube.com/channel/UCsjWfiCsA4hFSWdAaYYxMUg
2285 - https://www.youtube.com/channel/UCwpAX1g7V_SeVUO8RdPuHSQ
2286 - https://www.youtube.com/channel/UCyWsmqUrfYVN9IA_FpeHBng
2287 - https://www.youtube.com/playlist?list=PL8oj-vGpLpn6W5ORfrdFHNyHAFOuFL8TZ
2288 - https://www.youtube.com/user/0oojuan
2289 - https://www.youtube.com/user/1jasonek
2290 - https://www.youtube.com/user/EvanTubeHD
2291 - https://www.youtube.com/user/GabeandGarrett
2292 - https://www.youtube.com/user/JoshForeverAsking
2293 - https://www.youtube.com/user/OfficialLibera
2294 - https://www.youtube.com/user/SterlingCanada
2295 - https://www.youtube.com/user/YouthOnScreen
2296 - https://www.youtube.com/user/lincolnmarkham
2297 - https://www.youtube.com/user/ourtwinlife04/
2298 - https://www.youtube.com/watch?v=-NlT-ELVWk0
2299 - https://www.youtube.com/watch?v=-sr-7n87cDk
2300 - https://www.youtube.com/watch?v=1BRre7ii_gQ
2301 - https://www.youtube.com/watch?v=1nRqrO70GI0
2302 - https://www.youtube.com/watch?v=26O3mOIgixg
2303 - https://www.youtube.com/watch?v=DzSsE5t7JNk
2304 - https://www.youtube.com/watch?v=FMRWPrqDvwE
2305 - https://www.youtube.com/watch?v=FW67koq0M7A
2306 - https://www.youtube.com/watch?v=H-Q0PQzX43Q
2307 - https://www.youtube.com/watch?v=HdGmxi6Vox8
2308 - https://www.youtube.com/watch?v=Kh0A1_CrHkU
2309 - https://www.youtube.com/watch?v=MDSKGhRKnrA
2310 - https://www.youtube.com/watch?v=NHozn0YXAeE
2311 - https://www.youtube.com/watch?v=Opv6odVhCdQ
2312 - https://www.youtube.com/watch?v=Pw-d6s7z3eU
2313 - https://www.youtube.com/watch?v=TkQBdiLWg5w&t=1242s
2314 - https://www.youtube.com/watch?v=bei9GfPdvmo
2315 - https://www.youtube.com/watch?v=cp7ZYRgvVoI
2316 - https://www.youtube.com/watch?v=ek2PDE1cAyY
2317 - https://www.youtube.com/watch?v=hfOINPamWho
2318 - https://www.youtube.com/watch?v=qV994ccwLn8
2319 - https://www.youtube.com/watch?v=uESx0DhvYH0
2320 - https://www.youtube.com/watch?v=y1OuhA0pGTQ
2321 - https://www.youtube.com/watch?v=zj57wkcqAtU
2322 - https://youtu.be/z_pi98Lq2NU
2323 - news:alt.binaries.multimedia.treblevoices
2324 - news:alt.binaries.pictures.teen-idols
2325 - news:alt.fan.teen.idols
2326 - news:alt.news.boys
2327 - news:alt.support.boy-lovers
2328 Total external links: 1234
2329
2330+ Email addresses found:
2331 Total email address found: 0
2332
2333+ Directories found:
2334 Total directories: 0
2335
2336+ Directory indexing found:
2337 Total directories with indexing: 0
2338
2339----------------------------------------------------------------------
2340
2341
2342 + URL to crawl: https://www.boylinks.net.
2343 + Date: 2019-10-24
2344
2345 + Crawling URL: https://www.boylinks.net.:
2346 + Links:
2347 + Crawling https://www.boylinks.net.
2348 + Searching for directories...
2349 + Searching open folders...
2350
2351--Finished--
2352Summary information for domain boylinks.net.
2353-----------------------------------------
2354 Domain Specific Information:
2355 Email: submissions@boylinks.net.
2356
2357 Domain Ips Information:
2358 IP: 82.94.222.132
2359 HostName: www.boylinks.net. Type: A
2360 Country: Netherlands
2361 Is Active: True (reset ttl 64)
2362 Port: 80/tcp open http syn-ack ttl 57 nginx
2363 Script Info: |_http-favicon: Unknown favicon MD5: 103A99152A03E4792CD8BC15B8E3DD5F
2364 Script Info: | http-methods:
2365 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2366 Script Info: | http-robots.txt: 3 disallowed entries
2367 Script Info: |_/personalsites_pictures.html /nudity.html /cgi/
2368 Script Info: |_http-title: BoyLinks
2369 Port: 443/tcp open ssl/http syn-ack ttl 57 nginx
2370 Script Info: |_http-favicon: Unknown favicon MD5: 103A99152A03E4792CD8BC15B8E3DD5F
2371 Script Info: | http-methods:
2372 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
2373 Script Info: | http-robots.txt: 3 disallowed entries
2374 Script Info: |_/personalsites_pictures.html /nudity.html /cgi/
2375 Script Info: |_http-title: 400 The plain HTTP request was sent to HTTPS port
2376 Script Info: | ssl-cert: Subject: commonName=boylinks.net
2377 Script Info: | Subject Alternative Name: DNS:boylinks.net, DNS:boylinks.org, DNS:www.boylinks.net, DNS:www.boylinks.org
2378 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
2379 Script Info: | Public Key type: rsa
2380 Script Info: | Public Key bits: 2048
2381 Script Info: | Signature Algorithm: sha256WithRSAEncryption
2382 Script Info: | Not valid before: 2019-08-03T23:07:57
2383 Script Info: | Not valid after: 2019-11-01T23:07:57
2384 Script Info: | MD5: 8394 0a75 0c33 e508 777f b354 1e52 17d6
2385 Script Info: |_SHA-1: d7d1 b3a8 df84 dad5 ce54 cdae b153 2f7e 6e23 a790
2386 Port: 993/tcp open ssl/imaps? syn-ack ttl 57
2387 Script Info: |_ssl-date: TLS randomness does not represent time
2388 Script Info: Device type: general purpose|storage-misc|broadband router|WAP|phone
2389 Script Info: Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (94%), HP embedded (91%), Asus embedded (88%), Google Android 4.X (87%)
2390 IP: 79.124.7.219
2391 HostName: box.isp-email.net Type: MX
2392 HostName: box.isp-email.net Type: PTR
2393 Country: Bulgaria
2394 Is Active: True (reset ttl 64)
2395###################################################################################################
2396Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 12:55 EDT
2397Nmap scan report for 82.94.222.132
2398Host is up (0.16s latency).
2399Not shown: 987 filtered ports, 10 closed ports
2400Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2401PORT STATE SERVICE
240280/tcp open http
2403443/tcp open https
2404993/tcp open imaps
2405
2406Nmap done: 1 IP address (1 host up) scanned in 15.58 seconds
2407###################################################################################################
2408Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 12:55 EDT
2409Nmap scan report for 82.94.222.132
2410Host is up (0.23s latency).
2411Not shown: 2 closed ports, 2 filtered ports
2412PORT STATE SERVICE
241367/udp open|filtered dhcps
241468/udp open|filtered dhcpc
241569/udp open|filtered tftp
241688/udp open|filtered kerberos-sec
2417139/udp open|filtered netbios-ssn
2418161/udp open|filtered snmp
2419162/udp open|filtered snmptrap
2420389/udp open|filtered ldap
2421500/udp open|filtered isakmp
2422520/udp open|filtered route
24232049/udp open|filtered nfs
2424
2425Nmap done: 1 IP address (1 host up) scanned in 2.86 seconds
2426######################################################################################################
2427HTTP/1.1 403 Forbidden
2428Server: nginx
2429Date: Thu, 24 Oct 2019 16:55:58 GMT
2430Content-Type: text/html
2431Content-Length: 162
2432Connection: keep-alive
2433###################################################################################################
2434wig - WebApp Information Gatherer
2435
2436
2437Scanning http://82.94.222.132...
2438____________________ SITE INFO _____________________
2439IP Title
244082.94.222.132 BoyLinks
2441
2442_____________________ VERSION ______________________
2443Name Versions Type
2444nginx Platform
2445
2446___________________ INTERESTING ____________________
2447URL Note Type
2448/robots.txt robots.txt index Interesting
2449
2450____________________________________________________
2451Time: 0.7 sec Urls: 601 Fingerprints: 40401
2452###################################################################################################
2453Version: 1.11.13-static
2454OpenSSL 1.0.2-chacha (1.0.2g-dev)
2455
2456Connected to 82.94.222.132
2457
2458Testing SSL server 82.94.222.132 on port 443 using SNI name 82.94.222.132
2459
2460 TLS Fallback SCSV:
2461Server supports TLS Fallback SCSV
2462
2463 TLS renegotiation:
2464Secure session renegotiation supported
2465
2466 TLS Compression:
2467Compression disabled
2468
2469 Heartbleed:
2470TLS 1.2 not vulnerable to heartbleed
2471TLS 1.1 not vulnerable to heartbleed
2472TLS 1.0 not vulnerable to heartbleed
2473
2474 Supported Server Cipher(s):
2475Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2476Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2477Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2478Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2479Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2480Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2481
2482 SSL Certificate:
2483Signature Algorithm: sha256WithRSAEncryption
2484RSA Key Strength: 2048
2485
2486Subject: boylinks.net
2487Altnames: DNS:boylinks.net, DNS:boylinks.org, DNS:www.boylinks.net, DNS:www.boylinks.org
2488Issuer: Let's Encrypt Authority X3
2489
2490Not valid before: Aug 3 23:07:57 2019 GMT
2491Not valid after: Nov 1 23:07:57 2019 GMT
2492###################################################################################################
2493+----------------------------+---------------------------------------------+------------------------------------------------+----------+----------+
2494| App Name | URL to Application | Potential Exploit | Username | Password |
2495+----------------------------+---------------------------------------------+------------------------------------------------+----------+----------+
2496| Linksys WRT54GL | http://82.94.222.132:80/apply.cgi | ./auxiliary/admin/http/linksys_wrt54gl_exec.rb | | |
2497| Plixer Scrutinizer NetFlow | https://82.94.222.132:443/cgi-bin/admin.cgi | ./auxiliary/admin/http/scrutinizer_add_user.rb | | |
2498+----------------------------+---------------------------------------------+------------------------------------------------+----------+----------+
2499##################################################################################################
2500Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 13:01 EDT
2501NSE: Loaded 47 scripts for scanning.
2502NSE: Script Pre-scanning.
2503Initiating NSE at 13:01
2504Completed NSE at 13:01, 0.00s elapsed
2505Initiating NSE at 13:01
2506Completed NSE at 13:01, 0.00s elapsed
2507Initiating Ping Scan at 13:01
2508Scanning 82.94.222.132 [4 ports]
2509Completed Ping Scan at 13:01, 0.15s elapsed (1 total hosts)
2510Initiating Parallel DNS resolution of 1 host. at 13:01
2511Completed Parallel DNS resolution of 1 host. at 13:01, 0.02s elapsed
2512Initiating SYN Stealth Scan at 13:01
2513Scanning 82.94.222.132 [65535 ports]
2514Discovered open port 443/tcp on 82.94.222.132
2515Discovered open port 80/tcp on 82.94.222.132
2516Discovered open port 993/tcp on 82.94.222.132
2517SYN Stealth Scan Timing: About 4.98% done; ETC: 13:11 (0:09:52 remaining)
2518Discovered open port 7152/tcp on 82.94.222.132
2519SYN Stealth Scan Timing: About 16.24% done; ETC: 13:07 (0:05:15 remaining)
2520SYN Stealth Scan Timing: About 29.75% done; ETC: 13:06 (0:03:35 remaining)
2521Discovered open port 7173/tcp on 82.94.222.132
2522Discovered open port 7163/tcp on 82.94.222.132
2523SYN Stealth Scan Timing: About 42.22% done; ETC: 13:05 (0:02:46 remaining)
2524SYN Stealth Scan Timing: About 53.69% done; ETC: 13:05 (0:02:10 remaining)
2525SYN Stealth Scan Timing: About 67.39% done; ETC: 13:05 (0:01:28 remaining)
2526SYN Stealth Scan Timing: About 51.78% done; ETC: 13:07 (0:03:16 remaining)
2527SYN Stealth Scan Timing: About 59.52% done; ETC: 13:07 (0:02:44 remaining)
2528SYN Stealth Scan Timing: About 68.86% done; ETC: 13:07 (0:02:03 remaining)
2529Discovered open port 7153/tcp on 82.94.222.132
2530SYN Stealth Scan Timing: About 79.05% done; ETC: 13:07 (0:01:20 remaining)
2531SYN Stealth Scan Timing: About 86.40% done; ETC: 13:07 (0:00:52 remaining)
2532Completed SYN Stealth Scan at 13:07, 378.91s elapsed (65535 total ports)
2533Initiating Service scan at 13:07
2534Scanning 7 services on 82.94.222.132
2535Completed Service scan at 13:07, 24.68s elapsed (7 services on 1 host)
2536Initiating OS detection (try #1) against 82.94.222.132
2537Retrying OS detection (try #2) against 82.94.222.132
2538Initiating Traceroute at 13:07
2539Completed Traceroute at 13:07, 0.30s elapsed
2540Initiating Parallel DNS resolution of 8 hosts. at 13:07
2541Completed Parallel DNS resolution of 8 hosts. at 13:08, 0.35s elapsed
2542NSE: Script scanning 82.94.222.132.
2543Initiating NSE at 13:08
2544Completed NSE at 13:08, 15.44s elapsed
2545Initiating NSE at 13:08
2546Completed NSE at 13:08, 2.58s elapsed
2547Nmap scan report for 82.94.222.132
2548Host is up (0.13s latency).
2549Not shown: 65512 filtered ports
2550PORT STATE SERVICE VERSION
255125/tcp closed smtp
255253/tcp closed domain
255380/tcp open http nginx
2554| vulscan: VulDB - https://vuldb.com:
2555| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2556| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2557| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2558| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2559| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2560| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2561| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2562| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2563| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2564| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2565| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2566| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2567| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2568| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2569| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2570| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2571| [67677] nginx up to 1.7.3 SSL weak authentication
2572| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2573| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2574| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2575| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2576| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2577| [8671] nginx up to 1.4 proxy_pass denial of service
2578| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2579| [7247] nginx 1.2.6 Proxy Function spoofing
2580| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2581| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2582| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2583| [59645] nginx up to 0.8.9 Heap-based memory corruption
2584| [53592] nginx 0.8.36 memory corruption
2585| [53590] nginx up to 0.8.9 unknown vulnerability
2586| [51533] nginx 0.7.64 Terminal privilege escalation
2587| [50905] nginx up to 0.8.9 directory traversal
2588| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2589| [50043] nginx up to 0.8.10 memory corruption
2590|
2591| MITRE CVE - https://cve.mitre.org:
2592| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2593| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2594| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2595| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2596| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2597| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2598| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2599| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2600| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2601| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2602| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2603| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2604| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2605|
2606| SecurityFocus - https://www.securityfocus.com/bid/:
2607| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2608| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2609| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2610| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2611| [82230] nginx Multiple Denial of Service Vulnerabilities
2612| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2613| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2614| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2615| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2616| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2617| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2618| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2619| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2620| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2621| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2622| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2623| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2624| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2625| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2626| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2627| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2628| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2629| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2630| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2631| [40420] nginx Directory Traversal Vulnerability
2632| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2633| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2634| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2635| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2636| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2637|
2638| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2639| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2640| [84172] nginx denial of service
2641| [84048] nginx buffer overflow
2642| [83923] nginx ngx_http_close_connection() integer overflow
2643| [83688] nginx null byte code execution
2644| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2645| [82319] nginx access.log information disclosure
2646| [80952] nginx SSL spoofing
2647| [77244] nginx and Microsoft Windows request security bypass
2648| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2649| [74831] nginx ngx_http_mp4_module.c buffer overflow
2650| [74191] nginx ngx_cpystrn() information disclosure
2651| [74045] nginx header response information disclosure
2652| [71355] nginx ngx_resolver_copy() buffer overflow
2653| [59370] nginx characters denial of service
2654| [59369] nginx DATA source code disclosure
2655| [59047] nginx space source code disclosure
2656| [58966] nginx unspecified directory traversal
2657| [54025] nginx ngx_http_parse.c denial of service
2658| [53431] nginx WebDAV component directory traversal
2659| [53328] Nginx CRC-32 cached domain name spoofing
2660| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2661|
2662| Exploit-DB - https://www.exploit-db.com:
2663| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2664| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2665| [25499] nginx 1.3.9-1.4.0 DoS PoC
2666| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2667| [14830] nginx 0.6.38 - Heap Corruption Exploit
2668| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2669| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2670| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2671| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2672| [9829] nginx 0.7.61 WebDAV directory traversal
2673|
2674| OpenVAS (Nessus) - http://www.openvas.org:
2675| [864418] Fedora Update for nginx FEDORA-2012-3846
2676| [864310] Fedora Update for nginx FEDORA-2012-6238
2677| [864209] Fedora Update for nginx FEDORA-2012-6411
2678| [864204] Fedora Update for nginx FEDORA-2012-6371
2679| [864121] Fedora Update for nginx FEDORA-2012-4006
2680| [864115] Fedora Update for nginx FEDORA-2012-3991
2681| [864065] Fedora Update for nginx FEDORA-2011-16075
2682| [863654] Fedora Update for nginx FEDORA-2011-16110
2683| [861232] Fedora Update for nginx FEDORA-2007-1158
2684| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2685| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2686| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2687| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2688| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2689| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2690| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2691| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2692| [100659] nginx Directory Traversal Vulnerability
2693| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2694| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2695| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2696| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2697| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2698| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2699| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2700| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2701| [71297] FreeBSD Ports: nginx
2702| [71276] FreeBSD Ports: nginx
2703| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2704| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2705| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2706| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2707| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2708| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2709| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2710| [64894] FreeBSD Ports: nginx
2711| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2712|
2713| SecurityTracker - https://www.securitytracker.com:
2714| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2715| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2716| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2717| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2718|
2719| OSVDB - http://www.osvdb.org:
2720| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2721| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2722| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2723| [92796] nginx ngx_http_close_connection Function Crafted r->
2724| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2725| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2726| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2727| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2728| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2729| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2730| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2731| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2732| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2733| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2734| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2735| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2736| [62617] nginx Internal DNS Cache Poisoning Weakness
2737| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2738| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2739| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2740| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2741| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2742| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2743| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2744| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2745| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2746| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2747|_
2748113/tcp closed ident
2749139/tcp closed netbios-ssn
2750220/tcp closed imap3
2751443/tcp open ssl/http nginx
2752| vulscan: VulDB - https://vuldb.com:
2753| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2754| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2755| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2756| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2757| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2758| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2759| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2760| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2761| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2762| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2763| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2764| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2765| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2766| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2767| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2768| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2769| [67677] nginx up to 1.7.3 SSL weak authentication
2770| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2771| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2772| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2773| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2774| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2775| [8671] nginx up to 1.4 proxy_pass denial of service
2776| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2777| [7247] nginx 1.2.6 Proxy Function spoofing
2778| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2779| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2780| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2781| [59645] nginx up to 0.8.9 Heap-based memory corruption
2782| [53592] nginx 0.8.36 memory corruption
2783| [53590] nginx up to 0.8.9 unknown vulnerability
2784| [51533] nginx 0.7.64 Terminal privilege escalation
2785| [50905] nginx up to 0.8.9 directory traversal
2786| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2787| [50043] nginx up to 0.8.10 memory corruption
2788|
2789| MITRE CVE - https://cve.mitre.org:
2790| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2791| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2792| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2793| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2794| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2795| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2796| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2797| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2798| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
2799| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
2800| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
2801| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
2802| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
2803|
2804| SecurityFocus - https://www.securityfocus.com/bid/:
2805| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
2806| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
2807| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
2808| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
2809| [82230] nginx Multiple Denial of Service Vulnerabilities
2810| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
2811| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
2812| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
2813| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
2814| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
2815| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
2816| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
2817| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
2818| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
2819| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
2820| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
2821| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
2822| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
2823| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
2824| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2825| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2826| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2827| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2828| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
2829| [40420] nginx Directory Traversal Vulnerability
2830| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2831| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2832| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2833| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2834| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
2835|
2836| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2837| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
2838| [84172] nginx denial of service
2839| [84048] nginx buffer overflow
2840| [83923] nginx ngx_http_close_connection() integer overflow
2841| [83688] nginx null byte code execution
2842| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
2843| [82319] nginx access.log information disclosure
2844| [80952] nginx SSL spoofing
2845| [77244] nginx and Microsoft Windows request security bypass
2846| [76778] Naxsi module for Nginx nx_extract.py directory traversal
2847| [74831] nginx ngx_http_mp4_module.c buffer overflow
2848| [74191] nginx ngx_cpystrn() information disclosure
2849| [74045] nginx header response information disclosure
2850| [71355] nginx ngx_resolver_copy() buffer overflow
2851| [59370] nginx characters denial of service
2852| [59369] nginx DATA source code disclosure
2853| [59047] nginx space source code disclosure
2854| [58966] nginx unspecified directory traversal
2855| [54025] nginx ngx_http_parse.c denial of service
2856| [53431] nginx WebDAV component directory traversal
2857| [53328] Nginx CRC-32 cached domain name spoofing
2858| [53250] Nginx ngx_http_parse_complex_uri() function code execution
2859|
2860| Exploit-DB - https://www.exploit-db.com:
2861| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
2862| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2863| [25499] nginx 1.3.9-1.4.0 DoS PoC
2864| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
2865| [14830] nginx 0.6.38 - Heap Corruption Exploit
2866| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
2867| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
2868| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
2869| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
2870| [9829] nginx 0.7.61 WebDAV directory traversal
2871|
2872| OpenVAS (Nessus) - http://www.openvas.org:
2873| [864418] Fedora Update for nginx FEDORA-2012-3846
2874| [864310] Fedora Update for nginx FEDORA-2012-6238
2875| [864209] Fedora Update for nginx FEDORA-2012-6411
2876| [864204] Fedora Update for nginx FEDORA-2012-6371
2877| [864121] Fedora Update for nginx FEDORA-2012-4006
2878| [864115] Fedora Update for nginx FEDORA-2012-3991
2879| [864065] Fedora Update for nginx FEDORA-2011-16075
2880| [863654] Fedora Update for nginx FEDORA-2011-16110
2881| [861232] Fedora Update for nginx FEDORA-2007-1158
2882| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
2883| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
2884| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
2885| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
2886| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
2887| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
2888| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
2889| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
2890| [100659] nginx Directory Traversal Vulnerability
2891| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
2892| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
2893| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
2894| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
2895| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
2896| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
2897| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
2898| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
2899| [71297] FreeBSD Ports: nginx
2900| [71276] FreeBSD Ports: nginx
2901| [71239] Debian Security Advisory DSA 2434-1 (nginx)
2902| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
2903| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
2904| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
2905| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
2906| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
2907| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
2908| [64894] FreeBSD Ports: nginx
2909| [64869] Debian Security Advisory DSA 1884-1 (nginx)
2910|
2911| SecurityTracker - https://www.securitytracker.com:
2912| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
2913| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
2914| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
2915| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
2916|
2917| OSVDB - http://www.osvdb.org:
2918| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
2919| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
2920| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
2921| [92796] nginx ngx_http_close_connection Function Crafted r->
2922| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
2923| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
2924| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
2925| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
2926| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
2927| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
2928| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
2929| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
2930| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
2931| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
2932| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
2933| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
2934| [62617] nginx Internal DNS Cache Poisoning Weakness
2935| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
2936| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
2937| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
2938| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
2939| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
2940| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
2941| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
2942| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
2943| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
2944| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
2945|_
2946445/tcp closed microsoft-ds
2947587/tcp closed submission
2948993/tcp open ssl/imaps?
2949995/tcp closed pop3s
29505151/tcp closed esri_sde
29515153/tcp closed toruxserver
29527152/tcp open ssl/http nginx
2953| vulscan: VulDB - https://vuldb.com:
2954| [133852] Sangfor Sundray WLAN Controller up to 3.7.4.2 Cookie Header nginx_webconsole.php Code Execution
2955| [132132] SoftNAS Cloud 4.2.0/4.2.1 Nginx privilege escalation
2956| [131858] Puppet Discovery up to 1.3.x Nginx Container weak authentication
2957| [130644] Nginx Unit up to 1.7.0 Router Process Request Heap-based memory corruption
2958| [127759] VeryNginx 0.3.3 Web Application Firewall privilege escalation
2959| [126525] nginx up to 1.14.0/1.15.5 ngx_http_mp4_module Loop denial of service
2960| [126524] nginx up to 1.14.0/1.15.5 HTTP2 CPU Exhaustion denial of service
2961| [126523] nginx up to 1.14.0/1.15.5 HTTP2 Memory Consumption denial of service
2962| [119845] Pivotal Operations Manager up to 2.0.13/2.1.5 Nginx privilege escalation
2963| [114368] SuSE Portus 2.3 Nginx Certificate weak authentication
2964| [103517] nginx up to 1.13.2 Range Filter Request Integer Overflow memory corruption
2965| [89849] nginx RFC 3875 Namespace Conflict Environment Variable Open Redirect
2966| [87719] nginx up to 1.11.0 ngx_files.c ngx_chain_to_iovec denial of service
2967| [80760] nginx 0.6.18/1.9.9 DNS CNAME Record Crash denial of service
2968| [80759] nginx 0.6.18/1.9.9 DNS CNAME Record Use-After-Free denial of service
2969| [80758] nginx 0.6.18/1.9.9 DNS UDP Packet Crash denial of service
2970| [67677] nginx up to 1.7.3 SSL weak authentication
2971| [67296] nginx up to 1.7.3 SMTP Proxy ngx_mail_smtp_starttls privilege escalation
2972| [12822] nginx up to 1.5.11 SPDY SPDY Request Heap-based memory corruption
2973| [12824] nginx 1.5.10 on 32-bit SPDY memory corruption
2974| [11237] nginx up to 1.5.6 URI String Bypass privilege escalation
2975| [65364] nginx up to 1.1.13 Default Configuration information disclosure
2976| [8671] nginx up to 1.4 proxy_pass denial of service
2977| [8618] nginx 1.3.9/1.4.0 http/ngx_http_parse.c ngx_http_parse_chunked() memory corruption
2978| [7247] nginx 1.2.6 Proxy Function spoofing
2979| [61434] nginx 1.2.0/1.3.0 on Windows Access Restriction privilege escalation
2980| [5293] nginx up to 1.1.18 ngx_http_mp4_module MP4 File memory corruption
2981| [4843] nginx up to 1.0.13/1.1.16 HTTP Header Response Parser ngx_http_parse.c information disclosure
2982| [59645] nginx up to 0.8.9 Heap-based memory corruption
2983| [53592] nginx 0.8.36 memory corruption
2984| [53590] nginx up to 0.8.9 unknown vulnerability
2985| [51533] nginx 0.7.64 Terminal privilege escalation
2986| [50905] nginx up to 0.8.9 directory traversal
2987| [50903] nginx up to 0.8.10 NULL Pointer Dereference denial of service
2988| [50043] nginx up to 0.8.10 memory corruption
2989|
2990| MITRE CVE - https://cve.mitre.org:
2991| [CVE-2013-2070] http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service (crash) and obtain sensitive information from worker process memory via a crafted proxy response, a similar vulnerability to CVE-2013-2028.
2992| [CVE-2013-2028] The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
2993| [CVE-2012-3380] Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.
2994| [CVE-2012-2089] Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.
2995| [CVE-2012-1180] Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.
2996| [CVE-2011-4963] nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via (1) a trailing . (dot) or (2) certain "$index_allocation" sequences in a request.
2997| [CVE-2011-4315] Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.
2998| [CVE-2010-2266] nginx 0.8.36 allows remote attackers to cause a denial of service (crash) via certain encoded directory traversal sequences that trigger memory corruption, as demonstrated using the "%c0.%c0." sequence.
2999| [CVE-2010-2263] nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on Windows, allows remote attackers to obtain source code or unparsed content of arbitrary files under the web document root by appending ::$DATA to the URI.
3000| [CVE-2009-4487] nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
3001| [CVE-2009-3898] Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
3002| [CVE-2009-3896] src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.
3003| [CVE-2009-2629] Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.
3004|
3005| SecurityFocus - https://www.securityfocus.com/bid/:
3006| [99534] Nginx CVE-2017-7529 Remote Integer Overflow Vulnerability
3007| [93903] Nginx CVE-2016-1247 Remote Privilege Escalation Vulnerability
3008| [91819] Nginx CVE-2016-1000105 Security Bypass Vulnerability
3009| [90967] nginx CVE-2016-4450 Denial of Service Vulnerability
3010| [82230] nginx Multiple Denial of Service Vulnerabilities
3011| [78928] Nginx CVE-2010-2266 Denial-Of-Service Vulnerability
3012| [70025] nginx CVE-2014-3616 SSL Session Fixation Vulnerability
3013| [69111] nginx SMTP Proxy Remote Command Injection Vulnerability
3014| [67507] nginx SPDY Implementation CVE-2014-0088 Arbitrary Code Execution Vulnerability
3015| [66537] nginx SPDY Implementation Heap Based Buffer Overflow Vulnerability
3016| [63814] nginx CVE-2013-4547 URI Processing Security Bypass Vulnerability
3017| [59824] Nginx CVE-2013-2070 Remote Security Vulnerability
3018| [59699] nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
3019| [59496] nginx 'ngx_http_close_connection()' Remote Integer Overflow Vulnerability
3020| [59323] nginx NULL-Byte Arbitrary Code Execution Vulnerability
3021| [58105] Nginx 'access.log' Insecure File Permissions Vulnerability
3022| [57139] nginx CVE-2011-4968 Man in The Middle Vulnerability
3023| [55920] nginx CVE-2011-4963 Security Bypass Vulnerability
3024| [54331] Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
3025| [52999] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3026| [52578] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3027| [50710] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3028| [40760] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3029| [40434] nginx Space String Remote Source Code Disclosure Vulnerability
3030| [40420] nginx Directory Traversal Vulnerability
3031| [37711] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3032| [36839] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3033| [36490] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3034| [36438] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3035| [36384] nginx HTTP Request Remote Buffer Overflow Vulnerability
3036|
3037| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3038| [84623] Phusion Passenger gem for Ruby with nginx configuration insecure permissions
3039| [84172] nginx denial of service
3040| [84048] nginx buffer overflow
3041| [83923] nginx ngx_http_close_connection() integer overflow
3042| [83688] nginx null byte code execution
3043| [83103] Naxsi module for Nginx naxsi_unescape_uri() function security bypass
3044| [82319] nginx access.log information disclosure
3045| [80952] nginx SSL spoofing
3046| [77244] nginx and Microsoft Windows request security bypass
3047| [76778] Naxsi module for Nginx nx_extract.py directory traversal
3048| [74831] nginx ngx_http_mp4_module.c buffer overflow
3049| [74191] nginx ngx_cpystrn() information disclosure
3050| [74045] nginx header response information disclosure
3051| [71355] nginx ngx_resolver_copy() buffer overflow
3052| [59370] nginx characters denial of service
3053| [59369] nginx DATA source code disclosure
3054| [59047] nginx space source code disclosure
3055| [58966] nginx unspecified directory traversal
3056| [54025] nginx ngx_http_parse.c denial of service
3057| [53431] nginx WebDAV component directory traversal
3058| [53328] Nginx CRC-32 cached domain name spoofing
3059| [53250] Nginx ngx_http_parse_complex_uri() function code execution
3060|
3061| Exploit-DB - https://www.exploit-db.com:
3062| [26737] nginx 1.3.9/1.4.0 x86 Brute Force Remote Exploit
3063| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
3064| [25499] nginx 1.3.9-1.4.0 DoS PoC
3065| [24967] nginx 0.6.x Arbitrary Code Execution NullByte Injection
3066| [14830] nginx 0.6.38 - Heap Corruption Exploit
3067| [13822] Nginx <= 0.7.65 / 0.8.39 (dev) Source Disclosure / Download Vulnerability
3068| [13818] Nginx 0.8.36 Source Disclosure and DoS Vulnerabilities
3069| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3070| [9901] nginx 0.7.0-0.7.61, 0.6.0-0.6.38, 0.5.0-0.5.37, 0.4.0-0.4.14 PoC
3071| [9829] nginx 0.7.61 WebDAV directory traversal
3072|
3073| OpenVAS (Nessus) - http://www.openvas.org:
3074| [864418] Fedora Update for nginx FEDORA-2012-3846
3075| [864310] Fedora Update for nginx FEDORA-2012-6238
3076| [864209] Fedora Update for nginx FEDORA-2012-6411
3077| [864204] Fedora Update for nginx FEDORA-2012-6371
3078| [864121] Fedora Update for nginx FEDORA-2012-4006
3079| [864115] Fedora Update for nginx FEDORA-2012-3991
3080| [864065] Fedora Update for nginx FEDORA-2011-16075
3081| [863654] Fedora Update for nginx FEDORA-2011-16110
3082| [861232] Fedora Update for nginx FEDORA-2007-1158
3083| [850180] SuSE Update for nginx openSUSE-SU-2012:0237-1 (nginx)
3084| [831680] Mandriva Update for nginx MDVSA-2012:043 (nginx)
3085| [802045] 64-bit Debian Linux Rootkit with nginx Doing iFrame Injection
3086| [801636] nginx HTTP Request Remote Buffer Overflow Vulnerability
3087| [103470] nginx 'ngx_http_mp4_module.c' Buffer Overflow Vulnerability
3088| [103469] nginx 'ngx_cpystrn()' Information Disclosure Vulnerability
3089| [103344] nginx DNS Resolver Remote Heap Buffer Overflow Vulnerability
3090| [100676] nginx Remote Source Code Disclosure and Denial of Service Vulnerabilities
3091| [100659] nginx Directory Traversal Vulnerability
3092| [100658] nginx Space String Remote Source Code Disclosure Vulnerability
3093| [100441] nginx Terminal Escape Sequence in Logs Command Injection Vulnerability
3094| [100321] nginx 'ngx_http_process_request_headers()' Remote Buffer Overflow Vulnerability
3095| [100277] nginx Proxy DNS Cache Domain Spoofing Vulnerability
3096| [100276] nginx HTTP Request Remote Buffer Overflow Vulnerability
3097| [100275] nginx WebDAV Multiple Directory Traversal Vulnerabilities
3098| [71574] Gentoo Security Advisory GLSA 201206-07 (nginx)
3099| [71308] Gentoo Security Advisory GLSA 201203-22 (nginx)
3100| [71297] FreeBSD Ports: nginx
3101| [71276] FreeBSD Ports: nginx
3102| [71239] Debian Security Advisory DSA 2434-1 (nginx)
3103| [66451] Fedora Core 11 FEDORA-2009-12782 (nginx)
3104| [66450] Fedora Core 10 FEDORA-2009-12775 (nginx)
3105| [66449] Fedora Core 12 FEDORA-2009-12750 (nginx)
3106| [64924] Gentoo Security Advisory GLSA 200909-18 (nginx)
3107| [64912] Fedora Core 10 FEDORA-2009-9652 (nginx)
3108| [64911] Fedora Core 11 FEDORA-2009-9630 (nginx)
3109| [64894] FreeBSD Ports: nginx
3110| [64869] Debian Security Advisory DSA 1884-1 (nginx)
3111|
3112| SecurityTracker - https://www.securitytracker.com:
3113| [1028544] nginx Bug Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
3114| [1028519] nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
3115| [1026924] nginx Buffer Overflow in ngx_http_mp4_module Lets Remote Users Execute Arbitrary Code
3116| [1026827] nginx HTTP Response Processing Lets Remote Users Obtain Portions of Memory Contents
3117|
3118| OSVDB - http://www.osvdb.org:
3119| [94864] cPnginx Plugin for cPanel nginx Configuration Manipulation Arbitrary File Access
3120| [93282] nginx proxy_pass Crafted Upstream Proxied Server Response Handling Worker Process Memory Disclosure
3121| [93037] nginx /http/ngx_http_parse.c Worker Process Crafted Request Handling Remote Overflow
3122| [92796] nginx ngx_http_close_connection Function Crafted r->
3123| [92634] nginx ngx_http_request.h zero_in_uri URL Null Byte Handling Remote Code Execution
3124| [90518] nginx Log Directory Permission Weakness Local Information Disclosure
3125| [88910] nginx Proxy Functionality SSL Certificate Validation MitM Spoofing Weakness
3126| [84339] nginx/Windows Multiple Request Sequence Parsing Arbitrary File Access
3127| [83617] Naxsi Module for Nginx naxsi-ui/ nx_extract.py Traversal Arbitrary File Access
3128| [81339] nginx ngx_http_mp4_module Module Atom MP4 File Handling Remote Overflow
3129| [80124] nginx HTTP Header Response Parsing Freed Memory Information Disclosure
3130| [77184] nginx ngx_resolver.c ngx_resolver_copy() Function DNS Response Parsing Remote Overflow
3131| [65531] nginx on Windows URI ::$DATA Append Arbitrary File Access
3132| [65530] nginx Encoded Traversal Sequence Memory Corruption Remote DoS
3133| [65294] nginx on Windows Encoded Space Request Remote Source Disclosure
3134| [63136] nginx on Windows 8.3 Filename Alias Request Access Rules / Authentication Bypass
3135| [62617] nginx Internal DNS Cache Poisoning Weakness
3136| [61779] nginx HTTP Request Escape Sequence Terminal Command Injection
3137| [59278] nginx src/http/ngx_http_parse.c ngx_http_process_request_headers() Function URL Handling NULL Dereference DoS
3138| [58328] nginx WebDAV Multiple Method Traversal Arbitrary File Write
3139| [58128] nginx ngx_http_parse_complex_uri() Function Underflow
3140| [44447] nginx (engine x) msie_refresh Directive Unspecified XSS
3141| [44446] nginx (engine x) ssl_verify_client Directive HTTP/0.9 Protocol Bypass
3142| [44445] nginx (engine x) ngx_http_realip_module satisfy_any Directive Unspecified Access Bypass
3143| [44444] nginx (engine x) X-Accel-Redirect Header Unspecified Traversal
3144| [44443] nginx (engine x) rtsig Method Signal Queue Overflow
3145| [44442] nginx (engine x) Worker Process Millisecond Timers Unspecified Overflow
3146|_
31477153/tcp open ssl/http Apache httpd
3148|_http-server-header: Apache
3149| vulscan: VulDB - https://vuldb.com:
3150| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3151| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3152| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3153| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3154| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3155| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3156| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3157| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3158| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3159| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3160| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3161| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3162| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3163| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3164| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3165| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3166| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3167| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3168| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3169| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3170| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3171| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3172| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3173| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3174| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3175| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3176| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3177| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3178| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3179| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3180| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3181| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3182| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3183| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3184| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3185| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3186| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3187| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3188| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3189| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3190| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3191| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3192| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3193| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3194| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3195| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3196| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3197| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3198| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3199| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3200| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3201| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3202| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3203| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3204| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3205| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3206| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3207| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3208| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3209| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3210| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3211| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3212| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3213| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3214| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3215| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3216| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3217| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3218| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3219| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3220| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3221| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3222| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3223| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3224| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3225| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3226| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3227| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3228| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3229| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3230| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3231| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3232| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3233| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3234| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3235| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3236| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3237| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3238| [136370] Apache Fineract up to 1.2.x sql injection
3239| [136369] Apache Fineract up to 1.2.x sql injection
3240| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3241| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3242| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3243| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3244| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3245| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3246| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3247| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3248| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3249| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3250| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3251| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3252| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3253| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3254| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3255| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3256| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3257| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3258| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3259| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3260| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3261| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3262| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3263| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3264| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3265| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3266| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3267| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3268| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3269| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3270| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3271| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3272| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3273| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3274| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3275| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3276| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3277| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3278| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3279| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3280| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3281| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3282| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3283| [130629] Apache Guacamole Cookie Flag weak encryption
3284| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3285| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3286| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3287| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3288| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3289| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3290| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3291| [130123] Apache Airflow up to 1.8.2 information disclosure
3292| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3293| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3294| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3295| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3296| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3297| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3298| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3299| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3300| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3301| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3302| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3303| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3304| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3305| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3306| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3307| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3308| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3309| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3310| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3311| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3312| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3313| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3314| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3315| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3316| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3317| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3318| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3319| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3320| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3321| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3322| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3323| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3324| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3325| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3326| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3327| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3328| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3329| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3330| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3331| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3332| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3333| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3334| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3335| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3336| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3337| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3338| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3339| [127007] Apache Spark Request Code Execution
3340| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3341| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3342| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3343| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3344| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3345| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3346| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3347| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
3348| [126346] Apache Tomcat Path privilege escalation
3349| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
3350| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
3351| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
3352| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
3353| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
3354| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
3355| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
3356| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
3357| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
3358| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
3359| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
3360| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3361| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
3362| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
3363| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
3364| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
3365| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
3366| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
3367| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
3368| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
3369| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
3370| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
3371| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
3372| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
3373| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
3374| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
3375| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
3376| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
3377| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
3378| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
3379| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
3380| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
3381| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
3382| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
3383| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
3384| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
3385| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
3386| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
3387| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
3388| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
3389| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
3390| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
3391| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
3392| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
3393| [123197] Apache Sentry up to 2.0.0 privilege escalation
3394| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
3395| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
3396| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
3397| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
3398| [122800] Apache Spark 1.3.0 REST API weak authentication
3399| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
3400| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
3401| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
3402| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
3403| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
3404| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
3405| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
3406| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
3407| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
3408| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
3409| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
3410| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
3411| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
3412| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
3413| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
3414| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
3415| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
3416| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
3417| [121354] Apache CouchDB HTTP API Code Execution
3418| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
3419| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
3420| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
3421| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
3422| [120168] Apache CXF weak authentication
3423| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
3424| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
3425| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
3426| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
3427| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
3428| [119306] Apache MXNet Network Interface privilege escalation
3429| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
3430| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
3431| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
3432| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
3433| [118143] Apache NiFi activemq-client Library Deserialization denial of service
3434| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
3435| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
3436| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
3437| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
3438| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
3439| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
3440| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
3441| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
3442| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
3443| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
3444| [117115] Apache Tika up to 1.17 tika-server command injection
3445| [116929] Apache Fineract getReportType Parameter privilege escalation
3446| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
3447| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
3448| [116926] Apache Fineract REST Parameter privilege escalation
3449| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
3450| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
3451| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
3452| [115883] Apache Hive up to 2.3.2 privilege escalation
3453| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
3454| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
3455| [115518] Apache Ignite 2.3 Deserialization privilege escalation
3456| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
3457| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
3458| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
3459| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
3460| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
3461| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
3462| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
3463| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
3464| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
3465| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
3466| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
3467| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
3468| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
3469| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
3470| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
3471| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
3472| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
3473| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
3474| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
3475| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
3476| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
3477| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
3478| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
3479| [113895] Apache Geode up to 1.3.x Code Execution
3480| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
3481| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
3482| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
3483| [113747] Apache Tomcat Servlets privilege escalation
3484| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
3485| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
3486| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
3487| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
3488| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
3489| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3490| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
3491| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
3492| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
3493| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
3494| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
3495| [112885] Apache Allura up to 1.8.0 File information disclosure
3496| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
3497| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
3498| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
3499| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
3500| [112625] Apache POI up to 3.16 Loop denial of service
3501| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
3502| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
3503| [112339] Apache NiFi 1.5.0 Header privilege escalation
3504| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
3505| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
3506| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
3507| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
3508| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
3509| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
3510| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
3511| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
3512| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
3513| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
3514| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
3515| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
3516| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
3517| [112114] Oracle 9.1 Apache Log4j privilege escalation
3518| [112113] Oracle 9.1 Apache Log4j privilege escalation
3519| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
3520| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
3521| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
3522| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
3523| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
3524| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
3525| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
3526| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
3527| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
3528| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
3529| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
3530| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
3531| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
3532| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
3533| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
3534| [110701] Apache Fineract Query Parameter sql injection
3535| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
3536| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
3537| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
3538| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
3539| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
3540| [110106] Apache CXF Fediz Spring cross site request forgery
3541| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
3542| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
3543| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
3544| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
3545| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
3546| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
3547| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
3548| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
3549| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
3550| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
3551| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
3552| [108938] Apple macOS up to 10.13.1 apache denial of service
3553| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
3554| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
3555| [108935] Apple macOS up to 10.13.1 apache denial of service
3556| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
3557| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
3558| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
3559| [108931] Apple macOS up to 10.13.1 apache denial of service
3560| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
3561| [108929] Apple macOS up to 10.13.1 apache denial of service
3562| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
3563| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
3564| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
3565| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
3566| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
3567| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
3568| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
3569| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
3570| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
3571| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
3572| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
3573| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
3574| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
3575| [108782] Apache Xerces2 XML Service denial of service
3576| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
3577| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
3578| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
3579| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
3580| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
3581| [108629] Apache OFBiz up to 10.04.01 privilege escalation
3582| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
3583| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
3584| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
3585| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
3586| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
3587| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
3588| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
3589| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
3590| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
3591| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
3592| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
3593| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
3594| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
3595| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
3596| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
3597| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
3598| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
3599| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3600| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
3601| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
3602| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
3603| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
3604| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
3605| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
3606| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
3607| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
3608| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
3609| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
3610| [107639] Apache NiFi 1.4.0 XML External Entity
3611| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
3612| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
3613| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
3614| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
3615| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
3616| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
3617| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
3618| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
3619| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
3620| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
3621| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
3622| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3623| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
3624| [107197] Apache Xerces Jelly Parser XML File XML External Entity
3625| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
3626| [107084] Apache Struts up to 2.3.19 cross site scripting
3627| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
3628| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
3629| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
3630| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
3631| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
3632| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
3633| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
3634| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
3635| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
3636| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
3637| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
3638| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
3639| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3640| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
3641| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
3642| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
3643| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
3644| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
3645| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
3646| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
3647| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
3648| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
3649| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
3650| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
3651| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
3652| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
3653| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
3654| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
3655| [105878] Apache Struts up to 2.3.24.0 privilege escalation
3656| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
3657| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
3658| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
3659| [105643] Apache Pony Mail up to 0.8b weak authentication
3660| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
3661| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
3662| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
3663| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
3664| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
3665| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
3666| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
3667| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
3668| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
3669| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
3670| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
3671| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
3672| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
3673| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
3674| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
3675| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
3676| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
3677| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
3678| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
3679| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
3680| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
3681| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
3682| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
3683| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
3684| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
3685| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
3686| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
3687| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
3688| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
3689| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
3690| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
3691| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
3692| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
3693| [103690] Apache OpenMeetings 1.0.0 sql injection
3694| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
3695| [103688] Apache OpenMeetings 1.0.0 weak encryption
3696| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
3697| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
3698| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
3699| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
3700| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
3701| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
3702| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
3703| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
3704| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
3705| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
3706| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
3707| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
3708| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
3709| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
3710| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
3711| [103352] Apache Solr Node weak authentication
3712| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
3713| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
3714| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
3715| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
3716| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
3717| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
3718| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
3719| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
3720| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
3721| [102536] Apache Ranger up to 0.6 Stored cross site scripting
3722| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
3723| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
3724| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
3725| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
3726| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
3727| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
3728| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
3729| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
3730| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
3731| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
3732| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
3733| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
3734| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
3735| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
3736| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
3737| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
3738| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
3739| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
3740| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
3741| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
3742| [99937] Apache Batik up to 1.8 privilege escalation
3743| [99936] Apache FOP up to 2.1 privilege escalation
3744| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
3745| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
3746| [99930] Apache Traffic Server up to 6.2.0 denial of service
3747| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
3748| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
3749| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
3750| [117569] Apache Hadoop up to 2.7.3 privilege escalation
3751| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
3752| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
3753| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
3754| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
3755| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
3756| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
3757| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
3758| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
3759| [99014] Apache Camel Jackson/JacksonXML privilege escalation
3760| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3761| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
3762| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
3763| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
3764| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
3765| [98605] Apple macOS up to 10.12.3 Apache denial of service
3766| [98604] Apple macOS up to 10.12.3 Apache denial of service
3767| [98603] Apple macOS up to 10.12.3 Apache denial of service
3768| [98602] Apple macOS up to 10.12.3 Apache denial of service
3769| [98601] Apple macOS up to 10.12.3 Apache denial of service
3770| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
3771| [98405] Apache Hadoop up to 0.23.10 privilege escalation
3772| [98199] Apache Camel Validation XML External Entity
3773| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
3774| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
3775| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
3776| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
3777| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
3778| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
3779| [97081] Apache Tomcat HTTPS Request denial of service
3780| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
3781| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
3782| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
3783| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
3784| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
3785| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
3786| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
3787| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
3788| [95311] Apache Storm UI Daemon privilege escalation
3789| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
3790| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
3791| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
3792| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
3793| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
3794| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
3795| [94540] Apache Tika 1.9 tika-server File information disclosure
3796| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
3797| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
3798| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
3799| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
3800| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
3801| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
3802| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3803| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
3804| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
3805| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
3806| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
3807| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
3808| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
3809| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
3810| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3811| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
3812| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
3813| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
3814| [93532] Apache Commons Collections Library Java privilege escalation
3815| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
3816| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
3817| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
3818| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
3819| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
3820| [93098] Apache Commons FileUpload privilege escalation
3821| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
3822| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
3823| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
3824| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
3825| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
3826| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
3827| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
3828| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
3829| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
3830| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
3831| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
3832| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
3833| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
3834| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
3835| [92549] Apache Tomcat on Red Hat privilege escalation
3836| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
3837| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
3838| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
3839| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
3840| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
3841| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
3842| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
3843| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
3844| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
3845| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
3846| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
3847| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
3848| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
3849| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
3850| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
3851| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
3852| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
3853| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
3854| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
3855| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
3856| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
3857| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
3858| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
3859| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
3860| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
3861| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
3862| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
3863| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
3864| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
3865| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
3866| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
3867| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
3868| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
3869| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
3870| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
3871| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
3872| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
3873| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
3874| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
3875| [90263] Apache Archiva Header denial of service
3876| [90262] Apache Archiva Deserialize privilege escalation
3877| [90261] Apache Archiva XML DTD Connection privilege escalation
3878| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
3879| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
3880| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
3881| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
3882| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3883| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
3884| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
3885| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
3886| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
3887| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
3888| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
3889| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
3890| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
3891| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
3892| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
3893| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
3894| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
3895| [87765] Apache James Server 2.3.2 Command privilege escalation
3896| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
3897| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
3898| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
3899| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
3900| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
3901| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
3902| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
3903| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
3904| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
3905| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3906| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3907| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
3908| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
3909| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
3910| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3911| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
3912| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
3913| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
3914| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
3915| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
3916| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
3917| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
3918| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
3919| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
3920| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
3921| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
3922| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
3923| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
3924| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
3925| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
3926| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
3927| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
3928| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
3929| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
3930| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
3931| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
3932| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
3933| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
3934| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
3935| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
3936| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
3937| [82076] Apache Ranger up to 0.5.1 privilege escalation
3938| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
3939| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
3940| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
3941| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
3942| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
3943| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
3944| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
3945| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
3946| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
3947| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
3948| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
3949| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
3950| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3951| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
3952| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
3953| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
3954| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
3955| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
3956| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
3957| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
3958| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
3959| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
3960| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
3961| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
3962| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
3963| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
3964| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
3965| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
3966| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
3967| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
3968| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
3969| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
3970| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
3971| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
3972| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
3973| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
3974| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
3975| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
3976| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
3977| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
3978| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
3979| [79791] Cisco Products Apache Commons Collections Library privilege escalation
3980| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3981| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
3982| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
3983| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
3984| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
3985| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
3986| [78989] Apache Ambari up to 2.1.1 Open Redirect
3987| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
3988| [78987] Apache Ambari up to 2.0.x cross site scripting
3989| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
3990| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3991| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
3992| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3993| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3994| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3995| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3996| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
3997| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
3998| [77406] Apache Flex BlazeDS AMF Message XML External Entity
3999| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4000| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4001| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4002| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4003| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4004| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4005| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4006| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4007| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4008| [76567] Apache Struts 2.3.20 unknown vulnerability
4009| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4010| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4011| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4012| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4013| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4014| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4015| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4016| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4017| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4018| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4019| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4020| [74793] Apache Tomcat File Upload denial of service
4021| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4022| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4023| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4024| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4025| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4026| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4027| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4028| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4029| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4030| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4031| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4032| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4033| [74468] Apache Batik up to 1.6 denial of service
4034| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4035| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4036| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4037| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4038| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4039| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4040| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4041| [73731] Apache XML Security unknown vulnerability
4042| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4043| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4044| [73593] Apache Traffic Server up to 5.1.0 denial of service
4045| [73511] Apache POI up to 3.10 Deadlock denial of service
4046| [73510] Apache Solr up to 4.3.0 cross site scripting
4047| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4048| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4049| [73173] Apache CloudStack Stack-Based unknown vulnerability
4050| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4051| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4052| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4053| [72890] Apache Qpid 0.30 unknown vulnerability
4054| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4055| [72878] Apache Cordova 3.5.0 cross site request forgery
4056| [72877] Apache Cordova 3.5.0 cross site request forgery
4057| [72876] Apache Cordova 3.5.0 cross site request forgery
4058| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4059| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4060| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4061| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4062| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4063| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4064| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4065| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4066| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4067| [71629] Apache Axis2/C spoofing
4068| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4069| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4070| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4071| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4072| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4073| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4074| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4075| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4076| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4077| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4078| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4079| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4080| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4081| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4082| [70809] Apache POI up to 3.11 Crash denial of service
4083| [70808] Apache POI up to 3.10 unknown vulnerability
4084| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4085| [70749] Apache Axis up to 1.4 getCN spoofing
4086| [70701] Apache Traffic Server up to 3.3.5 denial of service
4087| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4088| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4089| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4090| [70661] Apache Subversion up to 1.6.17 denial of service
4091| [70660] Apache Subversion up to 1.6.17 spoofing
4092| [70659] Apache Subversion up to 1.6.17 spoofing
4093| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4094| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4095| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4096| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4097| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4098| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4099| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4100| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4101| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4102| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4103| [69846] Apache HBase up to 0.94.8 information disclosure
4104| [69783] Apache CouchDB up to 1.2.0 memory corruption
4105| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4106| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4107| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4108| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4109| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4110| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4111| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4112| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4113| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4114| [69431] Apache Archiva up to 1.3.6 cross site scripting
4115| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4116| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4117| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4118| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4119| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4120| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4121| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4122| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4123| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4124| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4125| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4126| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4127| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4128| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4129| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4130| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4131| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4132| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4133| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4134| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4135| [66356] Apache Wicket up to 6.8.0 information disclosure
4136| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4137| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4138| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4139| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4140| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4141| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4142| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4143| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4144| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4145| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4146| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4147| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4148| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4149| [65668] Apache Solr 4.0.0 Updater denial of service
4150| [65665] Apache Solr up to 4.3.0 denial of service
4151| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4152| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4153| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4154| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4155| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4156| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4157| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4158| [65410] Apache Struts 2.3.15.3 cross site scripting
4159| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4160| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4161| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4162| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4163| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4164| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4165| [65340] Apache Shindig 2.5.0 information disclosure
4166| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4167| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4168| [10826] Apache Struts 2 File privilege escalation
4169| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4170| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4171| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4172| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4173| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4174| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4175| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4176| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4177| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4178| [64722] Apache XML Security for C++ Heap-based memory corruption
4179| [64719] Apache XML Security for C++ Heap-based memory corruption
4180| [64718] Apache XML Security for C++ verify denial of service
4181| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4182| [64716] Apache XML Security for C++ spoofing
4183| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4184| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4185| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4186| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4187| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4188| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4189| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4190| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4191| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4192| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4193| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4194| [64467] Apache Geronimo 3.0 memory corruption
4195| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4196| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4197| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4198| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4199| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4200| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4201| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4202| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4203| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4204| [8873] Apache Struts 2.3.14 privilege escalation
4205| [8872] Apache Struts 2.3.14 privilege escalation
4206| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4207| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4208| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4209| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4210| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4211| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4212| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4213| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4214| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4215| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4216| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4217| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4218| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4219| [8427] Apache Tomcat Session Transaction weak authentication
4220| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4221| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4222| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4223| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4224| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4225| [63747] Apache Rave up to 0.20 User Account information disclosure
4226| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4227| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4228| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4229| [7687] Apache CXF up to 2.7.2 Token weak authentication
4230| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4231| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4232| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4233| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4234| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4235| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4236| [63090] Apache Tomcat up to 4.1.24 denial of service
4237| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4238| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4239| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4240| [62833] Apache CXF -/2.6.0 spoofing
4241| [62832] Apache Axis2 up to 1.6.2 spoofing
4242| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4243| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4244| [62826] Apache Libcloud up to 0.11.0 spoofing
4245| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4246| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4247| [62661] Apache Axis2 unknown vulnerability
4248| [62658] Apache Axis2 unknown vulnerability
4249| [62467] Apache Qpid up to 0.17 denial of service
4250| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4251| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4252| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4253| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4254| [62035] Apache Struts up to 2.3.4 denial of service
4255| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4256| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4257| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4258| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4259| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4260| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4261| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4262| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4263| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4264| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4265| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4266| [61229] Apache Sling up to 2.1.1 denial of service
4267| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4268| [61094] Apache Roller up to 5.0 cross site scripting
4269| [61093] Apache Roller up to 5.0 cross site request forgery
4270| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4271| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4272| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4273| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4274| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4275| [60708] Apache Qpid 0.12 unknown vulnerability
4276| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4277| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4278| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4279| [4882] Apache Wicket up to 1.5.4 directory traversal
4280| [4881] Apache Wicket up to 1.4.19 cross site scripting
4281| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4282| [60352] Apache Struts up to 2.2.3 memory corruption
4283| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4284| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4285| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4286| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4287| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4288| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4289| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4290| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4291| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4292| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4293| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4294| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4295| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4296| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4297| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4298| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4299| [59888] Apache Tomcat up to 6.0.6 denial of service
4300| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4301| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4302| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4303| [59850] Apache Geronimo up to 2.2.1 denial of service
4304| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4305| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4306| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4307| [58413] Apache Tomcat up to 6.0.10 spoofing
4308| [58381] Apache Wicket up to 1.4.17 cross site scripting
4309| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4310| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4311| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4312| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4313| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4314| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4315| [57568] Apache Archiva up to 1.3.4 cross site scripting
4316| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4317| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4318| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4319| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4320| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4321| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4322| [57025] Apache Tomcat up to 7.0.11 information disclosure
4323| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4324| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4325| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4326| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4327| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4328| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4329| [56512] Apache Continuum up to 1.4.0 cross site scripting
4330| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4331| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4332| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4333| [56441] Apache Tomcat up to 7.0.6 denial of service
4334| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4335| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4336| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4337| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4338| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4339| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4340| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4341| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4342| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4343| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4344| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4345| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4346| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4347| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
4348| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4349| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
4350| [54012] Apache Tomcat up to 6.0.10 denial of service
4351| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
4352| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
4353| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
4354| [52894] Apache Tomcat up to 6.0.7 information disclosure
4355| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
4356| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4357| [52786] Apache Open For Business Project up to 09.04 cross site scripting
4358| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
4359| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
4360| [52584] Apache CouchDB up to 0.10.1 information disclosure
4361| [51757] Apache HTTP Server 2.0.44 cross site scripting
4362| [51756] Apache HTTP Server 2.0.44 spoofing
4363| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4364| [51690] Apache Tomcat up to 6.0 directory traversal
4365| [51689] Apache Tomcat up to 6.0 information disclosure
4366| [51688] Apache Tomcat up to 6.0 directory traversal
4367| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
4368| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
4369| [50626] Apache Solr 1.0.0 cross site scripting
4370| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4371| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4372| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
4373| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
4374| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
4375| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4376| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
4377| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
4378| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
4379| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
4380| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
4381| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
4382| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
4383| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
4384| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
4385| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
4386| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
4387| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
4388| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
4389| [47214] Apachefriends xampp 1.6.8 spoofing
4390| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
4391| [47162] Apachefriends XAMPP 1.4.4 weak authentication
4392| [47065] Apache Tomcat 4.1.23 cross site scripting
4393| [46834] Apache Tomcat up to 5.5.20 cross site scripting
4394| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
4395| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
4396| [86625] Apache Struts directory traversal
4397| [44461] Apache Tomcat up to 5.5.0 information disclosure
4398| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
4399| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
4400| [43663] Apache Tomcat up to 6.0.16 directory traversal
4401| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
4402| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4403| [43516] Apache Tomcat up to 4.1.20 directory traversal
4404| [43509] Apache Tomcat up to 6.0.13 cross site scripting
4405| [42637] Apache Tomcat up to 6.0.16 cross site scripting
4406| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4407| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
4408| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
4409| [40924] Apache Tomcat up to 6.0.15 information disclosure
4410| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
4411| [40922] Apache Tomcat up to 6.0 information disclosure
4412| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4413| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4414| [40656] Apache Tomcat 5.5.20 information disclosure
4415| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4416| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4417| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4418| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4419| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4420| [40234] Apache Tomcat up to 6.0.15 directory traversal
4421| [40221] Apache HTTP Server 2.2.6 information disclosure
4422| [40027] David Castro Apache Authcas 0.4 sql injection
4423| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
4424| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4425| [3414] Apache Tomcat WebDAV Stored privilege escalation
4426| [39489] Apache Jakarta Slide up to 2.1 directory traversal
4427| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
4428| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
4429| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4430| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
4431| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
4432| [38524] Apache Geronimo 2.0 unknown vulnerability
4433| [3256] Apache Tomcat up to 6.0.13 cross site scripting
4434| [38331] Apache Tomcat 4.1.24 information disclosure
4435| [38330] Apache Tomcat 4.1.24 information disclosure
4436| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
4437| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
4438| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
4439| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
4440| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
4441| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
4442| [37292] Apache Tomcat up to 5.5.1 cross site scripting
4443| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
4444| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4445| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
4446| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
4447| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
4448| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
4449| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
4450| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
4451| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
4452| [36225] XAMPP Apache Distribution 1.6.0a sql injection
4453| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
4454| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
4455| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
4456| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4457| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
4458| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
4459| [34252] Apache HTTP Server denial of service
4460| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
4461| [33877] Apache Opentaps 0.9.3 cross site scripting
4462| [33876] Apache Open For Business Project unknown vulnerability
4463| [33875] Apache Open For Business Project cross site scripting
4464| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
4465| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4466|
4467| MITRE CVE - https://cve.mitre.org:
4468| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
4469| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4470| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4471| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
4472| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4473| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
4474| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4475| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
4476| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
4477| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
4478| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
4479| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
4480| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
4481| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
4482| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
4483| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
4484| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4485| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4486| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
4487| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4488| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4489| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4490| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4491| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4492| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
4493| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4494| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4495| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
4496| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4497| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4498| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4499| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4500| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4501| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
4502| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
4503| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
4504| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
4505| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
4506| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
4507| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
4508| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4509| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4510| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4511| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4512| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4513| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
4514| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
4515| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
4516| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
4517| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4518| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4519| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4520| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4521| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
4522| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4523| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
4524| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
4525| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
4526| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4527| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
4528| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
4529| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
4530| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
4531| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
4532| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4533| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
4534| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4535| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
4536| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
4537| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
4538| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4539| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
4540| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
4541| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4542| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4543| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
4544| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
4545| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4546| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
4547| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
4548| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
4549| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4550| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
4551| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
4552| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4553| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
4554| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
4555| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
4556| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
4557| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
4558| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
4559| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
4560| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
4561| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
4562| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4563| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
4564| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
4565| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
4566| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4567| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
4568| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
4569| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4570| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
4571| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
4572| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
4573| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
4574| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4575| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4576| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
4577| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4578| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
4579| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4580| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
4581| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4582| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4583| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
4584| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
4585| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
4586| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
4587| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
4588| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
4589| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4590| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4591| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4592| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4593| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4594| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
4595| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4596| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
4597| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
4598| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4599| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4600| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4601| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
4602| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
4603| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
4604| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4605| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
4606| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
4607| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
4608| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
4609| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
4610| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
4611| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
4612| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4613| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4614| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4615| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
4616| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4617| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4618| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
4619| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
4620| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
4621| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
4622| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
4623| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4624| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
4625| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
4626| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4627| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4628| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
4629| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4630| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
4631| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4632| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
4633| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4634| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
4635| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
4636| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4637| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
4638| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
4639| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4640| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
4641| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4642| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
4643| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
4644| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
4645| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4646| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
4647| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4648| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
4649| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
4650| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4651| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
4652| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4653| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4654| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4655| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
4656| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
4657| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
4658| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4659| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4660| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4661| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
4662| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4663| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4664| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
4665| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4666| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4667| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
4668| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4669| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4670| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
4671| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4672| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
4673| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4674| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4675| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
4676| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
4677| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4678| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
4679| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
4680| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4681| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
4682| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
4683| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4684| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
4685| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4686| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4687| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
4688| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4689| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4690| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
4691| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4692| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4693| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4694| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
4695| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
4696| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4697| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4698| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
4699| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
4700| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
4701| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
4702| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4703| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
4704| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4705| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
4706| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
4707| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4708| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
4709| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
4710| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
4711| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4712| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4713| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4714| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4715| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4716| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
4717| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
4718| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4719| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
4720| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
4721| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4722| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4723| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
4724| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
4725| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4726| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
4727| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
4728| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
4729| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
4730| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
4731| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4732| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4733| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4734| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
4735| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4736| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
4737| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4738| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
4739| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4740| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4741| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
4742| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4743| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
4744| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
4745| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
4746| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
4747| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4748| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4749| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
4750| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4751| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
4752| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
4753| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
4754| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4755| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4756| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
4757| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
4758| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
4759| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
4760| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4761| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4762| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4763| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
4764| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
4765| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
4766| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4767| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4768| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4769| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4770| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4771| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4772| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4773| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4774| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4775| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4776| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
4777| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
4778| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4779| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4780| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
4781| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
4782| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
4783| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
4784| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
4785| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4786| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
4787| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4788| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
4789| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4790| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
4791| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
4792| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
4793| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4794| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4795| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4796| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
4797| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
4798| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
4799| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
4800| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
4801| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
4802| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
4803| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
4804| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
4805| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
4806| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
4807| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
4808| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4809| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
4810| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4811| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
4812| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4813| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4814| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4815| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4816| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4817| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4818| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
4819| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4820| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4821| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
4822| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4823| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
4824| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
4825| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
4826| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
4827| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
4828| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
4829| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4830| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4831| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
4832| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4833| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4834| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4835| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4836| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4837| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
4838| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
4839| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
4840| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
4841| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
4842| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4843| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4844| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
4845| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4846| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
4847| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
4848| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
4849| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4850| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
4851| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4852| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4853| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4854| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4855| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4856| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4857| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4858| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4859| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4860| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4861| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
4862| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
4863| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4864| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4865| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
4866| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
4867| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
4868| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
4869| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
4870| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
4871| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4872| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
4873| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
4874| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4875| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
4876| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
4877| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
4878| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
4879| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
4880| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4881| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
4882| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
4883| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
4884| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
4885| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4886| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
4887| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
4888| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
4889| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
4890| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4891| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
4892| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
4893| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
4894| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
4895| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4896| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
4897| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
4898| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4899| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
4900| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
4901| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
4902| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
4903| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
4904| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4905| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
4906| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
4907| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
4908| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
4909| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4910| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4911| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
4912| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
4913| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
4914| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
4915| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
4916| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
4917| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4918| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4919| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
4920| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
4921| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4922| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4923| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4924| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
4925| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
4926| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
4927| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
4928| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4929| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
4930| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
4931| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
4932| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
4933| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4934| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4935| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
4936| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
4937| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
4938| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
4939| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
4940| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4941| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
4942| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
4943| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
4944| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4945| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
4946| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
4947| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
4948| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
4949| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
4950| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
4951| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
4952| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
4953| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4954| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
4955| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4956| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4957| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
4958| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
4959| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
4960| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
4961| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4962| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4963| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
4964| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4965| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
4966| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
4967| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
4968| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
4969| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
4970| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
4971| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
4972| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
4973| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
4974| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4975| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
4976| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
4977| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4978| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
4979| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4980| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
4981| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
4982| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
4983| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
4984| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
4985| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
4986| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
4987| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
4988| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
4989| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4990| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
4991| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
4992| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
4993| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
4994| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
4995| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
4996| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
4997| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4998| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
4999| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5000| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5001| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5002| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5003| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5004| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5005| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5006| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5007| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5008| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5009| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5010| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5011| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5012| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5013| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5014| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5015| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5016| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5017| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5018| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5019| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5020| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5021| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5022| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5023| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5024| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5025| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5026| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5027| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5028| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5029| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5030| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5031| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5032| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5033| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5034| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5035| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5036| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5037| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5038| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5039| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5040| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5041| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5042| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5043| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5044| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5045| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5046| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5047| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5048| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5049| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5050| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5051| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5052| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5053| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5054| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5055| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5056| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5057| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5058| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5059| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5060| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5061| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5062| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5063| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5064| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5065| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5066| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5067| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5068| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5069| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5070| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5071| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5072| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5073| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5074| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5075| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5076| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5077|
5078| SecurityFocus - https://www.securityfocus.com/bid/:
5079| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5080| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5081| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5082| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5083| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5084| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5085| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5086| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5087| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5088| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5089| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5090| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5091| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5092| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5093| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5094| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5095| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5096| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5097| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5098| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5099| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5100| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5101| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5102| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5103| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5104| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5105| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5106| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5107| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5108| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5109| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5110| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5111| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5112| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5113| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5114| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5115| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5116| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5117| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5118| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5119| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5120| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5121| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5122| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5123| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5124| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5125| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5126| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5127| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5128| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5129| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5130| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5131| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5132| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5133| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5134| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5135| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5136| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5137| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5138| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5139| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5140| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5141| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5142| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5143| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5144| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5145| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5146| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5147| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5148| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5149| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5150| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5151| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5152| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5153| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5154| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5155| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5156| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5157| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5158| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5159| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5160| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5161| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5162| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5163| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5164| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5165| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5166| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5167| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5168| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5169| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5170| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5171| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5172| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5173| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5174| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5175| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5176| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5177| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5178| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5179| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5180| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5181| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5182| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5183| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5184| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5185| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5186| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5187| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5188| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5189| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5190| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5191| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5192| [100447] Apache2Triad Multiple Security Vulnerabilities
5193| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5194| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5195| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5196| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5197| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5198| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5199| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5200| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5201| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5202| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5203| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5204| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5205| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5206| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5207| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5208| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5209| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5210| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5211| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5212| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5213| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5214| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5215| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5216| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5217| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5218| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5219| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5220| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5221| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5222| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5223| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5224| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5225| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5226| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5227| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5228| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5229| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5230| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5231| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5232| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5233| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5234| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5235| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5236| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5237| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5238| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5239| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5240| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5241| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5242| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5243| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5244| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5245| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5246| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5247| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5248| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5249| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5250| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5251| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5252| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5253| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5254| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5255| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5256| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5257| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5258| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5259| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5260| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5261| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5262| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5263| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5264| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5265| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5266| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5267| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5268| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5269| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5270| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5271| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5272| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5273| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5274| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5275| [95675] Apache Struts Remote Code Execution Vulnerability
5276| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5277| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5278| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5279| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5280| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5281| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5282| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5283| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5284| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5285| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5286| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5287| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5288| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5289| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5290| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5291| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5292| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5293| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5294| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5295| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5296| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5297| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5298| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5299| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5300| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5301| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5302| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5303| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5304| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5305| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5306| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5307| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5308| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5309| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5310| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5311| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5312| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5313| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5314| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5315| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5316| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5317| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5318| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5319| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5320| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5321| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5322| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5323| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5324| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5325| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5326| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5327| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5328| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5329| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5330| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5331| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5332| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5333| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5334| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5335| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5336| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5337| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5338| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5339| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5340| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5341| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5342| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5343| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5344| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5345| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5346| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5347| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
5348| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
5349| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
5350| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
5351| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
5352| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
5353| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
5354| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
5355| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
5356| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
5357| [90482] Apache CVE-2004-1387 Local Security Vulnerability
5358| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
5359| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
5360| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
5361| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
5362| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
5363| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
5364| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
5365| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
5366| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
5367| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
5368| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
5369| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
5370| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
5371| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
5372| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
5373| [86399] Apache CVE-2007-1743 Local Security Vulnerability
5374| [86397] Apache CVE-2007-1742 Local Security Vulnerability
5375| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
5376| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
5377| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
5378| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
5379| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
5380| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
5381| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
5382| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
5383| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
5384| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
5385| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
5386| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
5387| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
5388| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
5389| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
5390| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
5391| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
5392| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
5393| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
5394| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
5395| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
5396| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
5397| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
5398| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
5399| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
5400| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
5401| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
5402| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
5403| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
5404| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
5405| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
5406| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
5407| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
5408| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
5409| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
5410| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
5411| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
5412| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
5413| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
5414| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
5415| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
5416| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
5417| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
5418| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
5419| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
5420| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
5421| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
5422| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
5423| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
5424| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
5425| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
5426| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
5427| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
5428| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
5429| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
5430| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
5431| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
5432| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
5433| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
5434| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
5435| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
5436| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
5437| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
5438| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
5439| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
5440| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
5441| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
5442| [76933] Apache James Server Unspecified Command Execution Vulnerability
5443| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
5444| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
5445| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
5446| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
5447| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
5448| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
5449| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
5450| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
5451| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
5452| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
5453| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
5454| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
5455| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
5456| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
5457| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
5458| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
5459| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
5460| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
5461| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
5462| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
5463| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
5464| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
5465| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
5466| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
5467| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
5468| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
5469| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
5470| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
5471| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
5472| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
5473| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
5474| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
5475| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
5476| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
5477| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
5478| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
5479| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
5480| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
5481| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
5482| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
5483| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
5484| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
5485| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
5486| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
5487| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
5488| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
5489| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
5490| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
5491| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
5492| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
5493| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
5494| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
5495| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
5496| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
5497| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
5498| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
5499| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
5500| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
5501| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
5502| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
5503| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
5504| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
5505| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
5506| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
5507| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
5508| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
5509| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
5510| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
5511| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
5512| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
5513| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
5514| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
5515| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
5516| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
5517| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
5518| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
5519| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
5520| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
5521| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
5522| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
5523| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
5524| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
5525| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
5526| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
5527| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
5528| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
5529| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
5530| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
5531| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
5532| [68229] Apache Harmony PRNG Entropy Weakness
5533| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
5534| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
5535| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
5536| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
5537| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
5538| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
5539| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
5540| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
5541| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
5542| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
5543| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
5544| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
5545| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
5546| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
5547| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
5548| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
5549| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
5550| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
5551| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
5552| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
5553| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
5554| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
5555| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
5556| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
5557| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
5558| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
5559| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
5560| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
5561| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
5562| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
5563| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
5564| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
5565| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
5566| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
5567| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
5568| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
5569| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
5570| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
5571| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
5572| [64780] Apache CloudStack Unauthorized Access Vulnerability
5573| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
5574| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
5575| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
5576| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
5577| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
5578| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
5579| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
5580| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
5581| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
5582| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
5583| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
5584| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5585| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
5586| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
5587| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
5588| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
5589| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
5590| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
5591| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
5592| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
5593| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
5594| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
5595| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
5596| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
5597| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
5598| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
5599| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
5600| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
5601| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5602| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
5603| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
5604| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
5605| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
5606| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5607| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
5608| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
5609| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
5610| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
5611| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
5612| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
5613| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
5614| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
5615| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
5616| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
5617| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
5618| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
5619| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
5620| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
5621| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
5622| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
5623| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
5624| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
5625| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
5626| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
5627| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5628| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
5629| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
5630| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
5631| [59670] Apache VCL Multiple Input Validation Vulnerabilities
5632| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
5633| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
5634| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
5635| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
5636| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
5637| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
5638| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
5639| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
5640| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
5641| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
5642| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
5643| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
5644| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
5645| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
5646| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5647| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
5648| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5649| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
5650| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
5651| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
5652| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
5653| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
5654| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
5655| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
5656| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
5657| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
5658| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
5659| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
5660| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
5661| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
5662| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
5663| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5664| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
5665| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
5666| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
5667| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
5668| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
5669| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
5670| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
5671| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
5672| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
5673| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
5674| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
5675| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
5676| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
5677| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
5678| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
5679| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5680| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
5681| [54798] Apache Libcloud Man In The Middle Vulnerability
5682| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
5683| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
5684| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
5685| [54189] Apache Roller Cross Site Request Forgery Vulnerability
5686| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
5687| [53880] Apache CXF Child Policies Security Bypass Vulnerability
5688| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
5689| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
5690| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
5691| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
5692| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
5693| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5694| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
5695| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5696| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
5697| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
5698| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
5699| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
5700| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
5701| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
5702| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
5703| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
5704| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
5705| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
5706| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
5707| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
5708| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5709| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5710| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5711| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
5712| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
5713| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
5714| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5715| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
5716| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
5717| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5718| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
5719| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
5720| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
5721| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
5722| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5723| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5724| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
5725| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5726| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5727| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
5728| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
5729| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5730| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
5731| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
5732| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5733| [49290] Apache Wicket Cross Site Scripting Vulnerability
5734| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
5735| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
5736| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
5737| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
5738| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
5739| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
5740| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
5741| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5742| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
5743| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
5744| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
5745| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
5746| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
5747| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
5748| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
5749| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
5750| [46953] Apache MPM-ITK Module Security Weakness
5751| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5752| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
5753| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
5754| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
5755| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
5756| [46166] Apache Tomcat JVM Denial of Service Vulnerability
5757| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
5758| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5759| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5760| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
5761| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
5762| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
5763| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
5764| [44616] Apache Shiro Directory Traversal Vulnerability
5765| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
5766| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
5767| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
5768| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
5769| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
5770| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5771| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
5772| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
5773| [42492] Apache CXF XML DTD Processing Security Vulnerability
5774| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
5775| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5776| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5777| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
5778| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
5779| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5780| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
5781| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
5782| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
5783| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5784| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5785| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
5786| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
5787| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
5788| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
5789| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
5790| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
5791| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
5792| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
5793| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
5794| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
5795| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
5796| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
5797| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
5798| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
5799| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
5800| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
5801| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5802| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
5803| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
5804| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5805| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5806| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
5807| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
5808| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
5809| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5810| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
5811| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
5812| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
5813| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
5814| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
5815| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5816| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
5817| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
5818| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
5819| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5820| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
5821| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
5822| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
5823| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5824| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
5825| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
5826| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5827| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
5828| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5829| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5830| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
5831| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5832| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
5833| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
5834| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
5835| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
5836| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
5837| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
5838| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
5839| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
5840| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
5841| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
5842| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
5843| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
5844| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5845| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
5846| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5847| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
5848| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5849| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
5850| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
5851| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
5852| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5853| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
5854| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
5855| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5856| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
5857| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
5858| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
5859| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
5860| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
5861| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5862| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
5863| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
5864| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
5865| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
5866| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
5867| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5868| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5869| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
5870| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
5871| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
5872| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
5873| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
5874| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5875| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
5876| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5877| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
5878| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
5879| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5880| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
5881| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
5882| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
5883| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
5884| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
5885| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
5886| [20527] Apache Mod_TCL Remote Format String Vulnerability
5887| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5888| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
5889| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
5890| [19106] Apache Tomcat Information Disclosure Vulnerability
5891| [18138] Apache James SMTP Denial Of Service Vulnerability
5892| [17342] Apache Struts Multiple Remote Vulnerabilities
5893| [17095] Apache Log4Net Denial Of Service Vulnerability
5894| [16916] Apache mod_python FileSession Code Execution Vulnerability
5895| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
5896| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
5897| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
5898| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
5899| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
5900| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
5901| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
5902| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
5903| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
5904| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
5905| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
5906| [15177] PHP Apache 2 Local Denial of Service Vulnerability
5907| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
5908| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
5909| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
5910| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
5911| [14106] Apache HTTP Request Smuggling Vulnerability
5912| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
5913| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
5914| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
5915| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
5916| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
5917| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
5918| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
5919| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
5920| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
5921| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5922| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
5923| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
5924| [11471] Apache mod_include Local Buffer Overflow Vulnerability
5925| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
5926| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
5927| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5928| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
5929| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5930| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
5931| [11094] Apache mod_ssl Denial Of Service Vulnerability
5932| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
5933| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
5934| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
5935| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
5936| [10478] ClueCentral Apache Suexec Patch Security Weakness
5937| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
5938| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
5939| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
5940| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
5941| [9921] Apache Connection Blocking Denial Of Service Vulnerability
5942| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
5943| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
5944| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
5945| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
5946| [9733] Apache Cygwin Directory Traversal Vulnerability
5947| [9599] Apache mod_php Global Variables Information Disclosure Weakness
5948| [9590] Apache-SSL Client Certificate Forging Vulnerability
5949| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
5950| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
5951| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
5952| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
5953| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
5954| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5955| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
5956| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5957| [8898] Red Hat Apache Directory Index Default Configuration Error
5958| [8883] Apache Cocoon Directory Traversal Vulnerability
5959| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
5960| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
5961| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
5962| [8707] Apache htpasswd Password Entropy Weakness
5963| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
5964| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
5965| [8226] Apache HTTP Server Multiple Vulnerabilities
5966| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5967| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5968| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5969| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5970| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5971| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
5972| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
5973| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
5974| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
5975| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
5976| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5977| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5978| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5979| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5980| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5981| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
5982| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
5983| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
5984| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5985| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5986| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5987| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5988| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
5989| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
5990| [6117] Apache mod_php File Descriptor Leakage Vulnerability
5991| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
5992| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
5993| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
5994| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
5995| [5992] Apache HTDigest Insecure Temporary File Vulnerability
5996| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
5997| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
5998| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
5999| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6000| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6001| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6002| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6003| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6004| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6005| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6006| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6007| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6008| [5485] Apache 2.0 Path Disclosure Vulnerability
6009| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6010| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6011| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6012| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6013| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6014| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6015| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6016| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6017| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6018| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6019| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6020| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6021| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6022| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6023| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6024| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6025| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6026| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6027| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6028| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6029| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6030| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6031| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6032| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6033| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6034| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6035| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6036| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6037| [3596] Apache Split-Logfile File Append Vulnerability
6038| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6039| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6040| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6041| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6042| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6043| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6044| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6045| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6046| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6047| [3169] Apache Server Address Disclosure Vulnerability
6048| [3009] Apache Possible Directory Index Disclosure Vulnerability
6049| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6050| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6051| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6052| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6053| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6054| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6055| [2216] Apache Web Server DoS Vulnerability
6056| [2182] Apache /tmp File Race Vulnerability
6057| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6058| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6059| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6060| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6061| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6062| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6063| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6064| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6065| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6066| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6067| [1457] Apache::ASP source.asp Example Script Vulnerability
6068| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6069| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6070|
6071| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6072| [86258] Apache CloudStack text fields cross-site scripting
6073| [85983] Apache Subversion mod_dav_svn module denial of service
6074| [85875] Apache OFBiz UEL code execution
6075| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6076| [85871] Apache HTTP Server mod_session_dbd unspecified
6077| [85756] Apache Struts OGNL expression command execution
6078| [85755] Apache Struts DefaultActionMapper class open redirect
6079| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6080| [85574] Apache HTTP Server mod_dav denial of service
6081| [85573] Apache Struts Showcase App OGNL code execution
6082| [85496] Apache CXF denial of service
6083| [85423] Apache Geronimo RMI classloader code execution
6084| [85326] Apache Santuario XML Security for C++ buffer overflow
6085| [85323] Apache Santuario XML Security for Java spoofing
6086| [85319] Apache Qpid Python client SSL spoofing
6087| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6088| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6089| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6090| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6091| [84952] Apache Tomcat CVE-2012-3544 denial of service
6092| [84763] Apache Struts CVE-2013-2135 security bypass
6093| [84762] Apache Struts CVE-2013-2134 security bypass
6094| [84719] Apache Subversion CVE-2013-2088 command execution
6095| [84718] Apache Subversion CVE-2013-2112 denial of service
6096| [84717] Apache Subversion CVE-2013-1968 denial of service
6097| [84577] Apache Tomcat security bypass
6098| [84576] Apache Tomcat symlink
6099| [84543] Apache Struts CVE-2013-2115 security bypass
6100| [84542] Apache Struts CVE-2013-1966 security bypass
6101| [84154] Apache Tomcat session hijacking
6102| [84144] Apache Tomcat denial of service
6103| [84143] Apache Tomcat information disclosure
6104| [84111] Apache HTTP Server command execution
6105| [84043] Apache Virtual Computing Lab cross-site scripting
6106| [84042] Apache Virtual Computing Lab cross-site scripting
6107| [83782] Apache CloudStack information disclosure
6108| [83781] Apache CloudStack security bypass
6109| [83720] Apache ActiveMQ cross-site scripting
6110| [83719] Apache ActiveMQ denial of service
6111| [83718] Apache ActiveMQ denial of service
6112| [83263] Apache Subversion denial of service
6113| [83262] Apache Subversion denial of service
6114| [83261] Apache Subversion denial of service
6115| [83259] Apache Subversion denial of service
6116| [83035] Apache mod_ruid2 security bypass
6117| [82852] Apache Qpid federation_tag security bypass
6118| [82851] Apache Qpid qpid::framing::Buffer denial of service
6119| [82758] Apache Rave User RPC API information disclosure
6120| [82663] Apache Subversion svn_fs_file_length() denial of service
6121| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6122| [82641] Apache Qpid AMQP denial of service
6123| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6124| [82618] Apache Commons FileUpload symlink
6125| [82360] Apache HTTP Server manager interface cross-site scripting
6126| [82359] Apache HTTP Server hostnames cross-site scripting
6127| [82338] Apache Tomcat log/logdir information disclosure
6128| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6129| [82268] Apache OpenJPA deserialization command execution
6130| [81981] Apache CXF UsernameTokens security bypass
6131| [81980] Apache CXF WS-Security security bypass
6132| [81398] Apache OFBiz cross-site scripting
6133| [81240] Apache CouchDB directory traversal
6134| [81226] Apache CouchDB JSONP code execution
6135| [81225] Apache CouchDB Futon user interface cross-site scripting
6136| [81211] Apache Axis2/C SSL spoofing
6137| [81167] Apache CloudStack DeployVM information disclosure
6138| [81166] Apache CloudStack AddHost API information disclosure
6139| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6140| [80518] Apache Tomcat cross-site request forgery security bypass
6141| [80517] Apache Tomcat FormAuthenticator security bypass
6142| [80516] Apache Tomcat NIO denial of service
6143| [80408] Apache Tomcat replay-countermeasure security bypass
6144| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6145| [80317] Apache Tomcat slowloris denial of service
6146| [79984] Apache Commons HttpClient SSL spoofing
6147| [79983] Apache CXF SSL spoofing
6148| [79830] Apache Axis2/Java SSL spoofing
6149| [79829] Apache Axis SSL spoofing
6150| [79809] Apache Tomcat DIGEST security bypass
6151| [79806] Apache Tomcat parseHeaders() denial of service
6152| [79540] Apache OFBiz unspecified
6153| [79487] Apache Axis2 SAML security bypass
6154| [79212] Apache Cloudstack code execution
6155| [78734] Apache CXF SOAP Action security bypass
6156| [78730] Apache Qpid broker denial of service
6157| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6158| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6159| [78562] Apache mod_pagespeed module security bypass
6160| [78454] Apache Axis2 security bypass
6161| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6162| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6163| [78321] Apache Wicket unspecified cross-site scripting
6164| [78183] Apache Struts parameters denial of service
6165| [78182] Apache Struts cross-site request forgery
6166| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6167| [77987] mod_rpaf module for Apache denial of service
6168| [77958] Apache Struts skill name code execution
6169| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6170| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6171| [77568] Apache Qpid broker security bypass
6172| [77421] Apache Libcloud spoofing
6173| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6174| [77046] Oracle Solaris Apache HTTP Server information disclosure
6175| [76837] Apache Hadoop information disclosure
6176| [76802] Apache Sling CopyFrom denial of service
6177| [76692] Apache Hadoop symlink
6178| [76535] Apache Roller console cross-site request forgery
6179| [76534] Apache Roller weblog cross-site scripting
6180| [76152] Apache CXF elements security bypass
6181| [76151] Apache CXF child policies security bypass
6182| [75983] MapServer for Windows Apache file include
6183| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6184| [75558] Apache POI denial of service
6185| [75545] PHP apache_request_headers() buffer overflow
6186| [75302] Apache Qpid SASL security bypass
6187| [75211] Debian GNU/Linux apache 2 cross-site scripting
6188| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6189| [74871] Apache OFBiz FlexibleStringExpander code execution
6190| [74870] Apache OFBiz multiple cross-site scripting
6191| [74750] Apache Hadoop unspecified spoofing
6192| [74319] Apache Struts XSLTResult.java file upload
6193| [74313] Apache Traffic Server header buffer overflow
6194| [74276] Apache Wicket directory traversal
6195| [74273] Apache Wicket unspecified cross-site scripting
6196| [74181] Apache HTTP Server mod_fcgid module denial of service
6197| [73690] Apache Struts OGNL code execution
6198| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6199| [73100] Apache MyFaces in directory traversal
6200| [73096] Apache APR hash denial of service
6201| [73052] Apache Struts name cross-site scripting
6202| [73030] Apache CXF UsernameToken security bypass
6203| [72888] Apache Struts lastName cross-site scripting
6204| [72758] Apache HTTP Server httpOnly information disclosure
6205| [72757] Apache HTTP Server MPM denial of service
6206| [72585] Apache Struts ParameterInterceptor security bypass
6207| [72438] Apache Tomcat Digest security bypass
6208| [72437] Apache Tomcat Digest security bypass
6209| [72436] Apache Tomcat DIGEST security bypass
6210| [72425] Apache Tomcat parameter denial of service
6211| [72422] Apache Tomcat request object information disclosure
6212| [72377] Apache HTTP Server scoreboard security bypass
6213| [72345] Apache HTTP Server HTTP request denial of service
6214| [72229] Apache Struts ExceptionDelegator command execution
6215| [72089] Apache Struts ParameterInterceptor directory traversal
6216| [72088] Apache Struts CookieInterceptor command execution
6217| [72047] Apache Geronimo hash denial of service
6218| [72016] Apache Tomcat hash denial of service
6219| [71711] Apache Struts OGNL expression code execution
6220| [71654] Apache Struts interfaces security bypass
6221| [71620] Apache ActiveMQ failover denial of service
6222| [71617] Apache HTTP Server mod_proxy module information disclosure
6223| [71508] Apache MyFaces EL security bypass
6224| [71445] Apache HTTP Server mod_proxy security bypass
6225| [71203] Apache Tomcat servlets privilege escalation
6226| [71181] Apache HTTP Server ap_pregsub() denial of service
6227| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6228| [70336] Apache HTTP Server mod_proxy information disclosure
6229| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6230| [69472] Apache Tomcat AJP security bypass
6231| [69396] Apache HTTP Server ByteRange filter denial of service
6232| [69394] Apache Wicket multi window support cross-site scripting
6233| [69176] Apache Tomcat XML information disclosure
6234| [69161] Apache Tomcat jsvc information disclosure
6235| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6236| [68541] Apache Tomcat sendfile information disclosure
6237| [68420] Apache XML Security denial of service
6238| [68238] Apache Tomcat JMX information disclosure
6239| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6240| [67804] Apache Subversion control rules information disclosure
6241| [67803] Apache Subversion control rules denial of service
6242| [67802] Apache Subversion baselined denial of service
6243| [67672] Apache Archiva multiple cross-site scripting
6244| [67671] Apache Archiva multiple cross-site request forgery
6245| [67564] Apache APR apr_fnmatch() denial of service
6246| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6247| [67515] Apache Tomcat annotations security bypass
6248| [67480] Apache Struts s:submit information disclosure
6249| [67414] Apache APR apr_fnmatch() denial of service
6250| [67356] Apache Struts javatemplates cross-site scripting
6251| [67354] Apache Struts Xwork cross-site scripting
6252| [66676] Apache Tomcat HTTP BIO information disclosure
6253| [66675] Apache Tomcat web.xml security bypass
6254| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6255| [66241] Apache HttpComponents information disclosure
6256| [66154] Apache Tomcat ServletSecurity security bypass
6257| [65971] Apache Tomcat ServletSecurity security bypass
6258| [65876] Apache Subversion mod_dav_svn denial of service
6259| [65343] Apache Continuum unspecified cross-site scripting
6260| [65162] Apache Tomcat NIO connector denial of service
6261| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6262| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6263| [65159] Apache Tomcat ServletContect security bypass
6264| [65050] Apache CouchDB web-based administration UI cross-site scripting
6265| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6266| [64473] Apache Subversion blame -g denial of service
6267| [64472] Apache Subversion walk() denial of service
6268| [64407] Apache Axis2 CVE-2010-0219 code execution
6269| [63926] Apache Archiva password privilege escalation
6270| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6271| [63493] Apache Archiva credentials cross-site request forgery
6272| [63477] Apache Tomcat HttpOnly session hijacking
6273| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6274| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6275| [62959] Apache Shiro filters security bypass
6276| [62790] Apache Perl cgi module denial of service
6277| [62576] Apache Qpid exchange denial of service
6278| [62575] Apache Qpid AMQP denial of service
6279| [62354] Apache Qpid SSL denial of service
6280| [62235] Apache APR-util apr_brigade_split_line() denial of service
6281| [62181] Apache XML-RPC SAX Parser information disclosure
6282| [61721] Apache Traffic Server cache poisoning
6283| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6284| [61186] Apache CouchDB Futon cross-site request forgery
6285| [61169] Apache CXF DTD denial of service
6286| [61070] Apache Jackrabbit search.jsp SQL injection
6287| [61006] Apache SLMS Quoting cross-site request forgery
6288| [60962] Apache Tomcat time cross-site scripting
6289| [60883] Apache mod_proxy_http information disclosure
6290| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6291| [60264] Apache Tomcat Transfer-Encoding denial of service
6292| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6293| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6294| [59413] Apache mod_proxy_http timeout information disclosure
6295| [59058] Apache MyFaces unencrypted view state cross-site scripting
6296| [58827] Apache Axis2 xsd file include
6297| [58790] Apache Axis2 modules cross-site scripting
6298| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6299| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6300| [58056] Apache ActiveMQ .jsp source code disclosure
6301| [58055] Apache Tomcat realm name information disclosure
6302| [58046] Apache HTTP Server mod_auth_shadow security bypass
6303| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6304| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6305| [57429] Apache CouchDB algorithms information disclosure
6306| [57398] Apache ActiveMQ Web console cross-site request forgery
6307| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6308| [56653] Apache HTTP Server DNS spoofing
6309| [56652] Apache HTTP Server DNS cross-site scripting
6310| [56625] Apache HTTP Server request header information disclosure
6311| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6312| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6313| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6314| [55857] Apache Tomcat WAR files directory traversal
6315| [55856] Apache Tomcat autoDeploy attribute security bypass
6316| [55855] Apache Tomcat WAR directory traversal
6317| [55210] Intuit component for Joomla! Apache information disclosure
6318| [54533] Apache Tomcat 404 error page cross-site scripting
6319| [54182] Apache Tomcat admin default password
6320| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6321| [53666] Apache HTTP Server Solaris pollset support denial of service
6322| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6323| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6324| [53041] mod_proxy_ftp module for Apache denial of service
6325| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6326| [51953] Apache Tomcat Path Disclosure
6327| [51952] Apache Tomcat Path Traversal
6328| [51951] Apache stronghold-status Information Disclosure
6329| [51950] Apache stronghold-info Information Disclosure
6330| [51949] Apache PHP Source Code Disclosure
6331| [51948] Apache Multiviews Attack
6332| [51946] Apache JServ Environment Status Information Disclosure
6333| [51945] Apache error_log Information Disclosure
6334| [51944] Apache Default Installation Page Pattern Found
6335| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6336| [51942] Apache AXIS XML External Entity File Retrieval
6337| [51941] Apache AXIS Sample Servlet Information Leak
6338| [51940] Apache access_log Information Disclosure
6339| [51626] Apache mod_deflate denial of service
6340| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6341| [51365] Apache Tomcat RequestDispatcher security bypass
6342| [51273] Apache HTTP Server Incomplete Request denial of service
6343| [51195] Apache Tomcat XML information disclosure
6344| [50994] Apache APR-util xml/apr_xml.c denial of service
6345| [50993] Apache APR-util apr_brigade_vprintf denial of service
6346| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6347| [50930] Apache Tomcat j_security_check information disclosure
6348| [50928] Apache Tomcat AJP denial of service
6349| [50884] Apache HTTP Server XML ENTITY denial of service
6350| [50808] Apache HTTP Server AllowOverride privilege escalation
6351| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
6352| [50059] Apache mod_proxy_ajp information disclosure
6353| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
6354| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
6355| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
6356| [49921] Apache ActiveMQ Web interface cross-site scripting
6357| [49898] Apache Geronimo Services/Repository directory traversal
6358| [49725] Apache Tomcat mod_jk module information disclosure
6359| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
6360| [49712] Apache Struts unspecified cross-site scripting
6361| [49213] Apache Tomcat cal2.jsp cross-site scripting
6362| [48934] Apache Tomcat POST doRead method information disclosure
6363| [48211] Apache Tomcat header HTTP request smuggling
6364| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
6365| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
6366| [47709] Apache Roller "
6367| [47104] Novell Netware ApacheAdmin console security bypass
6368| [47086] Apache HTTP Server OS fingerprinting unspecified
6369| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
6370| [45791] Apache Tomcat RemoteFilterValve security bypass
6371| [44435] Oracle WebLogic Apache Connector buffer overflow
6372| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
6373| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
6374| [44156] Apache Tomcat RequestDispatcher directory traversal
6375| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
6376| [43885] Oracle WebLogic Server Apache Connector buffer overflow
6377| [42987] Apache HTTP Server mod_proxy module denial of service
6378| [42915] Apache Tomcat JSP files path disclosure
6379| [42914] Apache Tomcat MS-DOS path disclosure
6380| [42892] Apache Tomcat unspecified unauthorized access
6381| [42816] Apache Tomcat Host Manager cross-site scripting
6382| [42303] Apache 403 error cross-site scripting
6383| [41618] Apache-SSL ExpandCert() authentication bypass
6384| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
6385| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
6386| [40614] Apache mod_jk2 HTTP Host header buffer overflow
6387| [40562] Apache Geronimo init information disclosure
6388| [40478] Novell Web Manager webadmin-apache.conf security bypass
6389| [40411] Apache Tomcat exception handling information disclosure
6390| [40409] Apache Tomcat native (APR based) connector weak security
6391| [40403] Apache Tomcat quotes and %5C cookie information disclosure
6392| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
6393| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
6394| [39867] Apache HTTP Server mod_negotiation cross-site scripting
6395| [39804] Apache Tomcat SingleSignOn information disclosure
6396| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
6397| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
6398| [39608] Apache HTTP Server balancer manager cross-site request forgery
6399| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
6400| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
6401| [39472] Apache HTTP Server mod_status cross-site scripting
6402| [39201] Apache Tomcat JULI logging weak security
6403| [39158] Apache HTTP Server Windows SMB shares information disclosure
6404| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
6405| [38951] Apache::AuthCAS Perl module cookie SQL injection
6406| [38800] Apache HTTP Server 413 error page cross-site scripting
6407| [38211] Apache Geronimo SQLLoginModule authentication bypass
6408| [37243] Apache Tomcat WebDAV directory traversal
6409| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
6410| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
6411| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
6412| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
6413| [36782] Apache Geronimo MEJB unauthorized access
6414| [36586] Apache HTTP Server UTF-7 cross-site scripting
6415| [36468] Apache Geronimo LoginModule security bypass
6416| [36467] Apache Tomcat functions.jsp cross-site scripting
6417| [36402] Apache Tomcat calendar cross-site request forgery
6418| [36354] Apache HTTP Server mod_proxy module denial of service
6419| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
6420| [36336] Apache Derby lock table privilege escalation
6421| [36335] Apache Derby schema privilege escalation
6422| [36006] Apache Tomcat "
6423| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
6424| [35999] Apache Tomcat \"
6425| [35795] Apache Tomcat CookieExample cross-site scripting
6426| [35536] Apache Tomcat SendMailServlet example cross-site scripting
6427| [35384] Apache HTTP Server mod_cache module denial of service
6428| [35097] Apache HTTP Server mod_status module cross-site scripting
6429| [35095] Apache HTTP Server Prefork MPM module denial of service
6430| [34984] Apache HTTP Server recall_headers information disclosure
6431| [34966] Apache HTTP Server MPM content spoofing
6432| [34965] Apache HTTP Server MPM information disclosure
6433| [34963] Apache HTTP Server MPM multiple denial of service
6434| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
6435| [34869] Apache Tomcat JSP example Web application cross-site scripting
6436| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
6437| [34496] Apache Tomcat JK Connector security bypass
6438| [34377] Apache Tomcat hello.jsp cross-site scripting
6439| [34212] Apache Tomcat SSL configuration security bypass
6440| [34210] Apache Tomcat Accept-Language cross-site scripting
6441| [34209] Apache Tomcat calendar application cross-site scripting
6442| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
6443| [34167] Apache Axis WSDL file path disclosure
6444| [34068] Apache Tomcat AJP connector information disclosure
6445| [33584] Apache HTTP Server suEXEC privilege escalation
6446| [32988] Apache Tomcat proxy module directory traversal
6447| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
6448| [32708] Debian Apache tty privilege escalation
6449| [32441] ApacheStats extract() PHP call unspecified
6450| [32128] Apache Tomcat default account
6451| [31680] Apache Tomcat RequestParamExample cross-site scripting
6452| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
6453| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
6454| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
6455| [30456] Apache mod_auth_kerb off-by-one buffer overflow
6456| [29550] Apache mod_tcl set_var() format string
6457| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
6458| [28357] Apache HTTP Server mod_alias script source information disclosure
6459| [28063] Apache mod_rewrite off-by-one buffer overflow
6460| [27902] Apache Tomcat URL information disclosure
6461| [26786] Apache James SMTP server denial of service
6462| [25680] libapache2 /tmp/svn file upload
6463| [25614] Apache Struts lookupMap cross-site scripting
6464| [25613] Apache Struts ActionForm denial of service
6465| [25612] Apache Struts isCancelled() security bypass
6466| [24965] Apache mod_python FileSession command execution
6467| [24716] Apache James spooler memory leak denial of service
6468| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
6469| [24158] Apache Geronimo jsp-examples cross-site scripting
6470| [24030] Apache auth_ldap module multiple format strings
6471| [24008] Apache mod_ssl custom error message denial of service
6472| [24003] Apache mod_auth_pgsql module multiple syslog format strings
6473| [23612] Apache mod_imap referer field cross-site scripting
6474| [23173] Apache Struts error message cross-site scripting
6475| [22942] Apache Tomcat directory listing denial of service
6476| [22858] Apache Multi-Processing Module code allows denial of service
6477| [22602] RHSA-2005:582 updates for Apache httpd not installed
6478| [22520] Apache mod-auth-shadow "
6479| [22466] ApacheTop symlink
6480| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
6481| [22006] Apache HTTP Server byte-range filter denial of service
6482| [21567] Apache mod_ssl off-by-one buffer overflow
6483| [21195] Apache HTTP Server header HTTP request smuggling
6484| [20383] Apache HTTP Server htdigest buffer overflow
6485| [19681] Apache Tomcat AJP12 request denial of service
6486| [18993] Apache HTTP server check_forensic symlink attack
6487| [18790] Apache Tomcat Manager cross-site scripting
6488| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
6489| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
6490| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
6491| [17961] Apache Web server ServerTokens has not been set
6492| [17930] Apache HTTP Server HTTP GET request denial of service
6493| [17785] Apache mod_include module buffer overflow
6494| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
6495| [17473] Apache HTTP Server Satisfy directive allows access to resources
6496| [17413] Apache htpasswd buffer overflow
6497| [17384] Apache HTTP Server environment variable configuration file buffer overflow
6498| [17382] Apache HTTP Server IPv6 apr_util denial of service
6499| [17366] Apache HTTP Server mod_dav module LOCK denial of service
6500| [17273] Apache HTTP Server speculative mode denial of service
6501| [17200] Apache HTTP Server mod_ssl denial of service
6502| [16890] Apache HTTP Server server-info request has been detected
6503| [16889] Apache HTTP Server server-status request has been detected
6504| [16705] Apache mod_ssl format string attack
6505| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
6506| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
6507| [16230] Apache HTTP Server PHP denial of service
6508| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
6509| [15958] Apache HTTP Server authentication modules memory corruption
6510| [15547] Apache HTTP Server mod_disk_cache local information disclosure
6511| [15540] Apache HTTP Server socket starvation denial of service
6512| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
6513| [15422] Apache HTTP Server mod_access information disclosure
6514| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
6515| [15293] Apache for Cygwin "
6516| [15065] Apache-SSL has a default password
6517| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
6518| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
6519| [14751] Apache Mod_python output filter information disclosure
6520| [14125] Apache HTTP Server mod_userdir module information disclosure
6521| [14075] Apache HTTP Server mod_php file descriptor leak
6522| [13703] Apache HTTP Server account
6523| [13689] Apache HTTP Server configuration allows symlinks
6524| [13688] Apache HTTP Server configuration allows SSI
6525| [13687] Apache HTTP Server Server: header value
6526| [13685] Apache HTTP Server ServerTokens value
6527| [13684] Apache HTTP Server ServerSignature value
6528| [13672] Apache HTTP Server config allows directory autoindexing
6529| [13671] Apache HTTP Server default content
6530| [13670] Apache HTTP Server config file directive references outside content root
6531| [13668] Apache HTTP Server httpd not running in chroot environment
6532| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
6533| [13664] Apache HTTP Server config file contains ScriptAlias entry
6534| [13663] Apache HTTP Server CGI support modules loaded
6535| [13661] Apache HTTP Server config file contains AddHandler entry
6536| [13660] Apache HTTP Server 500 error page not CGI script
6537| [13659] Apache HTTP Server 413 error page not CGI script
6538| [13658] Apache HTTP Server 403 error page not CGI script
6539| [13657] Apache HTTP Server 401 error page not CGI script
6540| [13552] Apache HTTP Server mod_cgid module information disclosure
6541| [13550] Apache GET request directory traversal
6542| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
6543| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
6544| [13429] Apache Tomcat non-HTTP request denial of service
6545| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
6546| [13295] Apache weak password encryption
6547| [13254] Apache Tomcat .jsp cross-site scripting
6548| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
6549| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
6550| [12681] Apache HTTP Server mod_proxy could allow mail relaying
6551| [12662] Apache HTTP Server rotatelogs denial of service
6552| [12554] Apache Tomcat stores password in plain text
6553| [12553] Apache HTTP Server redirects and subrequests denial of service
6554| [12552] Apache HTTP Server FTP proxy server denial of service
6555| [12551] Apache HTTP Server prefork MPM denial of service
6556| [12550] Apache HTTP Server weaker than expected encryption
6557| [12549] Apache HTTP Server type-map file denial of service
6558| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
6559| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
6560| [12091] Apache HTTP Server apr_password_validate denial of service
6561| [12090] Apache HTTP Server apr_psprintf code execution
6562| [11804] Apache HTTP Server mod_access_referer denial of service
6563| [11750] Apache HTTP Server could leak sensitive file descriptors
6564| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
6565| [11703] Apache long slash path allows directory listing
6566| [11695] Apache HTTP Server LF (Line Feed) denial of service
6567| [11694] Apache HTTP Server filestat.c denial of service
6568| [11438] Apache HTTP Server MIME message boundaries information disclosure
6569| [11412] Apache HTTP Server error log terminal escape sequence injection
6570| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
6571| [11195] Apache Tomcat web.xml could be used to read files
6572| [11194] Apache Tomcat URL appended with a null character could list directories
6573| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
6574| [11126] Apache HTTP Server illegal character file disclosure
6575| [11125] Apache HTTP Server DOS device name HTTP POST code execution
6576| [11124] Apache HTTP Server DOS device name denial of service
6577| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
6578| [10938] Apache HTTP Server printenv test CGI cross-site scripting
6579| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
6580| [10575] Apache mod_php module could allow an attacker to take over the httpd process
6581| [10499] Apache HTTP Server WebDAV HTTP POST view source
6582| [10457] Apache HTTP Server mod_ssl "
6583| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
6584| [10414] Apache HTTP Server htdigest multiple buffer overflows
6585| [10413] Apache HTTP Server htdigest temporary file race condition
6586| [10412] Apache HTTP Server htpasswd temporary file race condition
6587| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
6588| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
6589| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
6590| [10280] Apache HTTP Server shared memory scorecard overwrite
6591| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
6592| [10241] Apache HTTP Server Host: header cross-site scripting
6593| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
6594| [10208] Apache HTTP Server mod_dav denial of service
6595| [10206] HP VVOS Apache mod_ssl denial of service
6596| [10200] Apache HTTP Server stderr denial of service
6597| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
6598| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
6599| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
6600| [10098] Slapper worm targets OpenSSL/Apache systems
6601| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
6602| [9875] Apache HTTP Server .var file request could disclose installation path
6603| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
6604| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
6605| [9623] Apache HTTP Server ap_log_rerror() path disclosure
6606| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
6607| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
6608| [9396] Apache Tomcat null character to threads denial of service
6609| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
6610| [9249] Apache HTTP Server chunked encoding heap buffer overflow
6611| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
6612| [8932] Apache Tomcat example class information disclosure
6613| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
6614| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
6615| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
6616| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
6617| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
6618| [8400] Apache HTTP Server mod_frontpage buffer overflows
6619| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
6620| [8308] Apache "
6621| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
6622| [8119] Apache and PHP OPTIONS request reveals "
6623| [8054] Apache is running on the system
6624| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
6625| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
6626| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
6627| [7836] Apache HTTP Server log directory denial of service
6628| [7815] Apache for Windows "
6629| [7810] Apache HTTP request could result in unexpected behavior
6630| [7599] Apache Tomcat reveals installation path
6631| [7494] Apache "
6632| [7419] Apache Web Server could allow remote attackers to overwrite .log files
6633| [7363] Apache Web Server hidden HTTP requests
6634| [7249] Apache mod_proxy denial of service
6635| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
6636| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
6637| [7059] Apache "
6638| [7057] Apache "
6639| [7056] Apache "
6640| [7055] Apache "
6641| [7054] Apache "
6642| [6997] Apache Jakarta Tomcat error message may reveal information
6643| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
6644| [6970] Apache crafted HTTP request could reveal the internal IP address
6645| [6921] Apache long slash path allows directory listing
6646| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
6647| [6527] Apache Web Server for Windows and OS2 denial of service
6648| [6316] Apache Jakarta Tomcat may reveal JSP source code
6649| [6305] Apache Jakarta Tomcat directory traversal
6650| [5926] Linux Apache symbolic link
6651| [5659] Apache Web server discloses files when used with php script
6652| [5310] Apache mod_rewrite allows attacker to view arbitrary files
6653| [5204] Apache WebDAV directory listings
6654| [5197] Apache Web server reveals CGI script source code
6655| [5160] Apache Jakarta Tomcat default installation
6656| [5099] Trustix Secure Linux installs Apache with world writable access
6657| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
6658| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
6659| [4931] Apache source.asp example file allows users to write to files
6660| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
6661| [4205] Apache Jakarta Tomcat delivers file contents
6662| [2084] Apache on Debian by default serves the /usr/doc directory
6663| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
6664| [697] Apache HTTP server beck exploit
6665| [331] Apache cookies buffer overflow
6666|
6667| Exploit-DB - https://www.exploit-db.com:
6668| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
6669| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6670| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6671| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
6672| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
6673| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
6674| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
6675| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
6676| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
6677| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6678| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
6679| [29859] Apache Roller OGNL Injection
6680| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
6681| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
6682| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
6683| [29290] Apache / PHP 5.x Remote Code Execution Exploit
6684| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
6685| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
6686| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
6687| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
6688| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
6689| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
6690| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
6691| [27096] Apache Geronimo 1.0 Error Page XSS
6692| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
6693| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
6694| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
6695| [25986] Plesk Apache Zeroday Remote Exploit
6696| [25980] Apache Struts includeParams Remote Code Execution
6697| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
6698| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
6699| [24874] Apache Struts ParametersInterceptor Remote Code Execution
6700| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
6701| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
6702| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
6703| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
6704| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
6705| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
6706| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
6707| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
6708| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
6709| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
6710| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
6711| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
6712| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
6713| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
6714| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
6715| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
6716| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6717| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
6718| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
6719| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6720| [21719] Apache 2.0 Path Disclosure Vulnerability
6721| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6722| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
6723| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
6724| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
6725| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
6726| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
6727| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
6728| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
6729| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
6730| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
6731| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
6732| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6733| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6734| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
6735| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6736| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6737| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6738| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6739| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6740| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6741| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6742| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6743| [20558] Apache 1.2 Web Server DoS Vulnerability
6744| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
6745| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6746| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6747| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6748| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6749| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6750| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6751| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
6752| [19231] PHP apache_request_headers Function Buffer Overflow
6753| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6754| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6755| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6756| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6757| [18442] Apache httpOnly Cookie Disclosure
6758| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6759| [18221] Apache HTTP Server Denial of Service
6760| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6761| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6762| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6763| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6764| [16782] Apache Win32 Chunked Encoding
6765| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6766| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6767| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6768| [15319] Apache 2.2 (Windows) Local Denial of Service
6769| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6770| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6771| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6772| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6773| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6774| [12330] Apache OFBiz - Multiple XSS
6775| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6776| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6777| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6778| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6779| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6780| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6781| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6782| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6783| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6784| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6785| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6786| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6787| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6788| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6789| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6790| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6791| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6792| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6793| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6794| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6795| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6796| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6797| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6798| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6799| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6800| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6801| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6802| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
6803| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
6804| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
6805| [466] htpasswd Apache 1.3.31 - Local Exploit
6806| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
6807| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
6808| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
6809| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
6810| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
6811| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
6812| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
6813| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
6814| [9] Apache HTTP Server 2.x Memory Leak Exploit
6815|
6816| OpenVAS (Nessus) - http://www.openvas.org:
6817| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
6818| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
6819| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6820| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
6821| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
6822| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6823| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6824| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
6825| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
6826| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
6827| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
6828| [900571] Apache APR-Utils Version Detection
6829| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
6830| [900496] Apache Tiles Multiple XSS Vulnerability
6831| [900493] Apache Tiles Version Detection
6832| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
6833| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
6834| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
6835| [870175] RedHat Update for apache RHSA-2008:0004-01
6836| [864591] Fedora Update for apache-poi FEDORA-2012-10835
6837| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
6838| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
6839| [864250] Fedora Update for apache-poi FEDORA-2012-7683
6840| [864249] Fedora Update for apache-poi FEDORA-2012-7686
6841| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
6842| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
6843| [855821] Solaris Update for Apache 1.3 122912-19
6844| [855812] Solaris Update for Apache 1.3 122911-19
6845| [855737] Solaris Update for Apache 1.3 122911-17
6846| [855731] Solaris Update for Apache 1.3 122912-17
6847| [855695] Solaris Update for Apache 1.3 122911-16
6848| [855645] Solaris Update for Apache 1.3 122912-16
6849| [855587] Solaris Update for kernel update and Apache 108529-29
6850| [855566] Solaris Update for Apache 116973-07
6851| [855531] Solaris Update for Apache 116974-07
6852| [855524] Solaris Update for Apache 2 120544-14
6853| [855494] Solaris Update for Apache 1.3 122911-15
6854| [855478] Solaris Update for Apache Security 114145-11
6855| [855472] Solaris Update for Apache Security 113146-12
6856| [855179] Solaris Update for Apache 1.3 122912-15
6857| [855147] Solaris Update for kernel update and Apache 108528-29
6858| [855077] Solaris Update for Apache 2 120543-14
6859| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
6860| [850088] SuSE Update for apache2 SUSE-SA:2007:061
6861| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
6862| [841209] Ubuntu Update for apache2 USN-1627-1
6863| [840900] Ubuntu Update for apache2 USN-1368-1
6864| [840798] Ubuntu Update for apache2 USN-1259-1
6865| [840734] Ubuntu Update for apache2 USN-1199-1
6866| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
6867| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
6868| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
6869| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
6870| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
6871| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
6872| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
6873| [835253] HP-UX Update for Apache Web Server HPSBUX02645
6874| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
6875| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
6876| [835236] HP-UX Update for Apache with PHP HPSBUX02543
6877| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
6878| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
6879| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
6880| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
6881| [835188] HP-UX Update for Apache HPSBUX02308
6882| [835181] HP-UX Update for Apache With PHP HPSBUX02332
6883| [835180] HP-UX Update for Apache with PHP HPSBUX02342
6884| [835172] HP-UX Update for Apache HPSBUX02365
6885| [835168] HP-UX Update for Apache HPSBUX02313
6886| [835148] HP-UX Update for Apache HPSBUX01064
6887| [835139] HP-UX Update for Apache with PHP HPSBUX01090
6888| [835131] HP-UX Update for Apache HPSBUX00256
6889| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
6890| [835104] HP-UX Update for Apache HPSBUX00224
6891| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
6892| [835101] HP-UX Update for Apache HPSBUX01232
6893| [835080] HP-UX Update for Apache HPSBUX02273
6894| [835078] HP-UX Update for ApacheStrong HPSBUX00255
6895| [835044] HP-UX Update for Apache HPSBUX01019
6896| [835040] HP-UX Update for Apache PHP HPSBUX00207
6897| [835025] HP-UX Update for Apache HPSBUX00197
6898| [835023] HP-UX Update for Apache HPSBUX01022
6899| [835022] HP-UX Update for Apache HPSBUX02292
6900| [835005] HP-UX Update for Apache HPSBUX02262
6901| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
6902| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
6903| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
6904| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
6905| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
6906| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
6907| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
6908| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
6909| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
6910| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
6911| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
6912| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
6913| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
6914| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
6915| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
6916| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
6917| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
6918| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
6919| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
6920| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
6921| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
6922| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
6923| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
6924| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
6925| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
6926| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
6927| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
6928| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
6929| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
6930| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
6931| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6932| [801942] Apache Archiva Multiple Vulnerabilities
6933| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
6934| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
6935| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
6936| [801284] Apache Derby Information Disclosure Vulnerability
6937| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
6938| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
6939| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
6940| [800680] Apache APR Version Detection
6941| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6942| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6943| [800677] Apache Roller Version Detection
6944| [800279] Apache mod_jk Module Version Detection
6945| [800278] Apache Struts Cross Site Scripting Vulnerability
6946| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
6947| [800276] Apache Struts Version Detection
6948| [800271] Apache Struts Directory Traversal Vulnerability
6949| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
6950| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6951| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6952| [103122] Apache Web Server ETag Header Information Disclosure Weakness
6953| [103074] Apache Continuum Cross Site Scripting Vulnerability
6954| [103073] Apache Continuum Detection
6955| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6956| [101023] Apache Open For Business Weak Password security check
6957| [101020] Apache Open For Business HTML injection vulnerability
6958| [101019] Apache Open For Business service detection
6959| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
6960| [100923] Apache Archiva Detection
6961| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6962| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6963| [100813] Apache Axis2 Detection
6964| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6965| [100795] Apache Derby Detection
6966| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
6967| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6968| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6969| [100514] Apache Multiple Security Vulnerabilities
6970| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6971| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6972| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6973| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6974| [72626] Debian Security Advisory DSA 2579-1 (apache2)
6975| [72612] FreeBSD Ports: apache22
6976| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
6977| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
6978| [71512] FreeBSD Ports: apache
6979| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
6980| [71256] Debian Security Advisory DSA 2452-1 (apache2)
6981| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
6982| [70737] FreeBSD Ports: apache
6983| [70724] Debian Security Advisory DSA 2405-1 (apache2)
6984| [70600] FreeBSD Ports: apache
6985| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
6986| [70235] Debian Security Advisory DSA 2298-2 (apache2)
6987| [70233] Debian Security Advisory DSA 2298-1 (apache2)
6988| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
6989| [69338] Debian Security Advisory DSA 2202-1 (apache2)
6990| [67868] FreeBSD Ports: apache
6991| [66816] FreeBSD Ports: apache
6992| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
6993| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
6994| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
6995| [66081] SLES11: Security update for Apache 2
6996| [66074] SLES10: Security update for Apache 2
6997| [66070] SLES9: Security update for Apache 2
6998| [65998] SLES10: Security update for apache2-mod_python
6999| [65893] SLES10: Security update for Apache 2
7000| [65888] SLES10: Security update for Apache 2
7001| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7002| [65510] SLES9: Security update for Apache 2
7003| [65472] SLES9: Security update for Apache
7004| [65467] SLES9: Security update for Apache
7005| [65450] SLES9: Security update for apache2
7006| [65390] SLES9: Security update for Apache2
7007| [65363] SLES9: Security update for Apache2
7008| [65309] SLES9: Security update for Apache and mod_ssl
7009| [65296] SLES9: Security update for webdav apache module
7010| [65283] SLES9: Security update for Apache2
7011| [65249] SLES9: Security update for Apache 2
7012| [65230] SLES9: Security update for Apache 2
7013| [65228] SLES9: Security update for Apache 2
7014| [65212] SLES9: Security update for apache2-mod_python
7015| [65209] SLES9: Security update for apache2-worker
7016| [65207] SLES9: Security update for Apache 2
7017| [65168] SLES9: Security update for apache2-mod_python
7018| [65142] SLES9: Security update for Apache2
7019| [65136] SLES9: Security update for Apache 2
7020| [65132] SLES9: Security update for apache
7021| [65131] SLES9: Security update for Apache 2 oes/CORE
7022| [65113] SLES9: Security update for apache2
7023| [65072] SLES9: Security update for apache and mod_ssl
7024| [65017] SLES9: Security update for Apache 2
7025| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7026| [64783] FreeBSD Ports: apache
7027| [64774] Ubuntu USN-802-2 (apache2)
7028| [64653] Ubuntu USN-813-2 (apache2)
7029| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7030| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7031| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7032| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7033| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7034| [64443] Ubuntu USN-802-1 (apache2)
7035| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7036| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7037| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7038| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7039| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7040| [64201] Ubuntu USN-787-1 (apache2)
7041| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7042| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7043| [63565] FreeBSD Ports: apache
7044| [63562] Ubuntu USN-731-1 (apache2)
7045| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7046| [61185] FreeBSD Ports: apache
7047| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7048| [60387] Slackware Advisory SSA:2008-045-02 apache
7049| [58826] FreeBSD Ports: apache-tomcat
7050| [58825] FreeBSD Ports: apache-tomcat
7051| [58804] FreeBSD Ports: apache
7052| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7053| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7054| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7055| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7056| [57335] Debian Security Advisory DSA 1167-1 (apache)
7057| [57201] Debian Security Advisory DSA 1131-1 (apache)
7058| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7059| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7060| [57145] FreeBSD Ports: apache
7061| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7062| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7063| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7064| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7065| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7066| [56067] FreeBSD Ports: apache
7067| [55803] Slackware Advisory SSA:2005-310-04 apache
7068| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7069| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7070| [55355] FreeBSD Ports: apache
7071| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7072| [55261] Debian Security Advisory DSA 805-1 (apache2)
7073| [55259] Debian Security Advisory DSA 803-1 (apache)
7074| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7075| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7076| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7077| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7078| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7079| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7080| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7081| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7082| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7083| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7084| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7085| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7086| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7087| [54439] FreeBSD Ports: apache
7088| [53931] Slackware Advisory SSA:2004-133-01 apache
7089| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7090| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7091| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7092| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7093| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7094| [53848] Debian Security Advisory DSA 131-1 (apache)
7095| [53784] Debian Security Advisory DSA 021-1 (apache)
7096| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7097| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7098| [53735] Debian Security Advisory DSA 187-1 (apache)
7099| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7100| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7101| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7102| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7103| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7104| [53282] Debian Security Advisory DSA 594-1 (apache)
7105| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7106| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7107| [53215] Debian Security Advisory DSA 525-1 (apache)
7108| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7109| [52529] FreeBSD Ports: apache+ssl
7110| [52501] FreeBSD Ports: apache
7111| [52461] FreeBSD Ports: apache
7112| [52390] FreeBSD Ports: apache
7113| [52389] FreeBSD Ports: apache
7114| [52388] FreeBSD Ports: apache
7115| [52383] FreeBSD Ports: apache
7116| [52339] FreeBSD Ports: apache+mod_ssl
7117| [52331] FreeBSD Ports: apache
7118| [52329] FreeBSD Ports: ru-apache+mod_ssl
7119| [52314] FreeBSD Ports: apache
7120| [52310] FreeBSD Ports: apache
7121| [15588] Detect Apache HTTPS
7122| [15555] Apache mod_proxy content-length buffer overflow
7123| [15554] Apache mod_include priviledge escalation
7124| [14771] Apache <= 1.3.33 htpasswd local overflow
7125| [14177] Apache mod_access rule bypass
7126| [13644] Apache mod_rootme Backdoor
7127| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7128| [12280] Apache Connection Blocking Denial of Service
7129| [12239] Apache Error Log Escape Sequence Injection
7130| [12123] Apache Tomcat source.jsp malformed request information disclosure
7131| [12085] Apache Tomcat servlet/JSP container default files
7132| [11438] Apache Tomcat Directory Listing and File disclosure
7133| [11204] Apache Tomcat Default Accounts
7134| [11092] Apache 2.0.39 Win32 directory traversal
7135| [11046] Apache Tomcat TroubleShooter Servlet Installed
7136| [11042] Apache Tomcat DOS Device Name XSS
7137| [11041] Apache Tomcat /servlet Cross Site Scripting
7138| [10938] Apache Remote Command Execution via .bat files
7139| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7140| [10773] MacOS X Finder reveals contents of Apache Web files
7141| [10766] Apache UserDir Sensitive Information Disclosure
7142| [10756] MacOS X Finder reveals contents of Apache Web directories
7143| [10752] Apache Auth Module SQL Insertion Attack
7144| [10704] Apache Directory Listing
7145| [10678] Apache /server-info accessible
7146| [10677] Apache /server-status accessible
7147| [10440] Check for Apache Multiple / vulnerability
7148|
7149| SecurityTracker - https://www.securitytracker.com:
7150| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7151| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7152| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7153| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7154| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7155| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7156| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7157| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7158| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7159| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7160| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7161| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7162| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7163| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7164| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7165| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7166| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7167| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7168| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7169| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7170| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7171| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7172| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7173| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7174| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7175| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7176| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7177| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7178| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7179| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7180| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7181| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7182| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7183| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7184| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7185| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7186| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7187| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7188| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7189| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7190| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7191| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7192| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7193| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7194| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7195| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7196| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7197| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7198| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7199| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7200| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7201| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7202| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7203| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7204| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7205| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7206| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7207| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7208| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7209| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7210| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7211| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7212| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7213| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7214| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7215| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7216| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7217| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7218| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7219| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7220| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7221| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7222| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7223| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7224| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7225| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7226| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7227| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7228| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7229| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7230| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7231| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7232| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7233| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7234| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7235| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7236| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7237| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7238| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7239| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7240| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7241| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7242| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7243| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7244| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7245| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7246| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7247| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7248| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7249| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7250| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7251| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7252| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7253| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7254| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7255| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7256| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7257| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7258| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7259| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7260| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7261| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7262| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7263| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7264| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7265| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7266| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7267| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7268| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7269| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7270| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7271| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7272| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7273| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7274| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7275| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7276| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7277| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7278| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7279| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7280| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7281| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7282| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7283| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7284| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7285| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7286| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7287| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7288| [1008920] Apache mod_digest May Validate Replayed Client Responses
7289| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7290| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7291| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7292| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7293| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7294| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7295| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7296| [1008029] Apache mod_alias Contains a Buffer Overflow
7297| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7298| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7299| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7300| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7301| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7302| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7303| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7304| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7305| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7306| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7307| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7308| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7309| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7310| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7311| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7312| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7313| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7314| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7315| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7316| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7317| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7318| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7319| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7320| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7321| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7322| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7323| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7324| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7325| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7326| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7327| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7328| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7329| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7330| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7331| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7332| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7333| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7334| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7335| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7336| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7337| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7338| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7339| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7340| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7341| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7342| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7343| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7344| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7345| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7346| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7347| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7348| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7349| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7350| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7351| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7352| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7353|
7354| OSVDB - http://www.osvdb.org:
7355| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
7356| [96077] Apache CloudStack Global Settings Multiple Field XSS
7357| [96076] Apache CloudStack Instances Menu Display Name Field XSS
7358| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
7359| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
7360| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7361| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
7362| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
7363| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
7364| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
7365| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
7366| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
7367| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7368| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
7369| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
7370| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
7371| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
7372| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
7373| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
7374| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
7375| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
7376| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
7377| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
7378| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
7379| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7380| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7381| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
7382| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
7383| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
7384| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
7385| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
7386| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
7387| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
7388| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
7389| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
7390| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
7391| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
7392| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
7393| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
7394| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
7395| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
7396| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
7397| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
7398| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
7399| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
7400| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
7401| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
7402| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
7403| [94279] Apache Qpid CA Certificate Validation Bypass
7404| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
7405| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
7406| [94042] Apache Axis JAX-WS Java Unspecified Exposure
7407| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
7408| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
7409| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7410| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
7411| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
7412| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
7413| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
7414| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
7415| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
7416| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
7417| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
7418| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
7419| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
7420| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
7421| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
7422| [93541] Apache Solr json.wrf Callback XSS
7423| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
7424| [93521] Apache jUDDI Security API Token Session Persistence Weakness
7425| [93520] Apache CloudStack Default SSL Key Weakness
7426| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
7427| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
7428| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
7429| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
7430| [93515] Apache HBase table.jsp name Parameter XSS
7431| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7432| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
7433| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
7434| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
7435| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
7436| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
7437| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7438| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
7439| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
7440| [93252] Apache Tomcat FORM Authenticator Session Fixation
7441| [93172] Apache Camel camel/endpoints/ Endpoint XSS
7442| [93171] Apache Sling HtmlResponse Error Message XSS
7443| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
7444| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
7445| [93168] Apache Click ErrorReport.java id Parameter XSS
7446| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
7447| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
7448| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
7449| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
7450| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
7451| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
7452| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
7453| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
7454| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
7455| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
7456| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
7457| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
7458| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
7459| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7460| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
7461| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
7462| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
7463| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
7464| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
7465| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7466| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
7467| [93144] Apache Solr Admin Command Execution CSRF
7468| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
7469| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
7470| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
7471| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
7472| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
7473| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
7474| [92748] Apache CloudStack VM Console Access Restriction Bypass
7475| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
7476| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
7477| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
7478| [92706] Apache ActiveMQ Debug Log Rendering XSS
7479| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
7480| [92270] Apache Tomcat Unspecified CSRF
7481| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
7482| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
7483| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
7484| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
7485| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
7486| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
7487| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7488| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
7489| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
7490| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
7491| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
7492| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
7493| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
7494| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
7495| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
7496| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
7497| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
7498| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
7499| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
7500| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
7501| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
7502| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
7503| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7504| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
7505| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
7506| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
7507| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
7508| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
7509| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
7510| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7511| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7512| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
7513| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
7514| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
7515| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
7516| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
7517| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
7518| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
7519| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
7520| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
7521| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7522| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
7523| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7524| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
7525| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
7526| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
7527| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
7528| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
7529| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
7530| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
7531| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
7532| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
7533| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
7534| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
7535| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
7536| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
7537| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
7538| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
7539| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
7540| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7541| [86901] Apache Tomcat Error Message Path Disclosure
7542| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
7543| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
7544| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
7545| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
7546| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
7547| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
7548| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
7549| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
7550| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
7551| [85430] Apache mod_pagespeed Module Unspecified XSS
7552| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
7553| [85249] Apache Wicket Unspecified XSS
7554| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
7555| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7556| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7557| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
7558| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
7559| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
7560| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
7561| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7562| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7563| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
7564| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
7565| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
7566| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
7567| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
7568| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
7569| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7570| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
7571| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
7572| [83339] Apache Roller Blogger Roll Unspecified XSS
7573| [83270] Apache Roller Unspecified Admin Action CSRF
7574| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
7575| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
7576| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
7577| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7578| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
7579| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
7580| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
7581| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
7582| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
7583| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
7584| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7585| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
7586| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
7587| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
7588| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7589| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
7590| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
7591| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7592| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
7593| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7594| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7595| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
7596| [80300] Apache Wicket wicket:pageMapName Parameter XSS
7597| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
7598| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
7599| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
7600| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
7601| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
7602| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
7603| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
7604| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
7605| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
7606| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
7607| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
7608| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
7609| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
7610| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7611| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7612| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
7613| [78331] Apache Tomcat Request Object Recycling Information Disclosure
7614| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7615| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
7616| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
7617| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
7618| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
7619| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
7620| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
7621| [77593] Apache Struts Conversion Error OGNL Expression Injection
7622| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
7623| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7624| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
7625| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7626| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7627| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7628| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
7629| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7630| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
7631| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7632| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
7633| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7634| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7635| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7636| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
7637| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
7638| [74725] Apache Wicket Multi Window Support Unspecified XSS
7639| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7640| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
7641| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
7642| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
7643| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7644| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7645| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
7646| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
7647| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
7648| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
7649| [73644] Apache XML Security Signature Key Parsing Overflow DoS
7650| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
7651| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
7652| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
7653| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7654| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7655| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7656| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
7657| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
7658| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
7659| [73154] Apache Archiva Multiple Unspecified CSRF
7660| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
7661| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
7662| [72238] Apache Struts Action / Method Names <
7663| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
7664| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
7665| [71557] Apache Tomcat HTML Manager Multiple XSS
7666| [71075] Apache Archiva User Management Page XSS
7667| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
7668| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
7669| [70924] Apache Continuum Multiple Admin Function CSRF
7670| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
7671| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
7672| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7673| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
7674| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7675| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
7676| [69520] Apache Archiva Administrator Credential Manipulation CSRF
7677| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
7678| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
7679| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
7680| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
7681| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
7682| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
7683| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
7684| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
7685| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
7686| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
7687| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
7688| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7689| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7690| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
7691| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
7692| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
7693| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7694| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
7695| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7696| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
7697| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
7698| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7699| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
7700| [65054] Apache ActiveMQ Jetty Error Handler XSS
7701| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
7702| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
7703| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
7704| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
7705| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
7706| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
7707| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
7708| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
7709| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
7710| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7711| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
7712| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
7713| [63895] Apache HTTP Server mod_headers Unspecified Issue
7714| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
7715| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
7716| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
7717| [63140] Apache Thrift Service Malformed Data Remote DoS
7718| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7719| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7720| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7721| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7722| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7723| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
7724| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
7725| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
7726| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7727| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
7728| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
7729| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
7730| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
7731| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
7732| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
7733| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
7734| [60678] Apache Roller Comment Email Notification Manipulation DoS
7735| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
7736| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
7737| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
7738| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
7739| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7740| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7741| [60232] PHP on Apache php.exe Direct Request Remote DoS
7742| [60176] Apache Tomcat Windows Installer Admin Default Password
7743| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7744| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7745| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7746| [59944] Apache Hadoop jobhistory.jsp XSS
7747| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
7748| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
7749| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
7750| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
7751| [59019] Apache mod_python Cookie Salting Weakness
7752| [59018] Apache Harmony Error Message Handling Overflow
7753| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
7754| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
7755| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
7756| [59010] Apache Solr get-file.jsp XSS
7757| [59009] Apache Solr action.jsp XSS
7758| [59008] Apache Solr analysis.jsp XSS
7759| [59007] Apache Solr schema.jsp Multiple Parameter XSS
7760| [59006] Apache Beehive select / checkbox Tag XSS
7761| [59005] Apache Beehive jpfScopeID Global Parameter XSS
7762| [59004] Apache Beehive Error Message XSS
7763| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
7764| [59002] Apache Jetspeed default-page.psml URI XSS
7765| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
7766| [59000] Apache CXF Unsigned Message Policy Bypass
7767| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
7768| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
7769| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
7770| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
7771| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
7772| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
7773| [58993] Apache Hadoop browseBlock.jsp XSS
7774| [58991] Apache Hadoop browseDirectory.jsp XSS
7775| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
7776| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
7777| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
7778| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
7779| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
7780| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
7781| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
7782| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
7783| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
7784| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
7785| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
7786| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
7787| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
7788| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
7789| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
7790| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
7791| [58974] Apache Sling /apps Script User Session Management Access Weakness
7792| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
7793| [58931] Apache Geronimo Cookie Parameters Validation Weakness
7794| [58930] Apache Xalan-C++ XPath Handling Remote DoS
7795| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
7796| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
7797| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
7798| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
7799| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
7800| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
7801| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
7802| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
7803| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
7804| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7805| [58805] Apache Derby Unauthenticated Database / Admin Access
7806| [58804] Apache Wicket Header Contribution Unspecified Issue
7807| [58803] Apache Wicket Session Fixation
7808| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7809| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
7810| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
7811| [58799] Apache Tapestry Logging Cleartext Password Disclosure
7812| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
7813| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
7814| [58796] Apache Jetspeed Unsalted Password Storage Weakness
7815| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
7816| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
7817| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
7818| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
7819| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
7820| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
7821| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
7822| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
7823| [58775] Apache JSPWiki preview.jsp action Parameter XSS
7824| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7825| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
7826| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
7827| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
7828| [58770] Apache JSPWiki Group.jsp group Parameter XSS
7829| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
7830| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
7831| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
7832| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
7833| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
7834| [58763] Apache JSPWiki Include Tag Multiple Script XSS
7835| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
7836| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
7837| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
7838| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
7839| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
7840| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
7841| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
7842| [58755] Apache Harmony DRLVM Non-public Class Member Access
7843| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
7844| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
7845| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
7846| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
7847| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
7848| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
7849| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
7850| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
7851| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
7852| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
7853| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
7854| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
7855| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
7856| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
7857| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
7858| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
7859| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
7860| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
7861| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
7862| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
7863| [58725] Apache Tapestry Basic String ACL Bypass Weakness
7864| [58724] Apache Roller Logout Functionality Failure Session Persistence
7865| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
7866| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
7867| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
7868| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
7869| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
7870| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
7871| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
7872| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
7873| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
7874| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
7875| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7876| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7877| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
7878| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7879| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
7880| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
7881| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
7882| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
7883| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
7884| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
7885| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
7886| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
7887| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
7888| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
7889| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
7890| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
7891| [58687] Apache Axis Invalid wsdl Request XSS
7892| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
7893| [58685] Apache Velocity Template Designer Privileged Code Execution
7894| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
7895| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
7896| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
7897| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
7898| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
7899| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
7900| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
7901| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
7902| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
7903| [58667] Apache Roller Database Cleartext Passwords Disclosure
7904| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
7905| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
7906| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
7907| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
7908| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
7909| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
7910| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
7911| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
7912| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7913| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7914| [56984] Apache Xerces2 Java Malformed XML Input DoS
7915| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
7916| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
7917| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
7918| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
7919| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7920| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
7921| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
7922| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7923| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7924| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7925| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7926| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
7927| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
7928| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
7929| [55056] Apache Tomcat Cross-application TLD File Manipulation
7930| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
7931| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
7932| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
7933| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7934| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
7935| [54589] Apache Jserv Nonexistent JSP Request XSS
7936| [54122] Apache Struts s:a / s:url Tag href Element XSS
7937| [54093] Apache ActiveMQ Web Console JMS Message XSS
7938| [53932] Apache Geronimo Multiple Admin Function CSRF
7939| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7940| [53930] Apache Geronimo /console/portal/ URI XSS
7941| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
7942| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
7943| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
7944| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7945| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7946| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
7947| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
7948| [53380] Apache Struts Unspecified XSS
7949| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
7950| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7951| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
7952| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
7953| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7954| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7955| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7956| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
7957| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
7958| [51151] Apache Roller Search Function q Parameter XSS
7959| [50482] PHP with Apache php_value Order Unspecified Issue
7960| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
7961| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
7962| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
7963| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7964| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
7965| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
7966| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
7967| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7968| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
7969| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
7970| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
7971| [47096] Oracle Weblogic Apache Connector POST Request Overflow
7972| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
7973| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
7974| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7975| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
7976| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
7977| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7978| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
7979| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
7980| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
7981| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
7982| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7983| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7984| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
7985| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7986| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
7987| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
7988| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
7989| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7990| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7991| [43452] Apache Tomcat HTTP Request Smuggling
7992| [43309] Apache Geronimo LoginModule Login Method Bypass
7993| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
7994| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7995| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
7996| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
7997| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7998| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
7999| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8000| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8001| [42091] Apache Maven Site Plugin Installation Permission Weakness
8002| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8003| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8004| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8005| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8006| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8007| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8008| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8009| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8010| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8011| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8012| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8013| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8014| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8015| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8016| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8017| [40262] Apache HTTP Server mod_status refresh XSS
8018| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8019| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8020| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8021| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8022| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8023| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8024| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8025| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8026| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8027| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8028| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8029| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8030| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8031| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8032| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8033| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8034| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8035| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8036| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8037| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8038| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8039| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8040| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8041| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8042| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8043| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8044| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8045| [36079] Apache Tomcat Manager Uploaded Filename XSS
8046| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8047| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8048| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8049| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8050| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8051| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8052| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8053| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8054| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8055| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8056| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8057| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8058| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8059| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8060| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8061| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8062| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8063| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8064| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8065| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8066| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8067| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8068| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8069| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8070| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8071| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8072| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8073| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8074| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8075| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8076| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8077| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8078| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8079| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8080| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8081| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8082| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8083| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8084| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8085| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8086| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8087| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8088| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8089| [24365] Apache Struts Multiple Function Error Message XSS
8090| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8091| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8092| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8093| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8094| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8095| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8096| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8097| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8098| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8099| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8100| [22459] Apache Geronimo Error Page XSS
8101| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8102| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8103| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8104| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8105| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8106| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8107| [21021] Apache Struts Error Message XSS
8108| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8109| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8110| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8111| [20439] Apache Tomcat Directory Listing Saturation DoS
8112| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8113| [20285] Apache HTTP Server Log File Control Character Injection
8114| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8115| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8116| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8117| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8118| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8119| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8120| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8121| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8122| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8123| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8124| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8125| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8126| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8127| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8128| [18233] Apache HTTP Server htdigest user Variable Overfow
8129| [17738] Apache HTTP Server HTTP Request Smuggling
8130| [16586] Apache HTTP Server Win32 GET Overflow DoS
8131| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8132| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8133| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8134| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8135| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8136| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8137| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8138| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8139| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8140| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8141| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8142| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8143| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8144| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8145| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8146| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8147| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8148| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8149| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8150| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8151| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8152| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8153| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8154| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8155| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8156| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8157| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8158| [13304] Apache Tomcat realPath.jsp Path Disclosure
8159| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8160| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8161| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8162| [12848] Apache HTTP Server htdigest realm Variable Overflow
8163| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8164| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8165| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8166| [12557] Apache HTTP Server prefork MPM accept Error DoS
8167| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8168| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8169| [12231] Apache Tomcat web.xml Arbitrary File Access
8170| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8171| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8172| [12178] Apache Jakarta Lucene results.jsp XSS
8173| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8174| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8175| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8176| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8177| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8178| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8179| [10471] Apache Xerces-C++ XML Parser DoS
8180| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8181| [10068] Apache HTTP Server htpasswd Local Overflow
8182| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8183| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8184| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8185| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8186| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8187| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8188| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8189| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8190| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8191| [9714] Apache Authentication Module Threaded MPM DoS
8192| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8193| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8194| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8195| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8196| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8197| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8198| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8199| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8200| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8201| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8202| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8203| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8204| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8205| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8206| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8207| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8208| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8209| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8210| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8211| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8212| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8213| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8214| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8215| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8216| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8217| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8218| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8219| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8220| [9208] Apache Tomcat .jsp Encoded Newline XSS
8221| [9204] Apache Tomcat ROOT Application XSS
8222| [9203] Apache Tomcat examples Application XSS
8223| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8224| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8225| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8226| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8227| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8228| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8229| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8230| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8231| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8232| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8233| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8234| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8235| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8236| [7611] Apache HTTP Server mod_alias Local Overflow
8237| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8238| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8239| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8240| [6882] Apache mod_python Malformed Query String Variant DoS
8241| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8242| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8243| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8244| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8245| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8246| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8247| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8248| [5278] Apache Tomcat web.xml Restriction Bypass
8249| [5051] Apache Tomcat Null Character DoS
8250| [4973] Apache Tomcat servlet Mapping XSS
8251| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8252| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8253| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8254| [4568] mod_survey For Apache ENV Tags SQL Injection
8255| [4553] Apache HTTP Server ApacheBench Overflow DoS
8256| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8257| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8258| [4383] Apache HTTP Server Socket Race Condition DoS
8259| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8260| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8261| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8262| [4231] Apache Cocoon Error Page Server Path Disclosure
8263| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8264| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8265| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8266| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8267| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8268| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8269| [3322] mod_php for Apache HTTP Server Process Hijack
8270| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8271| [2885] Apache mod_python Malformed Query String DoS
8272| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8273| [2733] Apache HTTP Server mod_rewrite Local Overflow
8274| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8275| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8276| [2149] Apache::Gallery Privilege Escalation
8277| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8278| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8279| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8280| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8281| [872] Apache Tomcat Multiple Default Accounts
8282| [862] Apache HTTP Server SSI Error Page XSS
8283| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8284| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8285| [845] Apache Tomcat MSDOS Device XSS
8286| [844] Apache Tomcat Java Servlet Error Page XSS
8287| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8288| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8289| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8290| [775] Apache mod_python Module Importing Privilege Function Execution
8291| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8292| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8293| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8294| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8295| [637] Apache HTTP Server UserDir Directive Username Enumeration
8296| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8297| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8298| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8299| [561] Apache Web Servers mod_status /server-status Information Disclosure
8300| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8301| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8302| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8303| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8304| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8305| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8306| [376] Apache Tomcat contextAdmin Arbitrary File Access
8307| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8308| [222] Apache HTTP Server test-cgi Arbitrary File Access
8309| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8310| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8311|_
83127162/tcp closed caistoragemgr
83137163/tcp open http Apache httpd
8314|_http-server-header: Apache
8315| vulscan: VulDB - https://vuldb.com:
8316| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8317| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8318| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8319| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8320| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8321| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8322| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8323| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8324| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8325| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8326| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8327| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8328| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8329| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8330| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8331| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8332| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8333| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8334| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8335| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8336| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8337| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8338| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8339| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8340| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8341| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8342| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8343| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8344| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8345| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8346| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8347| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8348| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8349| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
8350| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
8351| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8352| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
8353| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
8354| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
8355| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
8356| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8357| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
8358| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
8359| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
8360| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
8361| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8362| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
8363| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
8364| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
8365| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8366| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
8367| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
8368| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
8369| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
8370| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
8371| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
8372| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
8373| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
8374| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
8375| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
8376| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
8377| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8378| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
8379| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
8380| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
8381| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8382| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
8383| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
8384| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
8385| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
8386| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
8387| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
8388| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
8389| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
8390| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
8391| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
8392| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
8393| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
8394| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
8395| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
8396| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
8397| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
8398| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
8399| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
8400| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
8401| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
8402| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
8403| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
8404| [136370] Apache Fineract up to 1.2.x sql injection
8405| [136369] Apache Fineract up to 1.2.x sql injection
8406| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
8407| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
8408| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
8409| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
8410| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
8411| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
8412| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
8413| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
8414| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
8415| [134416] Apache Sanselan 0.97-incubator Loop denial of service
8416| [134415] Apache Sanselan 0.97-incubator Hang denial of service
8417| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
8418| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
8419| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8420| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
8421| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
8422| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
8423| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
8424| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
8425| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
8426| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
8427| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
8428| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
8429| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
8430| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
8431| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
8432| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
8433| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
8434| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
8435| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
8436| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
8437| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
8438| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
8439| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
8440| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
8441| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
8442| [131859] Apache Hadoop up to 2.9.1 privilege escalation
8443| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
8444| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
8445| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
8446| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
8447| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
8448| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
8449| [130629] Apache Guacamole Cookie Flag weak encryption
8450| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
8451| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
8452| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
8453| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
8454| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
8455| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
8456| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
8457| [130123] Apache Airflow up to 1.8.2 information disclosure
8458| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
8459| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
8460| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
8461| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
8462| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8463| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8464| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
8465| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
8466| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
8467| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
8468| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
8469| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
8470| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8471| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
8472| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
8473| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
8474| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
8475| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
8476| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8477| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
8478| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
8479| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
8480| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
8481| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
8482| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
8483| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
8484| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
8485| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
8486| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
8487| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
8488| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
8489| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
8490| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
8491| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
8492| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
8493| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
8494| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
8495| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
8496| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
8497| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
8498| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
8499| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
8500| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
8501| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
8502| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
8503| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
8504| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
8505| [127007] Apache Spark Request Code Execution
8506| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
8507| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
8508| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
8509| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
8510| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
8511| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
8512| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
8513| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
8514| [126346] Apache Tomcat Path privilege escalation
8515| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
8516| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
8517| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
8518| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
8519| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
8520| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
8521| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
8522| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
8523| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
8524| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
8525| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
8526| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
8527| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
8528| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
8529| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
8530| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
8531| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
8532| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
8533| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
8534| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
8535| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
8536| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
8537| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
8538| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
8539| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
8540| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
8541| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
8542| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
8543| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
8544| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
8545| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
8546| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
8547| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
8548| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
8549| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
8550| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
8551| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
8552| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
8553| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
8554| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
8555| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
8556| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
8557| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
8558| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
8559| [123197] Apache Sentry up to 2.0.0 privilege escalation
8560| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
8561| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
8562| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
8563| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
8564| [122800] Apache Spark 1.3.0 REST API weak authentication
8565| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
8566| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
8567| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
8568| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
8569| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
8570| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
8571| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
8572| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
8573| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
8574| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
8575| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
8576| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
8577| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
8578| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
8579| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
8580| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
8581| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
8582| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
8583| [121354] Apache CouchDB HTTP API Code Execution
8584| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
8585| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
8586| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
8587| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
8588| [120168] Apache CXF weak authentication
8589| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
8590| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
8591| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
8592| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
8593| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
8594| [119306] Apache MXNet Network Interface privilege escalation
8595| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
8596| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
8597| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
8598| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
8599| [118143] Apache NiFi activemq-client Library Deserialization denial of service
8600| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
8601| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
8602| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
8603| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
8604| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
8605| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
8606| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
8607| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
8608| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
8609| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
8610| [117115] Apache Tika up to 1.17 tika-server command injection
8611| [116929] Apache Fineract getReportType Parameter privilege escalation
8612| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
8613| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
8614| [116926] Apache Fineract REST Parameter privilege escalation
8615| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
8616| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
8617| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
8618| [115883] Apache Hive up to 2.3.2 privilege escalation
8619| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
8620| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
8621| [115518] Apache Ignite 2.3 Deserialization privilege escalation
8622| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
8623| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
8624| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
8625| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
8626| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
8627| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
8628| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
8629| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
8630| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
8631| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
8632| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
8633| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
8634| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
8635| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
8636| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
8637| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
8638| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
8639| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
8640| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
8641| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
8642| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
8643| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
8644| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
8645| [113895] Apache Geode up to 1.3.x Code Execution
8646| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
8647| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
8648| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
8649| [113747] Apache Tomcat Servlets privilege escalation
8650| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
8651| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
8652| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
8653| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
8654| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
8655| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8656| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
8657| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
8658| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
8659| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
8660| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
8661| [112885] Apache Allura up to 1.8.0 File information disclosure
8662| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
8663| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
8664| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
8665| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
8666| [112625] Apache POI up to 3.16 Loop denial of service
8667| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
8668| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
8669| [112339] Apache NiFi 1.5.0 Header privilege escalation
8670| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
8671| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
8672| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
8673| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
8674| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
8675| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
8676| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
8677| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
8678| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
8679| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
8680| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
8681| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
8682| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
8683| [112114] Oracle 9.1 Apache Log4j privilege escalation
8684| [112113] Oracle 9.1 Apache Log4j privilege escalation
8685| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
8686| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
8687| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
8688| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
8689| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
8690| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
8691| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
8692| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
8693| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
8694| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
8695| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
8696| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
8697| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
8698| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
8699| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
8700| [110701] Apache Fineract Query Parameter sql injection
8701| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
8702| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
8703| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
8704| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
8705| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
8706| [110106] Apache CXF Fediz Spring cross site request forgery
8707| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
8708| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
8709| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
8710| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
8711| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
8712| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
8713| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
8714| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
8715| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
8716| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
8717| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
8718| [108938] Apple macOS up to 10.13.1 apache denial of service
8719| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
8720| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
8721| [108935] Apple macOS up to 10.13.1 apache denial of service
8722| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
8723| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
8724| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
8725| [108931] Apple macOS up to 10.13.1 apache denial of service
8726| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
8727| [108929] Apple macOS up to 10.13.1 apache denial of service
8728| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
8729| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
8730| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
8731| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
8732| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
8733| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
8734| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
8735| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
8736| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
8737| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
8738| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
8739| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
8740| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
8741| [108782] Apache Xerces2 XML Service denial of service
8742| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
8743| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
8744| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
8745| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
8746| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
8747| [108629] Apache OFBiz up to 10.04.01 privilege escalation
8748| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
8749| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
8750| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
8751| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
8752| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
8753| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
8754| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
8755| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
8756| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
8757| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
8758| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
8759| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
8760| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
8761| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
8762| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
8763| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
8764| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
8765| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
8766| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
8767| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
8768| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
8769| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
8770| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
8771| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
8772| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
8773| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
8774| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
8775| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
8776| [107639] Apache NiFi 1.4.0 XML External Entity
8777| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
8778| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
8779| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
8780| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
8781| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
8782| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
8783| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
8784| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
8785| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
8786| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
8787| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
8788| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8789| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
8790| [107197] Apache Xerces Jelly Parser XML File XML External Entity
8791| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
8792| [107084] Apache Struts up to 2.3.19 cross site scripting
8793| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
8794| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
8795| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
8796| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
8797| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
8798| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
8799| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
8800| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
8801| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
8802| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
8803| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
8804| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
8805| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8806| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
8807| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
8808| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
8809| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
8810| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
8811| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
8812| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
8813| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
8814| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
8815| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
8816| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
8817| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
8818| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
8819| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
8820| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
8821| [105878] Apache Struts up to 2.3.24.0 privilege escalation
8822| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
8823| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
8824| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
8825| [105643] Apache Pony Mail up to 0.8b weak authentication
8826| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
8827| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
8828| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
8829| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
8830| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
8831| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
8832| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
8833| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
8834| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
8835| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
8836| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
8837| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
8838| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
8839| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
8840| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
8841| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
8842| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
8843| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
8844| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
8845| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
8846| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
8847| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
8848| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
8849| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
8850| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
8851| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
8852| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
8853| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
8854| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
8855| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
8856| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
8857| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
8858| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
8859| [103690] Apache OpenMeetings 1.0.0 sql injection
8860| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
8861| [103688] Apache OpenMeetings 1.0.0 weak encryption
8862| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
8863| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
8864| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
8865| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
8866| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
8867| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
8868| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
8869| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
8870| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
8871| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
8872| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
8873| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
8874| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
8875| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
8876| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
8877| [103352] Apache Solr Node weak authentication
8878| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
8879| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
8880| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
8881| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
8882| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
8883| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
8884| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
8885| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
8886| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
8887| [102536] Apache Ranger up to 0.6 Stored cross site scripting
8888| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
8889| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
8890| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
8891| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
8892| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
8893| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
8894| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
8895| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
8896| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
8897| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
8898| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
8899| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
8900| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
8901| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
8902| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
8903| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
8904| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
8905| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
8906| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
8907| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
8908| [99937] Apache Batik up to 1.8 privilege escalation
8909| [99936] Apache FOP up to 2.1 privilege escalation
8910| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
8911| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
8912| [99930] Apache Traffic Server up to 6.2.0 denial of service
8913| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
8914| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
8915| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
8916| [117569] Apache Hadoop up to 2.7.3 privilege escalation
8917| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
8918| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
8919| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
8920| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
8921| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
8922| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
8923| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
8924| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
8925| [99014] Apache Camel Jackson/JacksonXML privilege escalation
8926| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8927| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
8928| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
8929| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
8930| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
8931| [98605] Apple macOS up to 10.12.3 Apache denial of service
8932| [98604] Apple macOS up to 10.12.3 Apache denial of service
8933| [98603] Apple macOS up to 10.12.3 Apache denial of service
8934| [98602] Apple macOS up to 10.12.3 Apache denial of service
8935| [98601] Apple macOS up to 10.12.3 Apache denial of service
8936| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
8937| [98405] Apache Hadoop up to 0.23.10 privilege escalation
8938| [98199] Apache Camel Validation XML External Entity
8939| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
8940| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
8941| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
8942| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
8943| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
8944| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
8945| [97081] Apache Tomcat HTTPS Request denial of service
8946| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
8947| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
8948| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
8949| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
8950| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
8951| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
8952| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
8953| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
8954| [95311] Apache Storm UI Daemon privilege escalation
8955| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
8956| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
8957| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
8958| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
8959| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
8960| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
8961| [94540] Apache Tika 1.9 tika-server File information disclosure
8962| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
8963| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
8964| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
8965| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
8966| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
8967| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
8968| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8969| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
8970| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
8971| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
8972| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
8973| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
8974| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
8975| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
8976| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8977| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
8978| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
8979| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
8980| [93532] Apache Commons Collections Library Java privilege escalation
8981| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
8982| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
8983| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
8984| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
8985| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
8986| [93098] Apache Commons FileUpload privilege escalation
8987| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
8988| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
8989| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
8990| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
8991| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
8992| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
8993| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
8994| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
8995| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
8996| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
8997| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
8998| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
8999| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9000| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9001| [92549] Apache Tomcat on Red Hat privilege escalation
9002| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9003| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9004| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9005| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9006| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9007| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9008| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9009| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9010| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9011| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9012| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9013| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9014| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9015| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9016| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9017| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9018| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9019| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9020| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9021| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9022| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9023| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9024| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9025| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9026| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9027| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9028| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9029| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9030| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9031| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9032| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9033| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9034| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9035| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9036| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9037| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9038| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9039| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9040| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9041| [90263] Apache Archiva Header denial of service
9042| [90262] Apache Archiva Deserialize privilege escalation
9043| [90261] Apache Archiva XML DTD Connection privilege escalation
9044| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9045| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9046| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9047| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9048| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9049| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9050| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9051| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9052| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9053| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9054| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9055| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9056| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9057| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9058| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9059| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9060| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9061| [87765] Apache James Server 2.3.2 Command privilege escalation
9062| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9063| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9064| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9065| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9066| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9067| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9068| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9069| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9070| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9071| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9072| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9073| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9074| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9075| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9076| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9077| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9078| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9079| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
9080| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9081| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9082| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9083| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9084| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9085| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9086| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9087| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9088| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9089| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9090| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9091| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9092| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9093| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9094| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9095| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9096| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9097| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9098| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9099| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9100| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9101| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9102| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9103| [82076] Apache Ranger up to 0.5.1 privilege escalation
9104| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9105| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9106| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9107| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9108| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9109| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9110| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9111| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9112| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9113| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9114| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9115| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9116| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9117| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9118| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9119| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9120| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9121| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9122| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9123| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9124| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9125| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9126| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9127| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9128| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9129| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9130| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9131| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9132| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9133| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9134| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9135| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9136| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9137| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9138| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9139| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9140| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9141| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9142| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9143| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9144| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9145| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9146| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9147| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9148| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9149| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9150| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9151| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9152| [78989] Apache Ambari up to 2.1.1 Open Redirect
9153| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9154| [78987] Apache Ambari up to 2.0.x cross site scripting
9155| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9156| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9157| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9158| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9159| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9160| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9161| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9162| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9163| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9164| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9165| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9166| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9167| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9168| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9169| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9170| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9171| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9172| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9173| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9174| [76567] Apache Struts 2.3.20 unknown vulnerability
9175| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9176| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9177| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9178| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9179| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9180| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9181| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9182| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9183| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9184| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9185| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9186| [74793] Apache Tomcat File Upload denial of service
9187| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9188| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9189| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9190| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9191| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9192| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9193| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9194| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9195| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9196| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9197| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9198| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9199| [74468] Apache Batik up to 1.6 denial of service
9200| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9201| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9202| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9203| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9204| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9205| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9206| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9207| [73731] Apache XML Security unknown vulnerability
9208| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9209| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9210| [73593] Apache Traffic Server up to 5.1.0 denial of service
9211| [73511] Apache POI up to 3.10 Deadlock denial of service
9212| [73510] Apache Solr up to 4.3.0 cross site scripting
9213| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9214| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9215| [73173] Apache CloudStack Stack-Based unknown vulnerability
9216| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9217| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9218| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9219| [72890] Apache Qpid 0.30 unknown vulnerability
9220| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9221| [72878] Apache Cordova 3.5.0 cross site request forgery
9222| [72877] Apache Cordova 3.5.0 cross site request forgery
9223| [72876] Apache Cordova 3.5.0 cross site request forgery
9224| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9225| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9226| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9227| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9228| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9229| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9230| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9231| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9232| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9233| [71629] Apache Axis2/C spoofing
9234| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9235| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9236| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9237| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9238| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9239| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9240| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9241| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9242| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9243| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9244| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9245| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9246| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9247| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9248| [70809] Apache POI up to 3.11 Crash denial of service
9249| [70808] Apache POI up to 3.10 unknown vulnerability
9250| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9251| [70749] Apache Axis up to 1.4 getCN spoofing
9252| [70701] Apache Traffic Server up to 3.3.5 denial of service
9253| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9254| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9255| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9256| [70661] Apache Subversion up to 1.6.17 denial of service
9257| [70660] Apache Subversion up to 1.6.17 spoofing
9258| [70659] Apache Subversion up to 1.6.17 spoofing
9259| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9260| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9261| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9262| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9263| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9264| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9265| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9266| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9267| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9268| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9269| [69846] Apache HBase up to 0.94.8 information disclosure
9270| [69783] Apache CouchDB up to 1.2.0 memory corruption
9271| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9272| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9273| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9274| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9275| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9276| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9277| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9278| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9279| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9280| [69431] Apache Archiva up to 1.3.6 cross site scripting
9281| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9282| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9283| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9284| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9285| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9286| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9287| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9288| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9289| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9290| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9291| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9292| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9293| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9294| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9295| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9296| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9297| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9298| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9299| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9300| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9301| [66356] Apache Wicket up to 6.8.0 information disclosure
9302| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9303| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9304| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9305| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9306| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9307| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9308| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9309| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9310| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9311| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9312| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9313| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9314| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9315| [65668] Apache Solr 4.0.0 Updater denial of service
9316| [65665] Apache Solr up to 4.3.0 denial of service
9317| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9318| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9319| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9320| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9321| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9322| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9323| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9324| [65410] Apache Struts 2.3.15.3 cross site scripting
9325| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9326| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9327| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9328| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9329| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9330| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9331| [65340] Apache Shindig 2.5.0 information disclosure
9332| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9333| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9334| [10826] Apache Struts 2 File privilege escalation
9335| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9336| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9337| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9338| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9339| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9340| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9341| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9342| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9343| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9344| [64722] Apache XML Security for C++ Heap-based memory corruption
9345| [64719] Apache XML Security for C++ Heap-based memory corruption
9346| [64718] Apache XML Security for C++ verify denial of service
9347| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9348| [64716] Apache XML Security for C++ spoofing
9349| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
9350| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
9351| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
9352| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
9353| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
9354| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
9355| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
9356| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
9357| [64485] Apache Struts up to 2.2.3.0 privilege escalation
9358| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
9359| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
9360| [64467] Apache Geronimo 3.0 memory corruption
9361| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
9362| [64457] Apache Struts up to 2.2.3.0 cross site scripting
9363| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
9364| [9184] Apache Qpid up to 0.20 SSL misconfiguration
9365| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
9366| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
9367| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
9368| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
9369| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
9370| [8873] Apache Struts 2.3.14 privilege escalation
9371| [8872] Apache Struts 2.3.14 privilege escalation
9372| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
9373| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
9374| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
9375| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
9376| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
9377| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9378| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
9379| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
9380| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
9381| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
9382| [64006] Apache ActiveMQ up to 5.7.0 denial of service
9383| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
9384| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
9385| [8427] Apache Tomcat Session Transaction weak authentication
9386| [63960] Apache Maven 3.0.4 Default Configuration spoofing
9387| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
9388| [63750] Apache qpid up to 0.20 checkAvailable denial of service
9389| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
9390| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
9391| [63747] Apache Rave up to 0.20 User Account information disclosure
9392| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
9393| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
9394| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
9395| [7687] Apache CXF up to 2.7.2 Token weak authentication
9396| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9397| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
9398| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
9399| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
9400| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
9401| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
9402| [63090] Apache Tomcat up to 4.1.24 denial of service
9403| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
9404| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
9405| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
9406| [62833] Apache CXF -/2.6.0 spoofing
9407| [62832] Apache Axis2 up to 1.6.2 spoofing
9408| [62831] Apache Axis up to 1.4 Java Message Service spoofing
9409| [62830] Apache Commons-httpclient 3.0 Payments spoofing
9410| [62826] Apache Libcloud up to 0.11.0 spoofing
9411| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
9412| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
9413| [62661] Apache Axis2 unknown vulnerability
9414| [62658] Apache Axis2 unknown vulnerability
9415| [62467] Apache Qpid up to 0.17 denial of service
9416| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
9417| [6301] Apache HTTP Server mod_pagespeed cross site scripting
9418| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
9419| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
9420| [62035] Apache Struts up to 2.3.4 denial of service
9421| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
9422| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
9423| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
9424| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
9425| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
9426| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
9427| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
9428| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
9429| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
9430| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
9431| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
9432| [61229] Apache Sling up to 2.1.1 denial of service
9433| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
9434| [61094] Apache Roller up to 5.0 cross site scripting
9435| [61093] Apache Roller up to 5.0 cross site request forgery
9436| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
9437| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
9438| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
9439| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
9440| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
9441| [60708] Apache Qpid 0.12 unknown vulnerability
9442| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
9443| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
9444| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
9445| [4882] Apache Wicket up to 1.5.4 directory traversal
9446| [4881] Apache Wicket up to 1.4.19 cross site scripting
9447| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
9448| [60352] Apache Struts up to 2.2.3 memory corruption
9449| [60153] Apache Portable Runtime up to 1.4.3 denial of service
9450| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
9451| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
9452| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
9453| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
9454| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
9455| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
9456| [4571] Apache Struts up to 2.3.1.2 privilege escalation
9457| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
9458| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
9459| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
9460| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
9461| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
9462| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
9463| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9464| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
9465| [59888] Apache Tomcat up to 6.0.6 denial of service
9466| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
9467| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
9468| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
9469| [59850] Apache Geronimo up to 2.2.1 denial of service
9470| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
9471| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
9472| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
9473| [58413] Apache Tomcat up to 6.0.10 spoofing
9474| [58381] Apache Wicket up to 1.4.17 cross site scripting
9475| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
9476| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
9477| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
9478| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
9479| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9480| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
9481| [57568] Apache Archiva up to 1.3.4 cross site scripting
9482| [57567] Apache Archiva up to 1.3.4 cross site request forgery
9483| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
9484| [4355] Apache HTTP Server APR apr_fnmatch denial of service
9485| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
9486| [57425] Apache Struts up to 2.2.1.1 cross site scripting
9487| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
9488| [57025] Apache Tomcat up to 7.0.11 information disclosure
9489| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
9490| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
9491| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
9492| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
9493| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
9494| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
9495| [56512] Apache Continuum up to 1.4.0 cross site scripting
9496| [4285] Apache Tomcat 5.x JVM getLocale denial of service
9497| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
9498| [4283] Apache Tomcat 5.x ServletContect privilege escalation
9499| [56441] Apache Tomcat up to 7.0.6 denial of service
9500| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
9501| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
9502| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
9503| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
9504| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
9505| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
9506| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
9507| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
9508| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
9509| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
9510| [54693] Apache Traffic Server DNS Cache unknown vulnerability
9511| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
9512| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
9513| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
9514| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
9515| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
9516| [54012] Apache Tomcat up to 6.0.10 denial of service
9517| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
9518| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
9519| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
9520| [52894] Apache Tomcat up to 6.0.7 information disclosure
9521| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
9522| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
9523| [52786] Apache Open For Business Project up to 09.04 cross site scripting
9524| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
9525| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
9526| [52584] Apache CouchDB up to 0.10.1 information disclosure
9527| [51757] Apache HTTP Server 2.0.44 cross site scripting
9528| [51756] Apache HTTP Server 2.0.44 spoofing
9529| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
9530| [51690] Apache Tomcat up to 6.0 directory traversal
9531| [51689] Apache Tomcat up to 6.0 information disclosure
9532| [51688] Apache Tomcat up to 6.0 directory traversal
9533| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
9534| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
9535| [50626] Apache Solr 1.0.0 cross site scripting
9536| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
9537| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
9538| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
9539| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
9540| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
9541| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
9542| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
9543| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
9544| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
9545| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
9546| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
9547| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
9548| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
9549| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
9550| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
9551| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
9552| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
9553| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
9554| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
9555| [47214] Apachefriends xampp 1.6.8 spoofing
9556| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
9557| [47162] Apachefriends XAMPP 1.4.4 weak authentication
9558| [47065] Apache Tomcat 4.1.23 cross site scripting
9559| [46834] Apache Tomcat up to 5.5.20 cross site scripting
9560| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
9561| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
9562| [86625] Apache Struts directory traversal
9563| [44461] Apache Tomcat up to 5.5.0 information disclosure
9564| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
9565| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
9566| [43663] Apache Tomcat up to 6.0.16 directory traversal
9567| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
9568| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
9569| [43516] Apache Tomcat up to 4.1.20 directory traversal
9570| [43509] Apache Tomcat up to 6.0.13 cross site scripting
9571| [42637] Apache Tomcat up to 6.0.16 cross site scripting
9572| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
9573| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
9574| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
9575| [40924] Apache Tomcat up to 6.0.15 information disclosure
9576| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
9577| [40922] Apache Tomcat up to 6.0 information disclosure
9578| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
9579| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
9580| [40656] Apache Tomcat 5.5.20 information disclosure
9581| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
9582| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
9583| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
9584| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
9585| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
9586| [40234] Apache Tomcat up to 6.0.15 directory traversal
9587| [40221] Apache HTTP Server 2.2.6 information disclosure
9588| [40027] David Castro Apache Authcas 0.4 sql injection
9589| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
9590| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
9591| [3414] Apache Tomcat WebDAV Stored privilege escalation
9592| [39489] Apache Jakarta Slide up to 2.1 directory traversal
9593| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
9594| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
9595| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
9596| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
9597| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
9598| [38524] Apache Geronimo 2.0 unknown vulnerability
9599| [3256] Apache Tomcat up to 6.0.13 cross site scripting
9600| [38331] Apache Tomcat 4.1.24 information disclosure
9601| [38330] Apache Tomcat 4.1.24 information disclosure
9602| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
9603| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
9604| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
9605| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
9606| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
9607| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
9608| [37292] Apache Tomcat up to 5.5.1 cross site scripting
9609| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
9610| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
9611| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
9612| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
9613| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
9614| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
9615| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
9616| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
9617| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
9618| [36225] XAMPP Apache Distribution 1.6.0a sql injection
9619| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
9620| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
9621| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
9622| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
9623| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
9624| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
9625| [34252] Apache HTTP Server denial of service
9626| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
9627| [33877] Apache Opentaps 0.9.3 cross site scripting
9628| [33876] Apache Open For Business Project unknown vulnerability
9629| [33875] Apache Open For Business Project cross site scripting
9630| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
9631| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
9632|
9633| MITRE CVE - https://cve.mitre.org:
9634| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
9635| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
9636| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
9637| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
9638| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
9639| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
9640| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
9641| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
9642| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
9643| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
9644| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
9645| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
9646| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
9647| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
9648| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
9649| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
9650| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
9651| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
9652| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
9653| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
9654| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
9655| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
9656| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
9657| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
9658| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
9659| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
9660| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
9661| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
9662| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
9663| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
9664| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9665| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
9666| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
9667| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
9668| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
9669| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
9670| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
9671| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
9672| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
9673| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
9674| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
9675| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9676| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9677| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9678| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
9679| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
9680| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
9681| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
9682| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
9683| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
9684| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
9685| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
9686| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
9687| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
9688| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
9689| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
9690| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
9691| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
9692| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
9693| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
9694| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
9695| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
9696| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
9697| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
9698| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9699| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
9700| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
9701| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
9702| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
9703| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
9704| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
9705| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
9706| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
9707| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
9708| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
9709| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
9710| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
9711| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
9712| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
9713| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
9714| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
9715| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
9716| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
9717| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
9718| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
9719| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
9720| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
9721| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
9722| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
9723| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
9724| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
9725| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
9726| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
9727| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
9728| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
9729| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
9730| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
9731| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
9732| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
9733| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
9734| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
9735| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
9736| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
9737| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
9738| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
9739| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
9740| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
9741| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
9742| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
9743| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
9744| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
9745| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
9746| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
9747| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
9748| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
9749| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
9750| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
9751| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
9752| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
9753| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
9754| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
9755| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
9756| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
9757| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
9758| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9759| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
9760| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
9761| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
9762| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
9763| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
9764| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
9765| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
9766| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
9767| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
9768| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
9769| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
9770| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
9771| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
9772| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
9773| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
9774| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
9775| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
9776| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
9777| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
9778| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
9779| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
9780| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
9781| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
9782| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
9783| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
9784| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
9785| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
9786| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
9787| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
9788| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
9789| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
9790| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
9791| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
9792| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
9793| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
9794| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
9795| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
9796| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
9797| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9798| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
9799| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
9800| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
9801| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
9802| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
9803| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
9804| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
9805| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
9806| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
9807| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
9808| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
9809| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
9810| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
9811| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
9812| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
9813| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9814| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
9815| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
9816| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
9817| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
9818| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
9819| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
9820| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
9821| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
9822| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
9823| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
9824| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
9825| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
9826| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
9827| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
9828| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
9829| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
9830| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
9831| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
9832| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
9833| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
9834| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
9835| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
9836| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
9837| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
9838| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
9839| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
9840| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
9841| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
9842| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
9843| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
9844| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
9845| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
9846| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
9847| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
9848| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
9849| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
9850| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
9851| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
9852| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
9853| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
9854| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9855| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
9856| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
9857| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
9858| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
9859| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
9860| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
9861| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
9862| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
9863| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
9864| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
9865| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
9866| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
9867| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
9868| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
9869| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
9870| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
9871| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
9872| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
9873| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
9874| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
9875| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
9876| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
9877| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
9878| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
9879| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
9880| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
9881| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
9882| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
9883| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
9884| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
9885| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
9886| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
9887| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
9888| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
9889| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
9890| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
9891| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
9892| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
9893| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
9894| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
9895| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
9896| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
9897| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
9898| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
9899| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
9900| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
9901| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
9902| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
9903| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
9904| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
9905| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
9906| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
9907| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
9908| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
9909| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
9910| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
9911| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
9912| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
9913| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
9914| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
9915| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
9916| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
9917| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
9918| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
9919| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
9920| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
9921| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
9922| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
9923| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
9924| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
9925| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
9926| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
9927| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9928| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
9929| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
9930| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
9931| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
9932| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
9933| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
9934| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
9935| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
9936| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
9937| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
9938| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
9939| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9940| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9941| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
9942| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
9943| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
9944| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
9945| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
9946| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
9947| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
9948| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
9949| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
9950| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
9951| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
9952| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
9953| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9954| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
9955| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
9956| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
9957| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
9958| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
9959| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
9960| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
9961| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
9962| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
9963| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
9964| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
9965| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
9966| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
9967| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
9968| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
9969| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
9970| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
9971| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
9972| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
9973| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
9974| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
9975| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
9976| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
9977| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
9978| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
9979| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
9980| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
9981| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9982| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
9983| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
9984| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
9985| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
9986| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9987| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
9988| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
9989| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
9990| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
9991| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
9992| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
9993| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
9994| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
9995| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
9996| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
9997| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
9998| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
9999| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10000| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10001| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10002| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10003| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10004| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10005| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10006| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10007| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10008| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10009| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10010| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10011| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10012| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10013| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10014| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10015| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10016| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10017| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10018| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10019| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10020| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10021| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10022| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10023| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10024| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10025| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10026| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10027| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10028| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10029| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10030| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10031| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10032| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10033| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10034| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10035| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10036| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10037| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10038| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10039| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10040| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10041| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10042| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10043| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10044| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10045| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10046| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10047| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10048| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10049| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10050| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10051| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10052| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10053| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10054| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10055| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10056| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10057| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10058| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10059| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10060| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10061| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10062| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10063| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10064| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10065| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10066| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10067| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10068| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10069| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10070| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10071| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10072| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10073| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10074| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10075| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10076| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10077| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10078| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10079| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10080| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10081| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10082| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10083| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10084| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10085| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10086| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10087| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10088| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10089| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10090| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10091| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10092| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10093| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10094| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10095| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10096| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10097| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10098| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10099| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10100| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10101| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10102| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10103| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10104| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10105| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10106| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10107| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10108| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10109| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10110| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10111| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10112| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10113| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10114| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10115| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10116| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10117| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10118| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10119| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10120| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10121| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10122| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10123| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10124| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10125| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10126| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10127| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10128| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10129| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10130| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10131| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10132| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10133| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10134| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10135| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10136| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10137| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10138| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10139| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10140| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10141| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10142| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10143| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10144| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10145| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10146| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10147| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10148| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10149| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10150| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10151| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10152| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10153| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10154| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10155| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10156| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10157| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10158| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10159| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10160| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10161| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10162| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10163| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10164| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10165| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10166| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10167| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10168| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10169| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10170| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10171| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10172| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10173| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10174| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10175| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10176| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10177| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10178| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10179| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10180| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10181| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10182| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10183| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10184| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10185| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10186| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10187| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10188| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10189| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10190| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10191| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10192| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10193| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10194| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10195| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10196| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10197| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10198| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10199| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10200| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10201| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10202| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10203| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10204| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10205| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10206| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10207| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10208| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10209| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10210| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10211| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10212| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10213| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10214| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10215| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10216| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10217| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10218| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10219| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10220| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10221| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10222| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10223| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10224| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10225| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10226| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10227| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10228| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10229| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10230| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10231| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10232| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10233| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10234| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10235| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10236| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10237| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10238| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10239| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10240| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10241| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10242| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10243|
10244| SecurityFocus - https://www.securityfocus.com/bid/:
10245| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10246| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10247| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10248| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10249| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10250| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10251| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10252| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10253| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10254| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10255| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10256| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10257| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10258| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10259| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10260| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10261| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10262| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10263| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10264| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10265| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10266| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10267| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10268| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10269| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10270| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10271| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10272| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10273| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10274| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10275| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10276| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10277| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10278| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10279| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10280| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10281| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10282| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10283| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10284| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10285| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10286| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10287| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10288| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10289| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10290| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10291| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10292| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10293| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10294| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10295| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10296| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10297| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10298| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10299| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10300| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10301| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10302| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10303| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10304| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10305| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10306| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10307| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10308| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10309| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10310| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10311| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10312| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10313| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10314| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10315| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10316| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10317| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10318| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10319| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10320| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10321| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10322| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10323| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10324| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10325| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10326| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10327| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10328| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10329| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10330| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10331| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10332| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10333| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10334| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10335| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10336| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10337| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10338| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10339| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10340| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10341| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10342| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10343| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10344| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10345| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10346| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10347| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10348| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
10349| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
10350| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
10351| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
10352| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
10353| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
10354| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
10355| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
10356| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
10357| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
10358| [100447] Apache2Triad Multiple Security Vulnerabilities
10359| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
10360| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
10361| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
10362| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
10363| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
10364| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
10365| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
10366| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
10367| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
10368| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
10369| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
10370| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
10371| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
10372| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
10373| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
10374| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
10375| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
10376| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
10377| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
10378| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
10379| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
10380| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
10381| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
10382| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
10383| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
10384| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
10385| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
10386| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
10387| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
10388| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
10389| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
10390| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
10391| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
10392| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
10393| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
10394| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
10395| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
10396| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
10397| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
10398| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
10399| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
10400| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
10401| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
10402| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
10403| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
10404| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
10405| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
10406| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
10407| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
10408| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
10409| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
10410| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
10411| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
10412| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
10413| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
10414| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
10415| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
10416| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
10417| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
10418| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
10419| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
10420| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
10421| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
10422| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
10423| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
10424| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
10425| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
10426| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
10427| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
10428| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
10429| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
10430| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
10431| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
10432| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
10433| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
10434| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
10435| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
10436| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
10437| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
10438| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
10439| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
10440| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
10441| [95675] Apache Struts Remote Code Execution Vulnerability
10442| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
10443| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
10444| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
10445| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
10446| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
10447| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
10448| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
10449| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
10450| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
10451| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
10452| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
10453| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
10454| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
10455| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
10456| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
10457| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
10458| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
10459| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
10460| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
10461| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
10462| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
10463| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
10464| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
10465| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
10466| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
10467| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
10468| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
10469| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
10470| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
10471| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
10472| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
10473| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
10474| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
10475| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
10476| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
10477| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
10478| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
10479| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
10480| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
10481| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
10482| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
10483| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
10484| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
10485| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
10486| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
10487| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
10488| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
10489| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
10490| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
10491| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
10492| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
10493| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
10494| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
10495| [91736] Apache XML-RPC Multiple Security Vulnerabilities
10496| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
10497| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
10498| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
10499| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
10500| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
10501| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
10502| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
10503| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
10504| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
10505| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
10506| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
10507| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
10508| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
10509| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
10510| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
10511| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
10512| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
10513| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
10514| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
10515| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
10516| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
10517| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
10518| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
10519| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
10520| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
10521| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
10522| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
10523| [90482] Apache CVE-2004-1387 Local Security Vulnerability
10524| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
10525| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
10526| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
10527| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
10528| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
10529| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
10530| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
10531| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
10532| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
10533| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
10534| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
10535| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
10536| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
10537| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
10538| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
10539| [86399] Apache CVE-2007-1743 Local Security Vulnerability
10540| [86397] Apache CVE-2007-1742 Local Security Vulnerability
10541| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
10542| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
10543| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
10544| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
10545| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
10546| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
10547| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
10548| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
10549| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
10550| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
10551| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
10552| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
10553| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
10554| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
10555| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
10556| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
10557| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
10558| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
10559| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
10560| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
10561| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
10562| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
10563| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
10564| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
10565| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
10566| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
10567| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
10568| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
10569| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
10570| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
10571| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
10572| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
10573| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
10574| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
10575| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
10576| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
10577| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
10578| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
10579| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
10580| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
10581| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
10582| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
10583| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
10584| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
10585| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
10586| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
10587| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
10588| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
10589| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
10590| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
10591| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
10592| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
10593| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
10594| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
10595| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
10596| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
10597| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
10598| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
10599| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
10600| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
10601| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
10602| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
10603| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
10604| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
10605| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
10606| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
10607| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
10608| [76933] Apache James Server Unspecified Command Execution Vulnerability
10609| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
10610| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
10611| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
10612| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
10613| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
10614| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
10615| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
10616| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
10617| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
10618| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
10619| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
10620| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
10621| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
10622| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
10623| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
10624| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
10625| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
10626| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
10627| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
10628| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
10629| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
10630| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
10631| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
10632| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
10633| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
10634| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
10635| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
10636| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
10637| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
10638| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
10639| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
10640| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
10641| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
10642| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
10643| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
10644| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
10645| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
10646| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
10647| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
10648| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
10649| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
10650| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
10651| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
10652| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
10653| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
10654| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
10655| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
10656| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
10657| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
10658| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
10659| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
10660| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
10661| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
10662| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
10663| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
10664| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
10665| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
10666| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
10667| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
10668| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
10669| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
10670| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
10671| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
10672| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
10673| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
10674| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
10675| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
10676| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
10677| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
10678| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
10679| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
10680| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
10681| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
10682| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
10683| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
10684| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
10685| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
10686| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
10687| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
10688| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
10689| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
10690| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
10691| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
10692| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
10693| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
10694| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
10695| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
10696| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
10697| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
10698| [68229] Apache Harmony PRNG Entropy Weakness
10699| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
10700| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
10701| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
10702| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
10703| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
10704| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
10705| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
10706| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
10707| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
10708| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
10709| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
10710| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
10711| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
10712| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
10713| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
10714| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
10715| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
10716| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
10717| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
10718| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
10719| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
10720| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
10721| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
10722| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
10723| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
10724| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
10725| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
10726| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
10727| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
10728| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
10729| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
10730| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
10731| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
10732| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
10733| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
10734| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
10735| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
10736| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
10737| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
10738| [64780] Apache CloudStack Unauthorized Access Vulnerability
10739| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
10740| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
10741| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
10742| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
10743| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
10744| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
10745| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
10746| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
10747| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
10748| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
10749| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
10750| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10751| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
10752| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
10753| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
10754| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
10755| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
10756| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
10757| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
10758| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
10759| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
10760| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
10761| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
10762| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
10763| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
10764| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
10765| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
10766| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
10767| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
10768| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
10769| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
10770| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
10771| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
10772| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
10773| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
10774| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
10775| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
10776| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
10777| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
10778| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
10779| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
10780| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
10781| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
10782| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
10783| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
10784| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
10785| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
10786| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
10787| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
10788| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
10789| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
10790| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
10791| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
10792| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
10793| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
10794| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
10795| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
10796| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
10797| [59670] Apache VCL Multiple Input Validation Vulnerabilities
10798| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
10799| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
10800| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
10801| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
10802| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
10803| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
10804| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
10805| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
10806| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
10807| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
10808| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
10809| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
10810| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
10811| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
10812| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
10813| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
10814| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
10815| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
10816| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
10817| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
10818| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
10819| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
10820| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
10821| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
10822| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
10823| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
10824| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
10825| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
10826| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
10827| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
10828| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
10829| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
10830| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
10831| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
10832| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
10833| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
10834| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
10835| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
10836| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
10837| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
10838| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
10839| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
10840| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
10841| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
10842| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
10843| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
10844| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
10845| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
10846| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
10847| [54798] Apache Libcloud Man In The Middle Vulnerability
10848| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
10849| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
10850| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
10851| [54189] Apache Roller Cross Site Request Forgery Vulnerability
10852| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
10853| [53880] Apache CXF Child Policies Security Bypass Vulnerability
10854| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
10855| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
10856| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
10857| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
10858| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
10859| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
10860| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
10861| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10862| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
10863| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
10864| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
10865| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
10866| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
10867| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
10868| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
10869| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
10870| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
10871| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
10872| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
10873| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
10874| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10875| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10876| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
10877| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
10878| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
10879| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
10880| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
10881| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
10882| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
10883| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10884| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
10885| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
10886| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
10887| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
10888| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
10889| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10890| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
10891| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
10892| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10893| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
10894| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
10895| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
10896| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
10897| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
10898| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
10899| [49290] Apache Wicket Cross Site Scripting Vulnerability
10900| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
10901| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
10902| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
10903| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
10904| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
10905| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
10906| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
10907| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10908| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
10909| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
10910| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
10911| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
10912| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
10913| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
10914| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
10915| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
10916| [46953] Apache MPM-ITK Module Security Weakness
10917| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
10918| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
10919| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
10920| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
10921| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
10922| [46166] Apache Tomcat JVM Denial of Service Vulnerability
10923| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
10924| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10925| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
10926| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
10927| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
10928| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
10929| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
10930| [44616] Apache Shiro Directory Traversal Vulnerability
10931| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
10932| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
10933| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
10934| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
10935| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
10936| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10937| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
10938| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
10939| [42492] Apache CXF XML DTD Processing Security Vulnerability
10940| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
10941| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10942| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10943| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
10944| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
10945| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10946| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
10947| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
10948| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
10949| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10950| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10951| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
10952| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
10953| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
10954| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
10955| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
10956| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
10957| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
10958| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
10959| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
10960| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
10961| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
10962| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
10963| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
10964| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
10965| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
10966| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
10967| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
10968| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
10969| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
10970| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10971| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
10972| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
10973| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
10974| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
10975| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
10976| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
10977| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
10978| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
10979| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
10980| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
10981| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10982| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
10983| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
10984| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
10985| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
10986| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
10987| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
10988| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
10989| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10990| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
10991| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
10992| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10993| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
10994| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
10995| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
10996| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
10997| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
10998| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
10999| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11000| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11001| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11002| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11003| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11004| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11005| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11006| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11007| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11008| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11009| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11010| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11011| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11012| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11013| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11014| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11015| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11016| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11017| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11018| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11019| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11020| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11021| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11022| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11023| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11024| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11025| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11026| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11027| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11028| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11029| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11030| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11031| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11032| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11033| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11034| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11035| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11036| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11037| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11038| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11039| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11040| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11041| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11042| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11043| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11044| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11045| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11046| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11047| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11048| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11049| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11050| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11051| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11052| [20527] Apache Mod_TCL Remote Format String Vulnerability
11053| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11054| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11055| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11056| [19106] Apache Tomcat Information Disclosure Vulnerability
11057| [18138] Apache James SMTP Denial Of Service Vulnerability
11058| [17342] Apache Struts Multiple Remote Vulnerabilities
11059| [17095] Apache Log4Net Denial Of Service Vulnerability
11060| [16916] Apache mod_python FileSession Code Execution Vulnerability
11061| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11062| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11063| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11064| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11065| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11066| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11067| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11068| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11069| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11070| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11071| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11072| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11073| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11074| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11075| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11076| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11077| [14106] Apache HTTP Request Smuggling Vulnerability
11078| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11079| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11080| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11081| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11082| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11083| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11084| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11085| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11086| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11087| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11088| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11089| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11090| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11091| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11092| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11093| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11094| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11095| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11096| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11097| [11094] Apache mod_ssl Denial Of Service Vulnerability
11098| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11099| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11100| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11101| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11102| [10478] ClueCentral Apache Suexec Patch Security Weakness
11103| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11104| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11105| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11106| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11107| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11108| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11109| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11110| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11111| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11112| [9733] Apache Cygwin Directory Traversal Vulnerability
11113| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11114| [9590] Apache-SSL Client Certificate Forging Vulnerability
11115| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11116| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11117| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11118| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11119| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11120| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11121| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11122| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11123| [8898] Red Hat Apache Directory Index Default Configuration Error
11124| [8883] Apache Cocoon Directory Traversal Vulnerability
11125| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11126| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11127| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11128| [8707] Apache htpasswd Password Entropy Weakness
11129| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11130| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11131| [8226] Apache HTTP Server Multiple Vulnerabilities
11132| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11133| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11134| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11135| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11136| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11137| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11138| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11139| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11140| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11141| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11142| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11143| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11144| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11145| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11146| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11147| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11148| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11149| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11150| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11151| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11152| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11153| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11154| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11155| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11156| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11157| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11158| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11159| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11160| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11161| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11162| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11163| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11164| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11165| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11166| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11167| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11168| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11169| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11170| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11171| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11172| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11173| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11174| [5485] Apache 2.0 Path Disclosure Vulnerability
11175| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11176| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11177| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11178| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11179| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11180| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11181| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11182| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11183| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11184| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11185| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11186| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11187| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11188| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11189| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11190| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11191| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11192| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11193| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11194| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11195| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11196| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11197| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11198| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11199| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11200| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11201| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11202| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11203| [3596] Apache Split-Logfile File Append Vulnerability
11204| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11205| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11206| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11207| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11208| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11209| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11210| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11211| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11212| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11213| [3169] Apache Server Address Disclosure Vulnerability
11214| [3009] Apache Possible Directory Index Disclosure Vulnerability
11215| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11216| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11217| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11218| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11219| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11220| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11221| [2216] Apache Web Server DoS Vulnerability
11222| [2182] Apache /tmp File Race Vulnerability
11223| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11224| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11225| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11226| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11227| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11228| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11229| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11230| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11231| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11232| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11233| [1457] Apache::ASP source.asp Example Script Vulnerability
11234| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11235| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11236|
11237| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11238| [86258] Apache CloudStack text fields cross-site scripting
11239| [85983] Apache Subversion mod_dav_svn module denial of service
11240| [85875] Apache OFBiz UEL code execution
11241| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11242| [85871] Apache HTTP Server mod_session_dbd unspecified
11243| [85756] Apache Struts OGNL expression command execution
11244| [85755] Apache Struts DefaultActionMapper class open redirect
11245| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11246| [85574] Apache HTTP Server mod_dav denial of service
11247| [85573] Apache Struts Showcase App OGNL code execution
11248| [85496] Apache CXF denial of service
11249| [85423] Apache Geronimo RMI classloader code execution
11250| [85326] Apache Santuario XML Security for C++ buffer overflow
11251| [85323] Apache Santuario XML Security for Java spoofing
11252| [85319] Apache Qpid Python client SSL spoofing
11253| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11254| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11255| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11256| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11257| [84952] Apache Tomcat CVE-2012-3544 denial of service
11258| [84763] Apache Struts CVE-2013-2135 security bypass
11259| [84762] Apache Struts CVE-2013-2134 security bypass
11260| [84719] Apache Subversion CVE-2013-2088 command execution
11261| [84718] Apache Subversion CVE-2013-2112 denial of service
11262| [84717] Apache Subversion CVE-2013-1968 denial of service
11263| [84577] Apache Tomcat security bypass
11264| [84576] Apache Tomcat symlink
11265| [84543] Apache Struts CVE-2013-2115 security bypass
11266| [84542] Apache Struts CVE-2013-1966 security bypass
11267| [84154] Apache Tomcat session hijacking
11268| [84144] Apache Tomcat denial of service
11269| [84143] Apache Tomcat information disclosure
11270| [84111] Apache HTTP Server command execution
11271| [84043] Apache Virtual Computing Lab cross-site scripting
11272| [84042] Apache Virtual Computing Lab cross-site scripting
11273| [83782] Apache CloudStack information disclosure
11274| [83781] Apache CloudStack security bypass
11275| [83720] Apache ActiveMQ cross-site scripting
11276| [83719] Apache ActiveMQ denial of service
11277| [83718] Apache ActiveMQ denial of service
11278| [83263] Apache Subversion denial of service
11279| [83262] Apache Subversion denial of service
11280| [83261] Apache Subversion denial of service
11281| [83259] Apache Subversion denial of service
11282| [83035] Apache mod_ruid2 security bypass
11283| [82852] Apache Qpid federation_tag security bypass
11284| [82851] Apache Qpid qpid::framing::Buffer denial of service
11285| [82758] Apache Rave User RPC API information disclosure
11286| [82663] Apache Subversion svn_fs_file_length() denial of service
11287| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11288| [82641] Apache Qpid AMQP denial of service
11289| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11290| [82618] Apache Commons FileUpload symlink
11291| [82360] Apache HTTP Server manager interface cross-site scripting
11292| [82359] Apache HTTP Server hostnames cross-site scripting
11293| [82338] Apache Tomcat log/logdir information disclosure
11294| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11295| [82268] Apache OpenJPA deserialization command execution
11296| [81981] Apache CXF UsernameTokens security bypass
11297| [81980] Apache CXF WS-Security security bypass
11298| [81398] Apache OFBiz cross-site scripting
11299| [81240] Apache CouchDB directory traversal
11300| [81226] Apache CouchDB JSONP code execution
11301| [81225] Apache CouchDB Futon user interface cross-site scripting
11302| [81211] Apache Axis2/C SSL spoofing
11303| [81167] Apache CloudStack DeployVM information disclosure
11304| [81166] Apache CloudStack AddHost API information disclosure
11305| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11306| [80518] Apache Tomcat cross-site request forgery security bypass
11307| [80517] Apache Tomcat FormAuthenticator security bypass
11308| [80516] Apache Tomcat NIO denial of service
11309| [80408] Apache Tomcat replay-countermeasure security bypass
11310| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11311| [80317] Apache Tomcat slowloris denial of service
11312| [79984] Apache Commons HttpClient SSL spoofing
11313| [79983] Apache CXF SSL spoofing
11314| [79830] Apache Axis2/Java SSL spoofing
11315| [79829] Apache Axis SSL spoofing
11316| [79809] Apache Tomcat DIGEST security bypass
11317| [79806] Apache Tomcat parseHeaders() denial of service
11318| [79540] Apache OFBiz unspecified
11319| [79487] Apache Axis2 SAML security bypass
11320| [79212] Apache Cloudstack code execution
11321| [78734] Apache CXF SOAP Action security bypass
11322| [78730] Apache Qpid broker denial of service
11323| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11324| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11325| [78562] Apache mod_pagespeed module security bypass
11326| [78454] Apache Axis2 security bypass
11327| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11328| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11329| [78321] Apache Wicket unspecified cross-site scripting
11330| [78183] Apache Struts parameters denial of service
11331| [78182] Apache Struts cross-site request forgery
11332| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11333| [77987] mod_rpaf module for Apache denial of service
11334| [77958] Apache Struts skill name code execution
11335| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11336| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11337| [77568] Apache Qpid broker security bypass
11338| [77421] Apache Libcloud spoofing
11339| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11340| [77046] Oracle Solaris Apache HTTP Server information disclosure
11341| [76837] Apache Hadoop information disclosure
11342| [76802] Apache Sling CopyFrom denial of service
11343| [76692] Apache Hadoop symlink
11344| [76535] Apache Roller console cross-site request forgery
11345| [76534] Apache Roller weblog cross-site scripting
11346| [76152] Apache CXF elements security bypass
11347| [76151] Apache CXF child policies security bypass
11348| [75983] MapServer for Windows Apache file include
11349| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
11350| [75558] Apache POI denial of service
11351| [75545] PHP apache_request_headers() buffer overflow
11352| [75302] Apache Qpid SASL security bypass
11353| [75211] Debian GNU/Linux apache 2 cross-site scripting
11354| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
11355| [74871] Apache OFBiz FlexibleStringExpander code execution
11356| [74870] Apache OFBiz multiple cross-site scripting
11357| [74750] Apache Hadoop unspecified spoofing
11358| [74319] Apache Struts XSLTResult.java file upload
11359| [74313] Apache Traffic Server header buffer overflow
11360| [74276] Apache Wicket directory traversal
11361| [74273] Apache Wicket unspecified cross-site scripting
11362| [74181] Apache HTTP Server mod_fcgid module denial of service
11363| [73690] Apache Struts OGNL code execution
11364| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
11365| [73100] Apache MyFaces in directory traversal
11366| [73096] Apache APR hash denial of service
11367| [73052] Apache Struts name cross-site scripting
11368| [73030] Apache CXF UsernameToken security bypass
11369| [72888] Apache Struts lastName cross-site scripting
11370| [72758] Apache HTTP Server httpOnly information disclosure
11371| [72757] Apache HTTP Server MPM denial of service
11372| [72585] Apache Struts ParameterInterceptor security bypass
11373| [72438] Apache Tomcat Digest security bypass
11374| [72437] Apache Tomcat Digest security bypass
11375| [72436] Apache Tomcat DIGEST security bypass
11376| [72425] Apache Tomcat parameter denial of service
11377| [72422] Apache Tomcat request object information disclosure
11378| [72377] Apache HTTP Server scoreboard security bypass
11379| [72345] Apache HTTP Server HTTP request denial of service
11380| [72229] Apache Struts ExceptionDelegator command execution
11381| [72089] Apache Struts ParameterInterceptor directory traversal
11382| [72088] Apache Struts CookieInterceptor command execution
11383| [72047] Apache Geronimo hash denial of service
11384| [72016] Apache Tomcat hash denial of service
11385| [71711] Apache Struts OGNL expression code execution
11386| [71654] Apache Struts interfaces security bypass
11387| [71620] Apache ActiveMQ failover denial of service
11388| [71617] Apache HTTP Server mod_proxy module information disclosure
11389| [71508] Apache MyFaces EL security bypass
11390| [71445] Apache HTTP Server mod_proxy security bypass
11391| [71203] Apache Tomcat servlets privilege escalation
11392| [71181] Apache HTTP Server ap_pregsub() denial of service
11393| [71093] Apache HTTP Server ap_pregsub() buffer overflow
11394| [70336] Apache HTTP Server mod_proxy information disclosure
11395| [69804] Apache HTTP Server mod_proxy_ajp denial of service
11396| [69472] Apache Tomcat AJP security bypass
11397| [69396] Apache HTTP Server ByteRange filter denial of service
11398| [69394] Apache Wicket multi window support cross-site scripting
11399| [69176] Apache Tomcat XML information disclosure
11400| [69161] Apache Tomcat jsvc information disclosure
11401| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
11402| [68541] Apache Tomcat sendfile information disclosure
11403| [68420] Apache XML Security denial of service
11404| [68238] Apache Tomcat JMX information disclosure
11405| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
11406| [67804] Apache Subversion control rules information disclosure
11407| [67803] Apache Subversion control rules denial of service
11408| [67802] Apache Subversion baselined denial of service
11409| [67672] Apache Archiva multiple cross-site scripting
11410| [67671] Apache Archiva multiple cross-site request forgery
11411| [67564] Apache APR apr_fnmatch() denial of service
11412| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
11413| [67515] Apache Tomcat annotations security bypass
11414| [67480] Apache Struts s:submit information disclosure
11415| [67414] Apache APR apr_fnmatch() denial of service
11416| [67356] Apache Struts javatemplates cross-site scripting
11417| [67354] Apache Struts Xwork cross-site scripting
11418| [66676] Apache Tomcat HTTP BIO information disclosure
11419| [66675] Apache Tomcat web.xml security bypass
11420| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
11421| [66241] Apache HttpComponents information disclosure
11422| [66154] Apache Tomcat ServletSecurity security bypass
11423| [65971] Apache Tomcat ServletSecurity security bypass
11424| [65876] Apache Subversion mod_dav_svn denial of service
11425| [65343] Apache Continuum unspecified cross-site scripting
11426| [65162] Apache Tomcat NIO connector denial of service
11427| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
11428| [65160] Apache Tomcat HTML Manager interface cross-site scripting
11429| [65159] Apache Tomcat ServletContect security bypass
11430| [65050] Apache CouchDB web-based administration UI cross-site scripting
11431| [64773] Oracle HTTP Server Apache Plugin unauthorized access
11432| [64473] Apache Subversion blame -g denial of service
11433| [64472] Apache Subversion walk() denial of service
11434| [64407] Apache Axis2 CVE-2010-0219 code execution
11435| [63926] Apache Archiva password privilege escalation
11436| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
11437| [63493] Apache Archiva credentials cross-site request forgery
11438| [63477] Apache Tomcat HttpOnly session hijacking
11439| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
11440| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
11441| [62959] Apache Shiro filters security bypass
11442| [62790] Apache Perl cgi module denial of service
11443| [62576] Apache Qpid exchange denial of service
11444| [62575] Apache Qpid AMQP denial of service
11445| [62354] Apache Qpid SSL denial of service
11446| [62235] Apache APR-util apr_brigade_split_line() denial of service
11447| [62181] Apache XML-RPC SAX Parser information disclosure
11448| [61721] Apache Traffic Server cache poisoning
11449| [61202] Apache Derby BUILTIN authentication functionality information disclosure
11450| [61186] Apache CouchDB Futon cross-site request forgery
11451| [61169] Apache CXF DTD denial of service
11452| [61070] Apache Jackrabbit search.jsp SQL injection
11453| [61006] Apache SLMS Quoting cross-site request forgery
11454| [60962] Apache Tomcat time cross-site scripting
11455| [60883] Apache mod_proxy_http information disclosure
11456| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
11457| [60264] Apache Tomcat Transfer-Encoding denial of service
11458| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
11459| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
11460| [59413] Apache mod_proxy_http timeout information disclosure
11461| [59058] Apache MyFaces unencrypted view state cross-site scripting
11462| [58827] Apache Axis2 xsd file include
11463| [58790] Apache Axis2 modules cross-site scripting
11464| [58299] Apache ActiveMQ queueBrowse cross-site scripting
11465| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
11466| [58056] Apache ActiveMQ .jsp source code disclosure
11467| [58055] Apache Tomcat realm name information disclosure
11468| [58046] Apache HTTP Server mod_auth_shadow security bypass
11469| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
11470| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
11471| [57429] Apache CouchDB algorithms information disclosure
11472| [57398] Apache ActiveMQ Web console cross-site request forgery
11473| [57397] Apache ActiveMQ createDestination.action cross-site scripting
11474| [56653] Apache HTTP Server DNS spoofing
11475| [56652] Apache HTTP Server DNS cross-site scripting
11476| [56625] Apache HTTP Server request header information disclosure
11477| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
11478| [56623] Apache HTTP Server mod_proxy_ajp denial of service
11479| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
11480| [55857] Apache Tomcat WAR files directory traversal
11481| [55856] Apache Tomcat autoDeploy attribute security bypass
11482| [55855] Apache Tomcat WAR directory traversal
11483| [55210] Intuit component for Joomla! Apache information disclosure
11484| [54533] Apache Tomcat 404 error page cross-site scripting
11485| [54182] Apache Tomcat admin default password
11486| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
11487| [53666] Apache HTTP Server Solaris pollset support denial of service
11488| [53650] Apache HTTP Server HTTP basic-auth module security bypass
11489| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
11490| [53041] mod_proxy_ftp module for Apache denial of service
11491| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
11492| [51953] Apache Tomcat Path Disclosure
11493| [51952] Apache Tomcat Path Traversal
11494| [51951] Apache stronghold-status Information Disclosure
11495| [51950] Apache stronghold-info Information Disclosure
11496| [51949] Apache PHP Source Code Disclosure
11497| [51948] Apache Multiviews Attack
11498| [51946] Apache JServ Environment Status Information Disclosure
11499| [51945] Apache error_log Information Disclosure
11500| [51944] Apache Default Installation Page Pattern Found
11501| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
11502| [51942] Apache AXIS XML External Entity File Retrieval
11503| [51941] Apache AXIS Sample Servlet Information Leak
11504| [51940] Apache access_log Information Disclosure
11505| [51626] Apache mod_deflate denial of service
11506| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
11507| [51365] Apache Tomcat RequestDispatcher security bypass
11508| [51273] Apache HTTP Server Incomplete Request denial of service
11509| [51195] Apache Tomcat XML information disclosure
11510| [50994] Apache APR-util xml/apr_xml.c denial of service
11511| [50993] Apache APR-util apr_brigade_vprintf denial of service
11512| [50964] Apache APR-util apr_strmatch_precompile() denial of service
11513| [50930] Apache Tomcat j_security_check information disclosure
11514| [50928] Apache Tomcat AJP denial of service
11515| [50884] Apache HTTP Server XML ENTITY denial of service
11516| [50808] Apache HTTP Server AllowOverride privilege escalation
11517| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
11518| [50059] Apache mod_proxy_ajp information disclosure
11519| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
11520| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
11521| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
11522| [49921] Apache ActiveMQ Web interface cross-site scripting
11523| [49898] Apache Geronimo Services/Repository directory traversal
11524| [49725] Apache Tomcat mod_jk module information disclosure
11525| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
11526| [49712] Apache Struts unspecified cross-site scripting
11527| [49213] Apache Tomcat cal2.jsp cross-site scripting
11528| [48934] Apache Tomcat POST doRead method information disclosure
11529| [48211] Apache Tomcat header HTTP request smuggling
11530| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
11531| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
11532| [47709] Apache Roller "
11533| [47104] Novell Netware ApacheAdmin console security bypass
11534| [47086] Apache HTTP Server OS fingerprinting unspecified
11535| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
11536| [45791] Apache Tomcat RemoteFilterValve security bypass
11537| [44435] Oracle WebLogic Apache Connector buffer overflow
11538| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
11539| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
11540| [44156] Apache Tomcat RequestDispatcher directory traversal
11541| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
11542| [43885] Oracle WebLogic Server Apache Connector buffer overflow
11543| [42987] Apache HTTP Server mod_proxy module denial of service
11544| [42915] Apache Tomcat JSP files path disclosure
11545| [42914] Apache Tomcat MS-DOS path disclosure
11546| [42892] Apache Tomcat unspecified unauthorized access
11547| [42816] Apache Tomcat Host Manager cross-site scripting
11548| [42303] Apache 403 error cross-site scripting
11549| [41618] Apache-SSL ExpandCert() authentication bypass
11550| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
11551| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
11552| [40614] Apache mod_jk2 HTTP Host header buffer overflow
11553| [40562] Apache Geronimo init information disclosure
11554| [40478] Novell Web Manager webadmin-apache.conf security bypass
11555| [40411] Apache Tomcat exception handling information disclosure
11556| [40409] Apache Tomcat native (APR based) connector weak security
11557| [40403] Apache Tomcat quotes and %5C cookie information disclosure
11558| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
11559| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
11560| [39867] Apache HTTP Server mod_negotiation cross-site scripting
11561| [39804] Apache Tomcat SingleSignOn information disclosure
11562| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
11563| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
11564| [39608] Apache HTTP Server balancer manager cross-site request forgery
11565| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
11566| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
11567| [39472] Apache HTTP Server mod_status cross-site scripting
11568| [39201] Apache Tomcat JULI logging weak security
11569| [39158] Apache HTTP Server Windows SMB shares information disclosure
11570| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
11571| [38951] Apache::AuthCAS Perl module cookie SQL injection
11572| [38800] Apache HTTP Server 413 error page cross-site scripting
11573| [38211] Apache Geronimo SQLLoginModule authentication bypass
11574| [37243] Apache Tomcat WebDAV directory traversal
11575| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
11576| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
11577| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
11578| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
11579| [36782] Apache Geronimo MEJB unauthorized access
11580| [36586] Apache HTTP Server UTF-7 cross-site scripting
11581| [36468] Apache Geronimo LoginModule security bypass
11582| [36467] Apache Tomcat functions.jsp cross-site scripting
11583| [36402] Apache Tomcat calendar cross-site request forgery
11584| [36354] Apache HTTP Server mod_proxy module denial of service
11585| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
11586| [36336] Apache Derby lock table privilege escalation
11587| [36335] Apache Derby schema privilege escalation
11588| [36006] Apache Tomcat "
11589| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
11590| [35999] Apache Tomcat \"
11591| [35795] Apache Tomcat CookieExample cross-site scripting
11592| [35536] Apache Tomcat SendMailServlet example cross-site scripting
11593| [35384] Apache HTTP Server mod_cache module denial of service
11594| [35097] Apache HTTP Server mod_status module cross-site scripting
11595| [35095] Apache HTTP Server Prefork MPM module denial of service
11596| [34984] Apache HTTP Server recall_headers information disclosure
11597| [34966] Apache HTTP Server MPM content spoofing
11598| [34965] Apache HTTP Server MPM information disclosure
11599| [34963] Apache HTTP Server MPM multiple denial of service
11600| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
11601| [34869] Apache Tomcat JSP example Web application cross-site scripting
11602| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
11603| [34496] Apache Tomcat JK Connector security bypass
11604| [34377] Apache Tomcat hello.jsp cross-site scripting
11605| [34212] Apache Tomcat SSL configuration security bypass
11606| [34210] Apache Tomcat Accept-Language cross-site scripting
11607| [34209] Apache Tomcat calendar application cross-site scripting
11608| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
11609| [34167] Apache Axis WSDL file path disclosure
11610| [34068] Apache Tomcat AJP connector information disclosure
11611| [33584] Apache HTTP Server suEXEC privilege escalation
11612| [32988] Apache Tomcat proxy module directory traversal
11613| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
11614| [32708] Debian Apache tty privilege escalation
11615| [32441] ApacheStats extract() PHP call unspecified
11616| [32128] Apache Tomcat default account
11617| [31680] Apache Tomcat RequestParamExample cross-site scripting
11618| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
11619| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
11620| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
11621| [30456] Apache mod_auth_kerb off-by-one buffer overflow
11622| [29550] Apache mod_tcl set_var() format string
11623| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
11624| [28357] Apache HTTP Server mod_alias script source information disclosure
11625| [28063] Apache mod_rewrite off-by-one buffer overflow
11626| [27902] Apache Tomcat URL information disclosure
11627| [26786] Apache James SMTP server denial of service
11628| [25680] libapache2 /tmp/svn file upload
11629| [25614] Apache Struts lookupMap cross-site scripting
11630| [25613] Apache Struts ActionForm denial of service
11631| [25612] Apache Struts isCancelled() security bypass
11632| [24965] Apache mod_python FileSession command execution
11633| [24716] Apache James spooler memory leak denial of service
11634| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
11635| [24158] Apache Geronimo jsp-examples cross-site scripting
11636| [24030] Apache auth_ldap module multiple format strings
11637| [24008] Apache mod_ssl custom error message denial of service
11638| [24003] Apache mod_auth_pgsql module multiple syslog format strings
11639| [23612] Apache mod_imap referer field cross-site scripting
11640| [23173] Apache Struts error message cross-site scripting
11641| [22942] Apache Tomcat directory listing denial of service
11642| [22858] Apache Multi-Processing Module code allows denial of service
11643| [22602] RHSA-2005:582 updates for Apache httpd not installed
11644| [22520] Apache mod-auth-shadow "
11645| [22466] ApacheTop symlink
11646| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
11647| [22006] Apache HTTP Server byte-range filter denial of service
11648| [21567] Apache mod_ssl off-by-one buffer overflow
11649| [21195] Apache HTTP Server header HTTP request smuggling
11650| [20383] Apache HTTP Server htdigest buffer overflow
11651| [19681] Apache Tomcat AJP12 request denial of service
11652| [18993] Apache HTTP server check_forensic symlink attack
11653| [18790] Apache Tomcat Manager cross-site scripting
11654| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
11655| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
11656| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
11657| [17961] Apache Web server ServerTokens has not been set
11658| [17930] Apache HTTP Server HTTP GET request denial of service
11659| [17785] Apache mod_include module buffer overflow
11660| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
11661| [17473] Apache HTTP Server Satisfy directive allows access to resources
11662| [17413] Apache htpasswd buffer overflow
11663| [17384] Apache HTTP Server environment variable configuration file buffer overflow
11664| [17382] Apache HTTP Server IPv6 apr_util denial of service
11665| [17366] Apache HTTP Server mod_dav module LOCK denial of service
11666| [17273] Apache HTTP Server speculative mode denial of service
11667| [17200] Apache HTTP Server mod_ssl denial of service
11668| [16890] Apache HTTP Server server-info request has been detected
11669| [16889] Apache HTTP Server server-status request has been detected
11670| [16705] Apache mod_ssl format string attack
11671| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
11672| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
11673| [16230] Apache HTTP Server PHP denial of service
11674| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
11675| [15958] Apache HTTP Server authentication modules memory corruption
11676| [15547] Apache HTTP Server mod_disk_cache local information disclosure
11677| [15540] Apache HTTP Server socket starvation denial of service
11678| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
11679| [15422] Apache HTTP Server mod_access information disclosure
11680| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
11681| [15293] Apache for Cygwin "
11682| [15065] Apache-SSL has a default password
11683| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
11684| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
11685| [14751] Apache Mod_python output filter information disclosure
11686| [14125] Apache HTTP Server mod_userdir module information disclosure
11687| [14075] Apache HTTP Server mod_php file descriptor leak
11688| [13703] Apache HTTP Server account
11689| [13689] Apache HTTP Server configuration allows symlinks
11690| [13688] Apache HTTP Server configuration allows SSI
11691| [13687] Apache HTTP Server Server: header value
11692| [13685] Apache HTTP Server ServerTokens value
11693| [13684] Apache HTTP Server ServerSignature value
11694| [13672] Apache HTTP Server config allows directory autoindexing
11695| [13671] Apache HTTP Server default content
11696| [13670] Apache HTTP Server config file directive references outside content root
11697| [13668] Apache HTTP Server httpd not running in chroot environment
11698| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
11699| [13664] Apache HTTP Server config file contains ScriptAlias entry
11700| [13663] Apache HTTP Server CGI support modules loaded
11701| [13661] Apache HTTP Server config file contains AddHandler entry
11702| [13660] Apache HTTP Server 500 error page not CGI script
11703| [13659] Apache HTTP Server 413 error page not CGI script
11704| [13658] Apache HTTP Server 403 error page not CGI script
11705| [13657] Apache HTTP Server 401 error page not CGI script
11706| [13552] Apache HTTP Server mod_cgid module information disclosure
11707| [13550] Apache GET request directory traversal
11708| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
11709| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
11710| [13429] Apache Tomcat non-HTTP request denial of service
11711| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
11712| [13295] Apache weak password encryption
11713| [13254] Apache Tomcat .jsp cross-site scripting
11714| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
11715| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
11716| [12681] Apache HTTP Server mod_proxy could allow mail relaying
11717| [12662] Apache HTTP Server rotatelogs denial of service
11718| [12554] Apache Tomcat stores password in plain text
11719| [12553] Apache HTTP Server redirects and subrequests denial of service
11720| [12552] Apache HTTP Server FTP proxy server denial of service
11721| [12551] Apache HTTP Server prefork MPM denial of service
11722| [12550] Apache HTTP Server weaker than expected encryption
11723| [12549] Apache HTTP Server type-map file denial of service
11724| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
11725| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
11726| [12091] Apache HTTP Server apr_password_validate denial of service
11727| [12090] Apache HTTP Server apr_psprintf code execution
11728| [11804] Apache HTTP Server mod_access_referer denial of service
11729| [11750] Apache HTTP Server could leak sensitive file descriptors
11730| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
11731| [11703] Apache long slash path allows directory listing
11732| [11695] Apache HTTP Server LF (Line Feed) denial of service
11733| [11694] Apache HTTP Server filestat.c denial of service
11734| [11438] Apache HTTP Server MIME message boundaries information disclosure
11735| [11412] Apache HTTP Server error log terminal escape sequence injection
11736| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
11737| [11195] Apache Tomcat web.xml could be used to read files
11738| [11194] Apache Tomcat URL appended with a null character could list directories
11739| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
11740| [11126] Apache HTTP Server illegal character file disclosure
11741| [11125] Apache HTTP Server DOS device name HTTP POST code execution
11742| [11124] Apache HTTP Server DOS device name denial of service
11743| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
11744| [10938] Apache HTTP Server printenv test CGI cross-site scripting
11745| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
11746| [10575] Apache mod_php module could allow an attacker to take over the httpd process
11747| [10499] Apache HTTP Server WebDAV HTTP POST view source
11748| [10457] Apache HTTP Server mod_ssl "
11749| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
11750| [10414] Apache HTTP Server htdigest multiple buffer overflows
11751| [10413] Apache HTTP Server htdigest temporary file race condition
11752| [10412] Apache HTTP Server htpasswd temporary file race condition
11753| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
11754| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
11755| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
11756| [10280] Apache HTTP Server shared memory scorecard overwrite
11757| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
11758| [10241] Apache HTTP Server Host: header cross-site scripting
11759| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
11760| [10208] Apache HTTP Server mod_dav denial of service
11761| [10206] HP VVOS Apache mod_ssl denial of service
11762| [10200] Apache HTTP Server stderr denial of service
11763| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
11764| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
11765| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
11766| [10098] Slapper worm targets OpenSSL/Apache systems
11767| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
11768| [9875] Apache HTTP Server .var file request could disclose installation path
11769| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
11770| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
11771| [9623] Apache HTTP Server ap_log_rerror() path disclosure
11772| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
11773| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
11774| [9396] Apache Tomcat null character to threads denial of service
11775| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
11776| [9249] Apache HTTP Server chunked encoding heap buffer overflow
11777| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
11778| [8932] Apache Tomcat example class information disclosure
11779| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
11780| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
11781| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
11782| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
11783| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
11784| [8400] Apache HTTP Server mod_frontpage buffer overflows
11785| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
11786| [8308] Apache "
11787| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
11788| [8119] Apache and PHP OPTIONS request reveals "
11789| [8054] Apache is running on the system
11790| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
11791| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
11792| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
11793| [7836] Apache HTTP Server log directory denial of service
11794| [7815] Apache for Windows "
11795| [7810] Apache HTTP request could result in unexpected behavior
11796| [7599] Apache Tomcat reveals installation path
11797| [7494] Apache "
11798| [7419] Apache Web Server could allow remote attackers to overwrite .log files
11799| [7363] Apache Web Server hidden HTTP requests
11800| [7249] Apache mod_proxy denial of service
11801| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
11802| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
11803| [7059] Apache "
11804| [7057] Apache "
11805| [7056] Apache "
11806| [7055] Apache "
11807| [7054] Apache "
11808| [6997] Apache Jakarta Tomcat error message may reveal information
11809| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
11810| [6970] Apache crafted HTTP request could reveal the internal IP address
11811| [6921] Apache long slash path allows directory listing
11812| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
11813| [6527] Apache Web Server for Windows and OS2 denial of service
11814| [6316] Apache Jakarta Tomcat may reveal JSP source code
11815| [6305] Apache Jakarta Tomcat directory traversal
11816| [5926] Linux Apache symbolic link
11817| [5659] Apache Web server discloses files when used with php script
11818| [5310] Apache mod_rewrite allows attacker to view arbitrary files
11819| [5204] Apache WebDAV directory listings
11820| [5197] Apache Web server reveals CGI script source code
11821| [5160] Apache Jakarta Tomcat default installation
11822| [5099] Trustix Secure Linux installs Apache with world writable access
11823| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
11824| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
11825| [4931] Apache source.asp example file allows users to write to files
11826| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
11827| [4205] Apache Jakarta Tomcat delivers file contents
11828| [2084] Apache on Debian by default serves the /usr/doc directory
11829| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
11830| [697] Apache HTTP server beck exploit
11831| [331] Apache cookies buffer overflow
11832|
11833| Exploit-DB - https://www.exploit-db.com:
11834| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
11835| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11836| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11837| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
11838| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
11839| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
11840| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
11841| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
11842| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
11843| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11844| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
11845| [29859] Apache Roller OGNL Injection
11846| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
11847| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
11848| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
11849| [29290] Apache / PHP 5.x Remote Code Execution Exploit
11850| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
11851| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
11852| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
11853| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
11854| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
11855| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
11856| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
11857| [27096] Apache Geronimo 1.0 Error Page XSS
11858| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
11859| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
11860| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
11861| [25986] Plesk Apache Zeroday Remote Exploit
11862| [25980] Apache Struts includeParams Remote Code Execution
11863| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
11864| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
11865| [24874] Apache Struts ParametersInterceptor Remote Code Execution
11866| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
11867| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
11868| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
11869| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
11870| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
11871| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
11872| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
11873| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
11874| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
11875| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
11876| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
11877| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
11878| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
11879| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
11880| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
11881| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
11882| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11883| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
11884| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
11885| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11886| [21719] Apache 2.0 Path Disclosure Vulnerability
11887| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11888| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
11889| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
11890| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
11891| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
11892| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
11893| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
11894| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
11895| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
11896| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
11897| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
11898| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
11899| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
11900| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
11901| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
11902| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
11903| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
11904| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
11905| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
11906| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
11907| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
11908| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
11909| [20558] Apache 1.2 Web Server DoS Vulnerability
11910| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
11911| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
11912| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
11913| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
11914| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
11915| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
11916| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
11917| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
11918| [19231] PHP apache_request_headers Function Buffer Overflow
11919| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
11920| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
11921| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
11922| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
11923| [18442] Apache httpOnly Cookie Disclosure
11924| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
11925| [18221] Apache HTTP Server Denial of Service
11926| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
11927| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
11928| [17691] Apache Struts < 2.2.0 - Remote Command Execution
11929| [16798] Apache mod_jk 1.2.20 Buffer Overflow
11930| [16782] Apache Win32 Chunked Encoding
11931| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
11932| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
11933| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
11934| [15319] Apache 2.2 (Windows) Local Denial of Service
11935| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
11936| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11937| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
11938| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
11939| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
11940| [12330] Apache OFBiz - Multiple XSS
11941| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
11942| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
11943| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
11944| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
11945| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
11946| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
11947| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
11948| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11949| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11950| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
11951| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
11952| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
11953| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
11954| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
11955| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
11956| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
11957| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
11958| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
11959| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
11960| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
11961| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
11962| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
11963| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
11964| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
11965| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
11966| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
11967| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
11968| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
11969| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
11970| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
11971| [466] htpasswd Apache 1.3.31 - Local Exploit
11972| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
11973| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
11974| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
11975| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
11976| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
11977| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
11978| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
11979| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
11980| [9] Apache HTTP Server 2.x Memory Leak Exploit
11981|
11982| OpenVAS (Nessus) - http://www.openvas.org:
11983| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
11984| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
11985| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11986| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
11987| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
11988| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11989| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11990| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
11991| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
11992| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
11993| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
11994| [900571] Apache APR-Utils Version Detection
11995| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
11996| [900496] Apache Tiles Multiple XSS Vulnerability
11997| [900493] Apache Tiles Version Detection
11998| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
11999| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12000| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12001| [870175] RedHat Update for apache RHSA-2008:0004-01
12002| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12003| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12004| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12005| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12006| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12007| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12008| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12009| [855821] Solaris Update for Apache 1.3 122912-19
12010| [855812] Solaris Update for Apache 1.3 122911-19
12011| [855737] Solaris Update for Apache 1.3 122911-17
12012| [855731] Solaris Update for Apache 1.3 122912-17
12013| [855695] Solaris Update for Apache 1.3 122911-16
12014| [855645] Solaris Update for Apache 1.3 122912-16
12015| [855587] Solaris Update for kernel update and Apache 108529-29
12016| [855566] Solaris Update for Apache 116973-07
12017| [855531] Solaris Update for Apache 116974-07
12018| [855524] Solaris Update for Apache 2 120544-14
12019| [855494] Solaris Update for Apache 1.3 122911-15
12020| [855478] Solaris Update for Apache Security 114145-11
12021| [855472] Solaris Update for Apache Security 113146-12
12022| [855179] Solaris Update for Apache 1.3 122912-15
12023| [855147] Solaris Update for kernel update and Apache 108528-29
12024| [855077] Solaris Update for Apache 2 120543-14
12025| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12026| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12027| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12028| [841209] Ubuntu Update for apache2 USN-1627-1
12029| [840900] Ubuntu Update for apache2 USN-1368-1
12030| [840798] Ubuntu Update for apache2 USN-1259-1
12031| [840734] Ubuntu Update for apache2 USN-1199-1
12032| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12033| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12034| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12035| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12036| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12037| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12038| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12039| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12040| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12041| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12042| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12043| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12044| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12045| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12046| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12047| [835188] HP-UX Update for Apache HPSBUX02308
12048| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12049| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12050| [835172] HP-UX Update for Apache HPSBUX02365
12051| [835168] HP-UX Update for Apache HPSBUX02313
12052| [835148] HP-UX Update for Apache HPSBUX01064
12053| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12054| [835131] HP-UX Update for Apache HPSBUX00256
12055| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12056| [835104] HP-UX Update for Apache HPSBUX00224
12057| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12058| [835101] HP-UX Update for Apache HPSBUX01232
12059| [835080] HP-UX Update for Apache HPSBUX02273
12060| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12061| [835044] HP-UX Update for Apache HPSBUX01019
12062| [835040] HP-UX Update for Apache PHP HPSBUX00207
12063| [835025] HP-UX Update for Apache HPSBUX00197
12064| [835023] HP-UX Update for Apache HPSBUX01022
12065| [835022] HP-UX Update for Apache HPSBUX02292
12066| [835005] HP-UX Update for Apache HPSBUX02262
12067| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12068| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12069| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12070| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12071| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12072| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12073| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12074| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12075| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12076| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12077| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12078| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12079| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12080| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12081| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12082| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12083| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12084| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12085| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12086| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12087| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12088| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12089| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12090| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12091| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12092| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12093| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12094| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12095| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12096| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12097| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12098| [801942] Apache Archiva Multiple Vulnerabilities
12099| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12100| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12101| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12102| [801284] Apache Derby Information Disclosure Vulnerability
12103| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12104| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12105| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12106| [800680] Apache APR Version Detection
12107| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12108| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12109| [800677] Apache Roller Version Detection
12110| [800279] Apache mod_jk Module Version Detection
12111| [800278] Apache Struts Cross Site Scripting Vulnerability
12112| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12113| [800276] Apache Struts Version Detection
12114| [800271] Apache Struts Directory Traversal Vulnerability
12115| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12116| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12117| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12118| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12119| [103074] Apache Continuum Cross Site Scripting Vulnerability
12120| [103073] Apache Continuum Detection
12121| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12122| [101023] Apache Open For Business Weak Password security check
12123| [101020] Apache Open For Business HTML injection vulnerability
12124| [101019] Apache Open For Business service detection
12125| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12126| [100923] Apache Archiva Detection
12127| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12128| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12129| [100813] Apache Axis2 Detection
12130| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12131| [100795] Apache Derby Detection
12132| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12133| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12134| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12135| [100514] Apache Multiple Security Vulnerabilities
12136| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12137| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12138| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12139| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12140| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12141| [72612] FreeBSD Ports: apache22
12142| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12143| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12144| [71512] FreeBSD Ports: apache
12145| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12146| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12147| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12148| [70737] FreeBSD Ports: apache
12149| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12150| [70600] FreeBSD Ports: apache
12151| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12152| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12153| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12154| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12155| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12156| [67868] FreeBSD Ports: apache
12157| [66816] FreeBSD Ports: apache
12158| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12159| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12160| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12161| [66081] SLES11: Security update for Apache 2
12162| [66074] SLES10: Security update for Apache 2
12163| [66070] SLES9: Security update for Apache 2
12164| [65998] SLES10: Security update for apache2-mod_python
12165| [65893] SLES10: Security update for Apache 2
12166| [65888] SLES10: Security update for Apache 2
12167| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12168| [65510] SLES9: Security update for Apache 2
12169| [65472] SLES9: Security update for Apache
12170| [65467] SLES9: Security update for Apache
12171| [65450] SLES9: Security update for apache2
12172| [65390] SLES9: Security update for Apache2
12173| [65363] SLES9: Security update for Apache2
12174| [65309] SLES9: Security update for Apache and mod_ssl
12175| [65296] SLES9: Security update for webdav apache module
12176| [65283] SLES9: Security update for Apache2
12177| [65249] SLES9: Security update for Apache 2
12178| [65230] SLES9: Security update for Apache 2
12179| [65228] SLES9: Security update for Apache 2
12180| [65212] SLES9: Security update for apache2-mod_python
12181| [65209] SLES9: Security update for apache2-worker
12182| [65207] SLES9: Security update for Apache 2
12183| [65168] SLES9: Security update for apache2-mod_python
12184| [65142] SLES9: Security update for Apache2
12185| [65136] SLES9: Security update for Apache 2
12186| [65132] SLES9: Security update for apache
12187| [65131] SLES9: Security update for Apache 2 oes/CORE
12188| [65113] SLES9: Security update for apache2
12189| [65072] SLES9: Security update for apache and mod_ssl
12190| [65017] SLES9: Security update for Apache 2
12191| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12192| [64783] FreeBSD Ports: apache
12193| [64774] Ubuntu USN-802-2 (apache2)
12194| [64653] Ubuntu USN-813-2 (apache2)
12195| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12196| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12197| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12198| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12199| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12200| [64443] Ubuntu USN-802-1 (apache2)
12201| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12202| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12203| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12204| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12205| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12206| [64201] Ubuntu USN-787-1 (apache2)
12207| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12208| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12209| [63565] FreeBSD Ports: apache
12210| [63562] Ubuntu USN-731-1 (apache2)
12211| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12212| [61185] FreeBSD Ports: apache
12213| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12214| [60387] Slackware Advisory SSA:2008-045-02 apache
12215| [58826] FreeBSD Ports: apache-tomcat
12216| [58825] FreeBSD Ports: apache-tomcat
12217| [58804] FreeBSD Ports: apache
12218| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12219| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12220| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12221| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12222| [57335] Debian Security Advisory DSA 1167-1 (apache)
12223| [57201] Debian Security Advisory DSA 1131-1 (apache)
12224| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12225| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12226| [57145] FreeBSD Ports: apache
12227| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12228| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12229| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12230| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12231| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12232| [56067] FreeBSD Ports: apache
12233| [55803] Slackware Advisory SSA:2005-310-04 apache
12234| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12235| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12236| [55355] FreeBSD Ports: apache
12237| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12238| [55261] Debian Security Advisory DSA 805-1 (apache2)
12239| [55259] Debian Security Advisory DSA 803-1 (apache)
12240| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12241| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12242| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12243| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12244| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12245| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12246| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12247| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12248| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12249| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12250| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12251| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12252| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12253| [54439] FreeBSD Ports: apache
12254| [53931] Slackware Advisory SSA:2004-133-01 apache
12255| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12256| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12257| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12258| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12259| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12260| [53848] Debian Security Advisory DSA 131-1 (apache)
12261| [53784] Debian Security Advisory DSA 021-1 (apache)
12262| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12263| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12264| [53735] Debian Security Advisory DSA 187-1 (apache)
12265| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12266| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12267| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12268| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12269| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12270| [53282] Debian Security Advisory DSA 594-1 (apache)
12271| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12272| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12273| [53215] Debian Security Advisory DSA 525-1 (apache)
12274| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12275| [52529] FreeBSD Ports: apache+ssl
12276| [52501] FreeBSD Ports: apache
12277| [52461] FreeBSD Ports: apache
12278| [52390] FreeBSD Ports: apache
12279| [52389] FreeBSD Ports: apache
12280| [52388] FreeBSD Ports: apache
12281| [52383] FreeBSD Ports: apache
12282| [52339] FreeBSD Ports: apache+mod_ssl
12283| [52331] FreeBSD Ports: apache
12284| [52329] FreeBSD Ports: ru-apache+mod_ssl
12285| [52314] FreeBSD Ports: apache
12286| [52310] FreeBSD Ports: apache
12287| [15588] Detect Apache HTTPS
12288| [15555] Apache mod_proxy content-length buffer overflow
12289| [15554] Apache mod_include priviledge escalation
12290| [14771] Apache <= 1.3.33 htpasswd local overflow
12291| [14177] Apache mod_access rule bypass
12292| [13644] Apache mod_rootme Backdoor
12293| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12294| [12280] Apache Connection Blocking Denial of Service
12295| [12239] Apache Error Log Escape Sequence Injection
12296| [12123] Apache Tomcat source.jsp malformed request information disclosure
12297| [12085] Apache Tomcat servlet/JSP container default files
12298| [11438] Apache Tomcat Directory Listing and File disclosure
12299| [11204] Apache Tomcat Default Accounts
12300| [11092] Apache 2.0.39 Win32 directory traversal
12301| [11046] Apache Tomcat TroubleShooter Servlet Installed
12302| [11042] Apache Tomcat DOS Device Name XSS
12303| [11041] Apache Tomcat /servlet Cross Site Scripting
12304| [10938] Apache Remote Command Execution via .bat files
12305| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12306| [10773] MacOS X Finder reveals contents of Apache Web files
12307| [10766] Apache UserDir Sensitive Information Disclosure
12308| [10756] MacOS X Finder reveals contents of Apache Web directories
12309| [10752] Apache Auth Module SQL Insertion Attack
12310| [10704] Apache Directory Listing
12311| [10678] Apache /server-info accessible
12312| [10677] Apache /server-status accessible
12313| [10440] Check for Apache Multiple / vulnerability
12314|
12315| SecurityTracker - https://www.securitytracker.com:
12316| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12317| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12318| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12319| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12320| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12321| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12322| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12323| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12324| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12325| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12326| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12327| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12328| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12329| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12330| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12331| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12332| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12333| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12334| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12335| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12336| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12337| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12338| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12339| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12340| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12341| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12342| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12343| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12344| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12345| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12346| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12347| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12348| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
12349| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
12350| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
12351| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
12352| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
12353| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
12354| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
12355| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
12356| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
12357| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
12358| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
12359| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
12360| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
12361| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
12362| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12363| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
12364| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
12365| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
12366| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
12367| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
12368| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
12369| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
12370| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
12371| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
12372| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
12373| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
12374| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
12375| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
12376| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
12377| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
12378| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
12379| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
12380| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
12381| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
12382| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
12383| [1024096] Apache mod_proxy_http May Return Results for a Different Request
12384| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
12385| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
12386| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
12387| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
12388| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
12389| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
12390| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
12391| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
12392| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
12393| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
12394| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
12395| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
12396| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
12397| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12398| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
12399| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
12400| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
12401| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
12402| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
12403| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
12404| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
12405| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
12406| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
12407| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
12408| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
12409| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
12410| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
12411| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
12412| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
12413| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
12414| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
12415| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
12416| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
12417| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
12418| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
12419| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
12420| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
12421| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
12422| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
12423| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
12424| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
12425| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
12426| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
12427| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
12428| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
12429| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
12430| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
12431| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
12432| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
12433| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
12434| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
12435| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
12436| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
12437| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
12438| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
12439| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
12440| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
12441| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
12442| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
12443| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
12444| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
12445| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
12446| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
12447| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
12448| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
12449| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
12450| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
12451| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
12452| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
12453| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
12454| [1008920] Apache mod_digest May Validate Replayed Client Responses
12455| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
12456| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
12457| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
12458| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
12459| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
12460| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
12461| [1008030] Apache mod_rewrite Contains a Buffer Overflow
12462| [1008029] Apache mod_alias Contains a Buffer Overflow
12463| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
12464| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
12465| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
12466| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
12467| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
12468| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
12469| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
12470| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
12471| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
12472| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
12473| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
12474| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
12475| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
12476| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
12477| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
12478| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
12479| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
12480| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
12481| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
12482| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
12483| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
12484| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
12485| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
12486| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
12487| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
12488| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
12489| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
12490| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
12491| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
12492| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
12493| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
12494| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
12495| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
12496| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
12497| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
12498| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
12499| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
12500| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
12501| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12502| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
12503| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
12504| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
12505| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
12506| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
12507| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
12508| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
12509| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
12510| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
12511| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
12512| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
12513| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
12514| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
12515| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
12516| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
12517| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
12518| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
12519|
12520| OSVDB - http://www.osvdb.org:
12521| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
12522| [96077] Apache CloudStack Global Settings Multiple Field XSS
12523| [96076] Apache CloudStack Instances Menu Display Name Field XSS
12524| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
12525| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
12526| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
12527| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
12528| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
12529| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
12530| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
12531| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
12532| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
12533| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12534| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
12535| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
12536| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
12537| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
12538| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
12539| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
12540| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
12541| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
12542| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
12543| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
12544| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
12545| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
12546| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
12547| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
12548| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
12549| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
12550| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
12551| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
12552| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
12553| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
12554| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
12555| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
12556| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
12557| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
12558| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
12559| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
12560| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
12561| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
12562| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
12563| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
12564| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
12565| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
12566| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
12567| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
12568| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
12569| [94279] Apache Qpid CA Certificate Validation Bypass
12570| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
12571| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
12572| [94042] Apache Axis JAX-WS Java Unspecified Exposure
12573| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
12574| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
12575| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
12576| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
12577| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
12578| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
12579| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
12580| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
12581| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
12582| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
12583| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
12584| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
12585| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
12586| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
12587| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
12588| [93541] Apache Solr json.wrf Callback XSS
12589| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
12590| [93521] Apache jUDDI Security API Token Session Persistence Weakness
12591| [93520] Apache CloudStack Default SSL Key Weakness
12592| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
12593| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
12594| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
12595| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
12596| [93515] Apache HBase table.jsp name Parameter XSS
12597| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
12598| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
12599| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
12600| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
12601| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
12602| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
12603| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
12604| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
12605| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
12606| [93252] Apache Tomcat FORM Authenticator Session Fixation
12607| [93172] Apache Camel camel/endpoints/ Endpoint XSS
12608| [93171] Apache Sling HtmlResponse Error Message XSS
12609| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
12610| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
12611| [93168] Apache Click ErrorReport.java id Parameter XSS
12612| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
12613| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
12614| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
12615| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
12616| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
12617| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
12618| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
12619| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
12620| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
12621| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
12622| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
12623| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
12624| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
12625| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
12626| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
12627| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
12628| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
12629| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
12630| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
12631| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
12632| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
12633| [93144] Apache Solr Admin Command Execution CSRF
12634| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
12635| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
12636| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
12637| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
12638| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
12639| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
12640| [92748] Apache CloudStack VM Console Access Restriction Bypass
12641| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
12642| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
12643| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
12644| [92706] Apache ActiveMQ Debug Log Rendering XSS
12645| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
12646| [92270] Apache Tomcat Unspecified CSRF
12647| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
12648| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
12649| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
12650| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
12651| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
12652| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
12653| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
12654| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
12655| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
12656| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
12657| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
12658| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
12659| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
12660| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
12661| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
12662| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
12663| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
12664| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
12665| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
12666| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
12667| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
12668| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
12669| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
12670| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
12671| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
12672| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
12673| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
12674| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
12675| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
12676| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
12677| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
12678| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
12679| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
12680| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
12681| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
12682| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
12683| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
12684| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
12685| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
12686| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
12687| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
12688| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
12689| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
12690| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
12691| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
12692| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
12693| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
12694| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
12695| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
12696| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
12697| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
12698| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
12699| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
12700| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
12701| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
12702| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
12703| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
12704| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
12705| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
12706| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
12707| [86901] Apache Tomcat Error Message Path Disclosure
12708| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
12709| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
12710| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
12711| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
12712| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
12713| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
12714| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
12715| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
12716| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
12717| [85430] Apache mod_pagespeed Module Unspecified XSS
12718| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
12719| [85249] Apache Wicket Unspecified XSS
12720| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
12721| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
12722| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
12723| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
12724| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
12725| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
12726| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
12727| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
12728| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
12729| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
12730| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
12731| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
12732| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
12733| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
12734| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
12735| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
12736| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
12737| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
12738| [83339] Apache Roller Blogger Roll Unspecified XSS
12739| [83270] Apache Roller Unspecified Admin Action CSRF
12740| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
12741| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
12742| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
12743| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
12744| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
12745| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
12746| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
12747| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
12748| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
12749| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
12750| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
12751| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
12752| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
12753| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
12754| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
12755| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
12756| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
12757| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
12758| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
12759| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
12760| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
12761| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
12762| [80300] Apache Wicket wicket:pageMapName Parameter XSS
12763| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
12764| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
12765| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
12766| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
12767| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
12768| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
12769| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
12770| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
12771| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
12772| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
12773| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
12774| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
12775| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
12776| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
12777| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
12778| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
12779| [78331] Apache Tomcat Request Object Recycling Information Disclosure
12780| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
12781| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
12782| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
12783| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
12784| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
12785| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
12786| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
12787| [77593] Apache Struts Conversion Error OGNL Expression Injection
12788| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
12789| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
12790| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
12791| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
12792| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
12793| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
12794| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
12795| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
12796| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
12797| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
12798| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
12799| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
12800| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
12801| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
12802| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
12803| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
12804| [74725] Apache Wicket Multi Window Support Unspecified XSS
12805| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
12806| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
12807| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
12808| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
12809| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
12810| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
12811| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
12812| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
12813| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
12814| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
12815| [73644] Apache XML Security Signature Key Parsing Overflow DoS
12816| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
12817| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
12818| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
12819| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
12820| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
12821| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
12822| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
12823| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
12824| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
12825| [73154] Apache Archiva Multiple Unspecified CSRF
12826| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
12827| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
12828| [72238] Apache Struts Action / Method Names <
12829| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
12830| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
12831| [71557] Apache Tomcat HTML Manager Multiple XSS
12832| [71075] Apache Archiva User Management Page XSS
12833| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
12834| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
12835| [70924] Apache Continuum Multiple Admin Function CSRF
12836| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
12837| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
12838| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
12839| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
12840| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
12841| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
12842| [69520] Apache Archiva Administrator Credential Manipulation CSRF
12843| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
12844| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
12845| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
12846| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
12847| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
12848| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
12849| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
12850| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
12851| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
12852| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
12853| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
12854| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
12855| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
12856| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
12857| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
12858| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
12859| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
12860| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
12861| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
12862| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
12863| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
12864| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
12865| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
12866| [65054] Apache ActiveMQ Jetty Error Handler XSS
12867| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
12868| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
12869| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
12870| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
12871| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
12872| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
12873| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
12874| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
12875| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
12876| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
12877| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
12878| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
12879| [63895] Apache HTTP Server mod_headers Unspecified Issue
12880| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
12881| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
12882| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
12883| [63140] Apache Thrift Service Malformed Data Remote DoS
12884| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
12885| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
12886| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
12887| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
12888| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
12889| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
12890| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
12891| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
12892| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
12893| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
12894| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
12895| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
12896| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
12897| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
12898| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
12899| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
12900| [60678] Apache Roller Comment Email Notification Manipulation DoS
12901| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
12902| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
12903| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
12904| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
12905| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
12906| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
12907| [60232] PHP on Apache php.exe Direct Request Remote DoS
12908| [60176] Apache Tomcat Windows Installer Admin Default Password
12909| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
12910| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
12911| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
12912| [59944] Apache Hadoop jobhistory.jsp XSS
12913| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
12914| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
12915| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
12916| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
12917| [59019] Apache mod_python Cookie Salting Weakness
12918| [59018] Apache Harmony Error Message Handling Overflow
12919| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
12920| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
12921| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
12922| [59010] Apache Solr get-file.jsp XSS
12923| [59009] Apache Solr action.jsp XSS
12924| [59008] Apache Solr analysis.jsp XSS
12925| [59007] Apache Solr schema.jsp Multiple Parameter XSS
12926| [59006] Apache Beehive select / checkbox Tag XSS
12927| [59005] Apache Beehive jpfScopeID Global Parameter XSS
12928| [59004] Apache Beehive Error Message XSS
12929| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
12930| [59002] Apache Jetspeed default-page.psml URI XSS
12931| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
12932| [59000] Apache CXF Unsigned Message Policy Bypass
12933| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
12934| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
12935| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
12936| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
12937| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
12938| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
12939| [58993] Apache Hadoop browseBlock.jsp XSS
12940| [58991] Apache Hadoop browseDirectory.jsp XSS
12941| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
12942| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
12943| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
12944| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
12945| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
12946| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
12947| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
12948| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
12949| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
12950| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
12951| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
12952| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
12953| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
12954| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
12955| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
12956| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
12957| [58974] Apache Sling /apps Script User Session Management Access Weakness
12958| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
12959| [58931] Apache Geronimo Cookie Parameters Validation Weakness
12960| [58930] Apache Xalan-C++ XPath Handling Remote DoS
12961| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
12962| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
12963| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
12964| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
12965| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
12966| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
12967| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
12968| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
12969| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
12970| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
12971| [58805] Apache Derby Unauthenticated Database / Admin Access
12972| [58804] Apache Wicket Header Contribution Unspecified Issue
12973| [58803] Apache Wicket Session Fixation
12974| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
12975| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
12976| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
12977| [58799] Apache Tapestry Logging Cleartext Password Disclosure
12978| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
12979| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
12980| [58796] Apache Jetspeed Unsalted Password Storage Weakness
12981| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
12982| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
12983| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
12984| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
12985| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
12986| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
12987| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
12988| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
12989| [58775] Apache JSPWiki preview.jsp action Parameter XSS
12990| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
12991| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
12992| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
12993| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
12994| [58770] Apache JSPWiki Group.jsp group Parameter XSS
12995| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
12996| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
12997| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
12998| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
12999| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13000| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13001| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13002| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13003| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13004| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13005| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13006| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13007| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13008| [58755] Apache Harmony DRLVM Non-public Class Member Access
13009| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13010| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13011| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13012| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13013| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13014| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13015| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13016| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13017| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13018| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13019| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13020| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13021| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13022| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13023| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13024| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13025| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13026| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13027| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13028| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13029| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13030| [58724] Apache Roller Logout Functionality Failure Session Persistence
13031| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13032| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13033| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13034| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13035| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13036| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13037| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13038| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13039| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13040| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13041| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13042| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13043| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13044| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13045| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13046| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13047| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13048| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13049| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13050| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13051| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13052| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13053| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13054| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13055| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13056| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13057| [58687] Apache Axis Invalid wsdl Request XSS
13058| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13059| [58685] Apache Velocity Template Designer Privileged Code Execution
13060| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13061| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13062| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13063| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13064| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13065| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13066| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13067| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13068| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13069| [58667] Apache Roller Database Cleartext Passwords Disclosure
13070| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13071| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13072| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13073| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13074| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13075| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13076| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13077| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13078| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13079| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13080| [56984] Apache Xerces2 Java Malformed XML Input DoS
13081| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13082| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13083| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13084| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13085| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13086| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13087| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13088| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13089| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13090| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13091| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13092| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13093| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13094| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13095| [55056] Apache Tomcat Cross-application TLD File Manipulation
13096| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13097| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13098| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13099| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13100| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13101| [54589] Apache Jserv Nonexistent JSP Request XSS
13102| [54122] Apache Struts s:a / s:url Tag href Element XSS
13103| [54093] Apache ActiveMQ Web Console JMS Message XSS
13104| [53932] Apache Geronimo Multiple Admin Function CSRF
13105| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13106| [53930] Apache Geronimo /console/portal/ URI XSS
13107| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13108| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13109| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13110| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13111| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13112| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13113| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13114| [53380] Apache Struts Unspecified XSS
13115| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13116| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13117| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13118| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13119| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13120| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13121| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13122| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13123| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13124| [51151] Apache Roller Search Function q Parameter XSS
13125| [50482] PHP with Apache php_value Order Unspecified Issue
13126| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13127| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13128| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13129| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13130| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13131| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13132| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13133| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13134| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13135| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13136| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13137| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13138| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13139| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13140| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13141| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13142| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13143| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13144| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13145| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13146| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13147| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13148| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13149| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13150| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13151| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13152| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13153| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13154| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13155| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13156| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13157| [43452] Apache Tomcat HTTP Request Smuggling
13158| [43309] Apache Geronimo LoginModule Login Method Bypass
13159| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13160| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13161| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13162| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13163| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13164| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13165| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13166| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13167| [42091] Apache Maven Site Plugin Installation Permission Weakness
13168| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13169| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13170| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13171| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13172| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13173| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13174| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13175| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13176| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13177| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13178| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13179| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13180| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13181| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13182| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13183| [40262] Apache HTTP Server mod_status refresh XSS
13184| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13185| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13186| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13187| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13188| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13189| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13190| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13191| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13192| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13193| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13194| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13195| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13196| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13197| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13198| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13199| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13200| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13201| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13202| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13203| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13204| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13205| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13206| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13207| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13208| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13209| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13210| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13211| [36079] Apache Tomcat Manager Uploaded Filename XSS
13212| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13213| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13214| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13215| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13216| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13217| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13218| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13219| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13220| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13221| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13222| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13223| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13224| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13225| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13226| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13227| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13228| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13229| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13230| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13231| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13232| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13233| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13234| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13235| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13236| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13237| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13238| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13239| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13240| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13241| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13242| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13243| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13244| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13245| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13246| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13247| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13248| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13249| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13250| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13251| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13252| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13253| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13254| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13255| [24365] Apache Struts Multiple Function Error Message XSS
13256| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13257| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13258| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13259| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13260| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13261| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13262| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13263| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13264| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13265| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13266| [22459] Apache Geronimo Error Page XSS
13267| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13268| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13269| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13270| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13271| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13272| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13273| [21021] Apache Struts Error Message XSS
13274| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13275| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13276| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13277| [20439] Apache Tomcat Directory Listing Saturation DoS
13278| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13279| [20285] Apache HTTP Server Log File Control Character Injection
13280| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13281| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13282| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13283| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13284| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13285| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13286| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13287| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13288| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13289| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13290| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13291| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13292| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13293| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13294| [18233] Apache HTTP Server htdigest user Variable Overfow
13295| [17738] Apache HTTP Server HTTP Request Smuggling
13296| [16586] Apache HTTP Server Win32 GET Overflow DoS
13297| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13298| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13299| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13300| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13301| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13302| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13303| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13304| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13305| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13306| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13307| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13308| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13309| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13310| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13311| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13312| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13313| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13314| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13315| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13316| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13317| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13318| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13319| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13320| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13321| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13322| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13323| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13324| [13304] Apache Tomcat realPath.jsp Path Disclosure
13325| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13326| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13327| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13328| [12848] Apache HTTP Server htdigest realm Variable Overflow
13329| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13330| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13331| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13332| [12557] Apache HTTP Server prefork MPM accept Error DoS
13333| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13334| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13335| [12231] Apache Tomcat web.xml Arbitrary File Access
13336| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13337| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13338| [12178] Apache Jakarta Lucene results.jsp XSS
13339| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13340| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13341| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13342| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13343| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13344| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13345| [10471] Apache Xerces-C++ XML Parser DoS
13346| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13347| [10068] Apache HTTP Server htpasswd Local Overflow
13348| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
13349| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
13350| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
13351| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
13352| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
13353| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
13354| [9717] Apache HTTP Server mod_cookies Cookie Overflow
13355| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
13356| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
13357| [9714] Apache Authentication Module Threaded MPM DoS
13358| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
13359| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
13360| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
13361| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
13362| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
13363| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
13364| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
13365| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
13366| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
13367| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
13368| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
13369| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
13370| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
13371| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
13372| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
13373| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
13374| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
13375| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
13376| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
13377| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
13378| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
13379| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
13380| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
13381| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
13382| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
13383| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
13384| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
13385| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
13386| [9208] Apache Tomcat .jsp Encoded Newline XSS
13387| [9204] Apache Tomcat ROOT Application XSS
13388| [9203] Apache Tomcat examples Application XSS
13389| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
13390| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
13391| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
13392| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
13393| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
13394| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
13395| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
13396| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
13397| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
13398| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
13399| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
13400| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
13401| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
13402| [7611] Apache HTTP Server mod_alias Local Overflow
13403| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
13404| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
13405| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
13406| [6882] Apache mod_python Malformed Query String Variant DoS
13407| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
13408| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
13409| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
13410| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
13411| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
13412| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
13413| [5526] Apache Tomcat Long .JSP URI Path Disclosure
13414| [5278] Apache Tomcat web.xml Restriction Bypass
13415| [5051] Apache Tomcat Null Character DoS
13416| [4973] Apache Tomcat servlet Mapping XSS
13417| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
13418| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
13419| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
13420| [4568] mod_survey For Apache ENV Tags SQL Injection
13421| [4553] Apache HTTP Server ApacheBench Overflow DoS
13422| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
13423| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
13424| [4383] Apache HTTP Server Socket Race Condition DoS
13425| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
13426| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
13427| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
13428| [4231] Apache Cocoon Error Page Server Path Disclosure
13429| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
13430| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
13431| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
13432| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
13433| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
13434| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
13435| [3322] mod_php for Apache HTTP Server Process Hijack
13436| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
13437| [2885] Apache mod_python Malformed Query String DoS
13438| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
13439| [2733] Apache HTTP Server mod_rewrite Local Overflow
13440| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
13441| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
13442| [2149] Apache::Gallery Privilege Escalation
13443| [2107] Apache HTTP Server mod_ssl Host: Header XSS
13444| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
13445| [1833] Apache HTTP Server Multiple Slash GET Request DoS
13446| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
13447| [872] Apache Tomcat Multiple Default Accounts
13448| [862] Apache HTTP Server SSI Error Page XSS
13449| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
13450| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
13451| [845] Apache Tomcat MSDOS Device XSS
13452| [844] Apache Tomcat Java Servlet Error Page XSS
13453| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
13454| [838] Apache HTTP Server Chunked Encoding Remote Overflow
13455| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
13456| [775] Apache mod_python Module Importing Privilege Function Execution
13457| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
13458| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
13459| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
13460| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
13461| [637] Apache HTTP Server UserDir Directive Username Enumeration
13462| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
13463| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
13464| [562] Apache HTTP Server mod_info /server-info Information Disclosure
13465| [561] Apache Web Servers mod_status /server-status Information Disclosure
13466| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
13467| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
13468| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
13469| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
13470| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
13471| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
13472| [376] Apache Tomcat contextAdmin Arbitrary File Access
13473| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
13474| [222] Apache HTTP Server test-cgi Arbitrary File Access
13475| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
13476| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
13477|_
134787172/tcp closed metalbend
134797173/tcp open http Apache httpd
13480|_http-server-header: Apache
13481| vulscan: VulDB - https://vuldb.com:
13482| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
13483| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
13484| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
13485| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
13486| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
13487| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
13488| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
13489| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
13490| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
13491| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
13492| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
13493| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
13494| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
13495| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
13496| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
13497| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
13498| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
13499| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
13500| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
13501| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
13502| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
13503| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
13504| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
13505| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
13506| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
13507| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
13508| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
13509| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
13510| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
13511| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
13512| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
13513| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
13514| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13515| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
13516| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
13517| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13518| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
13519| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
13520| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
13521| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
13522| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13523| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
13524| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
13525| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
13526| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
13527| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13528| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
13529| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
13530| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
13531| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13532| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
13533| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
13534| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
13535| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
13536| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
13537| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
13538| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
13539| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
13540| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
13541| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
13542| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
13543| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13544| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
13545| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
13546| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
13547| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13548| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
13549| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
13550| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
13551| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
13552| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
13553| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
13554| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
13555| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
13556| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
13557| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
13558| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
13559| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
13560| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
13561| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
13562| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
13563| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
13564| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
13565| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
13566| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
13567| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
13568| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
13569| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
13570| [136370] Apache Fineract up to 1.2.x sql injection
13571| [136369] Apache Fineract up to 1.2.x sql injection
13572| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
13573| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
13574| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
13575| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
13576| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
13577| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
13578| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
13579| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
13580| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
13581| [134416] Apache Sanselan 0.97-incubator Loop denial of service
13582| [134415] Apache Sanselan 0.97-incubator Hang denial of service
13583| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
13584| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
13585| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13586| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
13587| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
13588| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
13589| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
13590| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
13591| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
13592| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
13593| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
13594| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
13595| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
13596| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
13597| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
13598| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
13599| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
13600| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
13601| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
13602| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
13603| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
13604| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
13605| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
13606| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
13607| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
13608| [131859] Apache Hadoop up to 2.9.1 privilege escalation
13609| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
13610| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
13611| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
13612| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
13613| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
13614| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
13615| [130629] Apache Guacamole Cookie Flag weak encryption
13616| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
13617| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
13618| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
13619| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
13620| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
13621| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
13622| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
13623| [130123] Apache Airflow up to 1.8.2 information disclosure
13624| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
13625| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
13626| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
13627| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
13628| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13629| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13630| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
13631| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
13632| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
13633| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
13634| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
13635| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
13636| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13637| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
13638| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
13639| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
13640| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
13641| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
13642| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13643| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
13644| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
13645| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
13646| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
13647| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
13648| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
13649| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
13650| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
13651| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
13652| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
13653| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
13654| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
13655| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
13656| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
13657| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
13658| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
13659| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
13660| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
13661| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
13662| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
13663| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
13664| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
13665| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
13666| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
13667| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
13668| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
13669| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
13670| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
13671| [127007] Apache Spark Request Code Execution
13672| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
13673| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
13674| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
13675| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
13676| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
13677| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
13678| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
13679| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
13680| [126346] Apache Tomcat Path privilege escalation
13681| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
13682| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
13683| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
13684| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
13685| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
13686| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
13687| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
13688| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
13689| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
13690| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
13691| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
13692| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
13693| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
13694| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
13695| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
13696| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
13697| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
13698| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
13699| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
13700| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
13701| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
13702| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
13703| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
13704| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
13705| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
13706| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
13707| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
13708| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
13709| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
13710| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
13711| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
13712| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
13713| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
13714| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
13715| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
13716| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
13717| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
13718| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
13719| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
13720| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
13721| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
13722| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
13723| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
13724| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
13725| [123197] Apache Sentry up to 2.0.0 privilege escalation
13726| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
13727| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
13728| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
13729| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
13730| [122800] Apache Spark 1.3.0 REST API weak authentication
13731| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
13732| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
13733| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
13734| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
13735| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
13736| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
13737| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
13738| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
13739| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
13740| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
13741| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
13742| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
13743| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
13744| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
13745| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
13746| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
13747| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
13748| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
13749| [121354] Apache CouchDB HTTP API Code Execution
13750| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
13751| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
13752| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
13753| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
13754| [120168] Apache CXF weak authentication
13755| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
13756| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
13757| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
13758| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
13759| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
13760| [119306] Apache MXNet Network Interface privilege escalation
13761| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
13762| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
13763| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
13764| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
13765| [118143] Apache NiFi activemq-client Library Deserialization denial of service
13766| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
13767| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
13768| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
13769| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
13770| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
13771| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
13772| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
13773| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
13774| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
13775| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
13776| [117115] Apache Tika up to 1.17 tika-server command injection
13777| [116929] Apache Fineract getReportType Parameter privilege escalation
13778| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
13779| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
13780| [116926] Apache Fineract REST Parameter privilege escalation
13781| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
13782| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
13783| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
13784| [115883] Apache Hive up to 2.3.2 privilege escalation
13785| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
13786| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
13787| [115518] Apache Ignite 2.3 Deserialization privilege escalation
13788| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
13789| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
13790| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
13791| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
13792| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
13793| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
13794| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
13795| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
13796| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
13797| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
13798| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
13799| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
13800| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
13801| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
13802| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
13803| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
13804| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
13805| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
13806| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
13807| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
13808| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
13809| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
13810| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
13811| [113895] Apache Geode up to 1.3.x Code Execution
13812| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
13813| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
13814| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
13815| [113747] Apache Tomcat Servlets privilege escalation
13816| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
13817| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
13818| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
13819| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
13820| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
13821| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13822| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
13823| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
13824| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
13825| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
13826| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
13827| [112885] Apache Allura up to 1.8.0 File information disclosure
13828| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
13829| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
13830| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
13831| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
13832| [112625] Apache POI up to 3.16 Loop denial of service
13833| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
13834| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
13835| [112339] Apache NiFi 1.5.0 Header privilege escalation
13836| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
13837| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
13838| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
13839| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
13840| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
13841| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
13842| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
13843| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
13844| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
13845| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
13846| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
13847| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
13848| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
13849| [112114] Oracle 9.1 Apache Log4j privilege escalation
13850| [112113] Oracle 9.1 Apache Log4j privilege escalation
13851| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
13852| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
13853| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
13854| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
13855| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
13856| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
13857| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
13858| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
13859| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
13860| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
13861| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
13862| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
13863| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
13864| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
13865| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
13866| [110701] Apache Fineract Query Parameter sql injection
13867| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
13868| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
13869| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
13870| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
13871| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
13872| [110106] Apache CXF Fediz Spring cross site request forgery
13873| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
13874| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
13875| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
13876| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
13877| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
13878| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
13879| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
13880| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
13881| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
13882| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
13883| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
13884| [108938] Apple macOS up to 10.13.1 apache denial of service
13885| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
13886| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
13887| [108935] Apple macOS up to 10.13.1 apache denial of service
13888| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
13889| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
13890| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
13891| [108931] Apple macOS up to 10.13.1 apache denial of service
13892| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
13893| [108929] Apple macOS up to 10.13.1 apache denial of service
13894| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
13895| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
13896| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
13897| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
13898| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
13899| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
13900| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
13901| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
13902| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
13903| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
13904| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
13905| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
13906| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
13907| [108782] Apache Xerces2 XML Service denial of service
13908| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
13909| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
13910| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
13911| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
13912| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
13913| [108629] Apache OFBiz up to 10.04.01 privilege escalation
13914| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
13915| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
13916| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
13917| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
13918| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
13919| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
13920| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
13921| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
13922| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
13923| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
13924| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
13925| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
13926| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
13927| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
13928| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
13929| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
13930| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
13931| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
13932| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
13933| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
13934| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
13935| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
13936| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
13937| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
13938| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
13939| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
13940| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
13941| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
13942| [107639] Apache NiFi 1.4.0 XML External Entity
13943| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
13944| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
13945| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
13946| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
13947| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
13948| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
13949| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
13950| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
13951| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
13952| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
13953| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
13954| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13955| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
13956| [107197] Apache Xerces Jelly Parser XML File XML External Entity
13957| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
13958| [107084] Apache Struts up to 2.3.19 cross site scripting
13959| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
13960| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
13961| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
13962| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
13963| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
13964| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
13965| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
13966| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
13967| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
13968| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
13969| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
13970| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
13971| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13972| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
13973| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
13974| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
13975| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
13976| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
13977| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
13978| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
13979| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
13980| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
13981| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
13982| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
13983| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
13984| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
13985| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
13986| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
13987| [105878] Apache Struts up to 2.3.24.0 privilege escalation
13988| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
13989| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
13990| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
13991| [105643] Apache Pony Mail up to 0.8b weak authentication
13992| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
13993| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
13994| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
13995| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
13996| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
13997| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
13998| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
13999| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
14000| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
14001| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
14002| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
14003| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
14004| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
14005| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
14006| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
14007| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
14008| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
14009| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
14010| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
14011| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
14012| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
14013| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
14014| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
14015| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
14016| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
14017| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
14018| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
14019| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
14020| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
14021| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
14022| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
14023| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
14024| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
14025| [103690] Apache OpenMeetings 1.0.0 sql injection
14026| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
14027| [103688] Apache OpenMeetings 1.0.0 weak encryption
14028| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
14029| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
14030| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
14031| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
14032| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
14033| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
14034| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
14035| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
14036| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
14037| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
14038| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
14039| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
14040| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
14041| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
14042| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
14043| [103352] Apache Solr Node weak authentication
14044| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
14045| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
14046| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
14047| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
14048| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
14049| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
14050| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
14051| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
14052| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
14053| [102536] Apache Ranger up to 0.6 Stored cross site scripting
14054| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
14055| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
14056| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
14057| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
14058| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
14059| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
14060| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
14061| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
14062| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
14063| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
14064| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
14065| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
14066| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
14067| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
14068| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
14069| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
14070| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
14071| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
14072| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
14073| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
14074| [99937] Apache Batik up to 1.8 privilege escalation
14075| [99936] Apache FOP up to 2.1 privilege escalation
14076| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
14077| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
14078| [99930] Apache Traffic Server up to 6.2.0 denial of service
14079| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
14080| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
14081| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
14082| [117569] Apache Hadoop up to 2.7.3 privilege escalation
14083| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
14084| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
14085| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
14086| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
14087| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
14088| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
14089| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
14090| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
14091| [99014] Apache Camel Jackson/JacksonXML privilege escalation
14092| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14093| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
14094| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
14095| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
14096| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
14097| [98605] Apple macOS up to 10.12.3 Apache denial of service
14098| [98604] Apple macOS up to 10.12.3 Apache denial of service
14099| [98603] Apple macOS up to 10.12.3 Apache denial of service
14100| [98602] Apple macOS up to 10.12.3 Apache denial of service
14101| [98601] Apple macOS up to 10.12.3 Apache denial of service
14102| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
14103| [98405] Apache Hadoop up to 0.23.10 privilege escalation
14104| [98199] Apache Camel Validation XML External Entity
14105| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
14106| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
14107| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
14108| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
14109| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
14110| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
14111| [97081] Apache Tomcat HTTPS Request denial of service
14112| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
14113| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
14114| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
14115| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
14116| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
14117| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
14118| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
14119| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
14120| [95311] Apache Storm UI Daemon privilege escalation
14121| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
14122| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
14123| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
14124| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
14125| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
14126| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
14127| [94540] Apache Tika 1.9 tika-server File information disclosure
14128| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
14129| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
14130| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
14131| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
14132| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
14133| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
14134| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14135| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
14136| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
14137| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
14138| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
14139| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
14140| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
14141| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
14142| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14143| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
14144| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
14145| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
14146| [93532] Apache Commons Collections Library Java privilege escalation
14147| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
14148| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
14149| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
14150| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
14151| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
14152| [93098] Apache Commons FileUpload privilege escalation
14153| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
14154| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
14155| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
14156| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
14157| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
14158| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
14159| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
14160| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
14161| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
14162| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
14163| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
14164| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
14165| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
14166| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
14167| [92549] Apache Tomcat on Red Hat privilege escalation
14168| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
14169| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
14170| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
14171| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
14172| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
14173| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
14174| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
14175| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
14176| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
14177| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
14178| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
14179| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
14180| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
14181| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
14182| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
14183| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
14184| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
14185| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
14186| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
14187| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
14188| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
14189| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
14190| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
14191| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
14192| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
14193| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
14194| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
14195| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
14196| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
14197| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
14198| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
14199| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
14200| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
14201| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
14202| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
14203| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
14204| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
14205| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
14206| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
14207| [90263] Apache Archiva Header denial of service
14208| [90262] Apache Archiva Deserialize privilege escalation
14209| [90261] Apache Archiva XML DTD Connection privilege escalation
14210| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
14211| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
14212| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
14213| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
14214| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14215| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
14216| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
14217| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
14218| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
14219| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
14220| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
14221| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
14222| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
14223| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
14224| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
14225| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
14226| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
14227| [87765] Apache James Server 2.3.2 Command privilege escalation
14228| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
14229| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
14230| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
14231| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
14232| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
14233| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
14234| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
14235| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
14236| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
14237| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14238| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14239| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
14240| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
14241| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
14242| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14243| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
14244| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
14245| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
14246| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
14247| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
14248| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
14249| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
14250| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
14251| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
14252| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
14253| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
14254| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
14255| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
14256| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
14257| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
14258| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
14259| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
14260| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
14261| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
14262| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
14263| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
14264| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
14265| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
14266| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
14267| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
14268| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
14269| [82076] Apache Ranger up to 0.5.1 privilege escalation
14270| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
14271| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
14272| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
14273| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
14274| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
14275| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
14276| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
14277| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
14278| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
14279| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
14280| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
14281| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
14282| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14283| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
14284| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
14285| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
14286| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
14287| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
14288| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
14289| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
14290| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
14291| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
14292| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
14293| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
14294| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
14295| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
14296| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
14297| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
14298| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
14299| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
14300| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
14301| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
14302| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
14303| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
14304| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
14305| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
14306| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
14307| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
14308| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
14309| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
14310| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
14311| [79791] Cisco Products Apache Commons Collections Library privilege escalation
14312| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14313| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
14314| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
14315| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
14316| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
14317| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
14318| [78989] Apache Ambari up to 2.1.1 Open Redirect
14319| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
14320| [78987] Apache Ambari up to 2.0.x cross site scripting
14321| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
14322| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14323| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
14324| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14325| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14326| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14327| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14328| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
14329| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
14330| [77406] Apache Flex BlazeDS AMF Message XML External Entity
14331| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
14332| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
14333| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
14334| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
14335| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
14336| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
14337| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
14338| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
14339| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
14340| [76567] Apache Struts 2.3.20 unknown vulnerability
14341| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
14342| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
14343| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
14344| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
14345| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
14346| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
14347| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
14348| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
14349| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
14350| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
14351| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
14352| [74793] Apache Tomcat File Upload denial of service
14353| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
14354| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
14355| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
14356| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
14357| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
14358| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
14359| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
14360| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
14361| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
14362| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
14363| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
14364| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
14365| [74468] Apache Batik up to 1.6 denial of service
14366| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
14367| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
14368| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
14369| [74174] Apache WSS4J up to 2.0.0 privilege escalation
14370| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
14371| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
14372| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
14373| [73731] Apache XML Security unknown vulnerability
14374| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
14375| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
14376| [73593] Apache Traffic Server up to 5.1.0 denial of service
14377| [73511] Apache POI up to 3.10 Deadlock denial of service
14378| [73510] Apache Solr up to 4.3.0 cross site scripting
14379| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
14380| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
14381| [73173] Apache CloudStack Stack-Based unknown vulnerability
14382| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
14383| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
14384| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
14385| [72890] Apache Qpid 0.30 unknown vulnerability
14386| [72887] Apache Hive 0.13.0 File Permission privilege escalation
14387| [72878] Apache Cordova 3.5.0 cross site request forgery
14388| [72877] Apache Cordova 3.5.0 cross site request forgery
14389| [72876] Apache Cordova 3.5.0 cross site request forgery
14390| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
14391| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
14392| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
14393| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
14394| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14395| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
14396| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
14397| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
14398| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
14399| [71629] Apache Axis2/C spoofing
14400| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
14401| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
14402| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
14403| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
14404| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
14405| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
14406| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
14407| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
14408| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
14409| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
14410| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
14411| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
14412| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
14413| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
14414| [70809] Apache POI up to 3.11 Crash denial of service
14415| [70808] Apache POI up to 3.10 unknown vulnerability
14416| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
14417| [70749] Apache Axis up to 1.4 getCN spoofing
14418| [70701] Apache Traffic Server up to 3.3.5 denial of service
14419| [70700] Apache OFBiz up to 12.04.03 cross site scripting
14420| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
14421| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
14422| [70661] Apache Subversion up to 1.6.17 denial of service
14423| [70660] Apache Subversion up to 1.6.17 spoofing
14424| [70659] Apache Subversion up to 1.6.17 spoofing
14425| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
14426| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
14427| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
14428| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
14429| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
14430| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
14431| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
14432| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
14433| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
14434| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
14435| [69846] Apache HBase up to 0.94.8 information disclosure
14436| [69783] Apache CouchDB up to 1.2.0 memory corruption
14437| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
14438| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
14439| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
14440| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
14441| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
14442| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
14443| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
14444| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
14445| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
14446| [69431] Apache Archiva up to 1.3.6 cross site scripting
14447| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
14448| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
14449| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
14450| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
14451| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
14452| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
14453| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
14454| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
14455| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
14456| [66739] Apache Camel up to 2.12.2 unknown vulnerability
14457| [66738] Apache Camel up to 2.12.2 unknown vulnerability
14458| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
14459| [66695] Apache CouchDB up to 1.2.0 cross site scripting
14460| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
14461| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
14462| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
14463| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
14464| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
14465| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
14466| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
14467| [66356] Apache Wicket up to 6.8.0 information disclosure
14468| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
14469| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
14470| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14471| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
14472| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
14473| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14474| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
14475| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
14476| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
14477| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
14478| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
14479| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
14480| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
14481| [65668] Apache Solr 4.0.0 Updater denial of service
14482| [65665] Apache Solr up to 4.3.0 denial of service
14483| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
14484| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
14485| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
14486| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
14487| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
14488| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
14489| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
14490| [65410] Apache Struts 2.3.15.3 cross site scripting
14491| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
14492| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
14493| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
14494| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
14495| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
14496| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
14497| [65340] Apache Shindig 2.5.0 information disclosure
14498| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
14499| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
14500| [10826] Apache Struts 2 File privilege escalation
14501| [65204] Apache Camel up to 2.10.1 unknown vulnerability
14502| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
14503| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
14504| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
14505| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
14506| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
14507| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
14508| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
14509| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
14510| [64722] Apache XML Security for C++ Heap-based memory corruption
14511| [64719] Apache XML Security for C++ Heap-based memory corruption
14512| [64718] Apache XML Security for C++ verify denial of service
14513| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
14514| [64716] Apache XML Security for C++ spoofing
14515| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
14516| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
14517| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
14518| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
14519| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
14520| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
14521| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
14522| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
14523| [64485] Apache Struts up to 2.2.3.0 privilege escalation
14524| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
14525| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
14526| [64467] Apache Geronimo 3.0 memory corruption
14527| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
14528| [64457] Apache Struts up to 2.2.3.0 cross site scripting
14529| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
14530| [9184] Apache Qpid up to 0.20 SSL misconfiguration
14531| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
14532| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
14533| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
14534| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
14535| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
14536| [8873] Apache Struts 2.3.14 privilege escalation
14537| [8872] Apache Struts 2.3.14 privilege escalation
14538| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
14539| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
14540| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
14541| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
14542| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
14543| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14544| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
14545| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
14546| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
14547| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
14548| [64006] Apache ActiveMQ up to 5.7.0 denial of service
14549| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
14550| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
14551| [8427] Apache Tomcat Session Transaction weak authentication
14552| [63960] Apache Maven 3.0.4 Default Configuration spoofing
14553| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
14554| [63750] Apache qpid up to 0.20 checkAvailable denial of service
14555| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
14556| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
14557| [63747] Apache Rave up to 0.20 User Account information disclosure
14558| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
14559| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
14560| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
14561| [7687] Apache CXF up to 2.7.2 Token weak authentication
14562| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14563| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
14564| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
14565| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
14566| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
14567| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
14568| [63090] Apache Tomcat up to 4.1.24 denial of service
14569| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
14570| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
14571| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
14572| [62833] Apache CXF -/2.6.0 spoofing
14573| [62832] Apache Axis2 up to 1.6.2 spoofing
14574| [62831] Apache Axis up to 1.4 Java Message Service spoofing
14575| [62830] Apache Commons-httpclient 3.0 Payments spoofing
14576| [62826] Apache Libcloud up to 0.11.0 spoofing
14577| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
14578| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
14579| [62661] Apache Axis2 unknown vulnerability
14580| [62658] Apache Axis2 unknown vulnerability
14581| [62467] Apache Qpid up to 0.17 denial of service
14582| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
14583| [6301] Apache HTTP Server mod_pagespeed cross site scripting
14584| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
14585| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
14586| [62035] Apache Struts up to 2.3.4 denial of service
14587| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
14588| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
14589| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
14590| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
14591| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
14592| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
14593| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
14594| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
14595| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
14596| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
14597| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
14598| [61229] Apache Sling up to 2.1.1 denial of service
14599| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
14600| [61094] Apache Roller up to 5.0 cross site scripting
14601| [61093] Apache Roller up to 5.0 cross site request forgery
14602| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
14603| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
14604| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
14605| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
14606| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
14607| [60708] Apache Qpid 0.12 unknown vulnerability
14608| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
14609| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
14610| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
14611| [4882] Apache Wicket up to 1.5.4 directory traversal
14612| [4881] Apache Wicket up to 1.4.19 cross site scripting
14613| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
14614| [60352] Apache Struts up to 2.2.3 memory corruption
14615| [60153] Apache Portable Runtime up to 1.4.3 denial of service
14616| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
14617| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
14618| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
14619| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
14620| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
14621| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
14622| [4571] Apache Struts up to 2.3.1.2 privilege escalation
14623| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
14624| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
14625| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
14626| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
14627| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
14628| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
14629| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
14630| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
14631| [59888] Apache Tomcat up to 6.0.6 denial of service
14632| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
14633| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
14634| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
14635| [59850] Apache Geronimo up to 2.2.1 denial of service
14636| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
14637| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
14638| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
14639| [58413] Apache Tomcat up to 6.0.10 spoofing
14640| [58381] Apache Wicket up to 1.4.17 cross site scripting
14641| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
14642| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
14643| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
14644| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
14645| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14646| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
14647| [57568] Apache Archiva up to 1.3.4 cross site scripting
14648| [57567] Apache Archiva up to 1.3.4 cross site request forgery
14649| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
14650| [4355] Apache HTTP Server APR apr_fnmatch denial of service
14651| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
14652| [57425] Apache Struts up to 2.2.1.1 cross site scripting
14653| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
14654| [57025] Apache Tomcat up to 7.0.11 information disclosure
14655| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
14656| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
14657| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
14658| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
14659| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
14660| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
14661| [56512] Apache Continuum up to 1.4.0 cross site scripting
14662| [4285] Apache Tomcat 5.x JVM getLocale denial of service
14663| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
14664| [4283] Apache Tomcat 5.x ServletContect privilege escalation
14665| [56441] Apache Tomcat up to 7.0.6 denial of service
14666| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
14667| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
14668| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
14669| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
14670| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
14671| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
14672| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
14673| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
14674| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
14675| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
14676| [54693] Apache Traffic Server DNS Cache unknown vulnerability
14677| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
14678| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
14679| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
14680| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
14681| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
14682| [54012] Apache Tomcat up to 6.0.10 denial of service
14683| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
14684| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
14685| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
14686| [52894] Apache Tomcat up to 6.0.7 information disclosure
14687| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
14688| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
14689| [52786] Apache Open For Business Project up to 09.04 cross site scripting
14690| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
14691| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
14692| [52584] Apache CouchDB up to 0.10.1 information disclosure
14693| [51757] Apache HTTP Server 2.0.44 cross site scripting
14694| [51756] Apache HTTP Server 2.0.44 spoofing
14695| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
14696| [51690] Apache Tomcat up to 6.0 directory traversal
14697| [51689] Apache Tomcat up to 6.0 information disclosure
14698| [51688] Apache Tomcat up to 6.0 directory traversal
14699| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
14700| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
14701| [50626] Apache Solr 1.0.0 cross site scripting
14702| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
14703| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
14704| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
14705| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
14706| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
14707| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
14708| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
14709| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
14710| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
14711| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
14712| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
14713| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
14714| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
14715| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
14716| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
14717| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
14718| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
14719| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
14720| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
14721| [47214] Apachefriends xampp 1.6.8 spoofing
14722| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
14723| [47162] Apachefriends XAMPP 1.4.4 weak authentication
14724| [47065] Apache Tomcat 4.1.23 cross site scripting
14725| [46834] Apache Tomcat up to 5.5.20 cross site scripting
14726| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
14727| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
14728| [86625] Apache Struts directory traversal
14729| [44461] Apache Tomcat up to 5.5.0 information disclosure
14730| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
14731| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
14732| [43663] Apache Tomcat up to 6.0.16 directory traversal
14733| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
14734| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
14735| [43516] Apache Tomcat up to 4.1.20 directory traversal
14736| [43509] Apache Tomcat up to 6.0.13 cross site scripting
14737| [42637] Apache Tomcat up to 6.0.16 cross site scripting
14738| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
14739| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
14740| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
14741| [40924] Apache Tomcat up to 6.0.15 information disclosure
14742| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
14743| [40922] Apache Tomcat up to 6.0 information disclosure
14744| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
14745| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
14746| [40656] Apache Tomcat 5.5.20 information disclosure
14747| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
14748| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
14749| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
14750| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
14751| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
14752| [40234] Apache Tomcat up to 6.0.15 directory traversal
14753| [40221] Apache HTTP Server 2.2.6 information disclosure
14754| [40027] David Castro Apache Authcas 0.4 sql injection
14755| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
14756| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
14757| [3414] Apache Tomcat WebDAV Stored privilege escalation
14758| [39489] Apache Jakarta Slide up to 2.1 directory traversal
14759| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
14760| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
14761| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
14762| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
14763| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
14764| [38524] Apache Geronimo 2.0 unknown vulnerability
14765| [3256] Apache Tomcat up to 6.0.13 cross site scripting
14766| [38331] Apache Tomcat 4.1.24 information disclosure
14767| [38330] Apache Tomcat 4.1.24 information disclosure
14768| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
14769| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
14770| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
14771| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
14772| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
14773| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
14774| [37292] Apache Tomcat up to 5.5.1 cross site scripting
14775| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
14776| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
14777| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
14778| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
14779| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
14780| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
14781| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
14782| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
14783| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
14784| [36225] XAMPP Apache Distribution 1.6.0a sql injection
14785| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
14786| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
14787| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
14788| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
14789| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
14790| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
14791| [34252] Apache HTTP Server denial of service
14792| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
14793| [33877] Apache Opentaps 0.9.3 cross site scripting
14794| [33876] Apache Open For Business Project unknown vulnerability
14795| [33875] Apache Open For Business Project cross site scripting
14796| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
14797| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
14798|
14799| MITRE CVE - https://cve.mitre.org:
14800| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
14801| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
14802| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
14803| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
14804| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
14805| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
14806| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
14807| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
14808| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
14809| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
14810| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
14811| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
14812| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
14813| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
14814| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
14815| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
14816| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
14817| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
14818| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
14819| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
14820| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
14821| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
14822| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
14823| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
14824| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
14825| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
14826| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
14827| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
14828| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
14829| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
14830| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14831| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
14832| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
14833| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
14834| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
14835| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
14836| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
14837| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
14838| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
14839| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
14840| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
14841| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14842| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14843| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14844| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
14845| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
14846| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
14847| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
14848| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
14849| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
14850| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
14851| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
14852| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
14853| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
14854| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
14855| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
14856| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
14857| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
14858| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
14859| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
14860| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
14861| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
14862| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
14863| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
14864| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14865| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
14866| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
14867| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
14868| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
14869| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
14870| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
14871| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
14872| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
14873| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
14874| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
14875| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
14876| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
14877| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
14878| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
14879| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
14880| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
14881| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
14882| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
14883| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
14884| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
14885| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
14886| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
14887| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
14888| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
14889| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
14890| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
14891| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
14892| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
14893| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
14894| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
14895| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
14896| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
14897| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
14898| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
14899| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
14900| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
14901| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
14902| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
14903| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
14904| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
14905| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
14906| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
14907| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
14908| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
14909| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
14910| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
14911| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
14912| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
14913| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
14914| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
14915| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
14916| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
14917| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
14918| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
14919| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
14920| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
14921| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
14922| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
14923| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
14924| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14925| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
14926| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
14927| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
14928| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
14929| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
14930| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
14931| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
14932| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
14933| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
14934| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
14935| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
14936| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
14937| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
14938| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
14939| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
14940| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
14941| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
14942| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
14943| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
14944| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
14945| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
14946| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
14947| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
14948| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
14949| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
14950| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
14951| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
14952| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
14953| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
14954| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
14955| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
14956| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
14957| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
14958| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
14959| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
14960| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
14961| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
14962| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
14963| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14964| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
14965| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
14966| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
14967| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
14968| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
14969| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
14970| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
14971| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
14972| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
14973| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
14974| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
14975| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
14976| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
14977| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
14978| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
14979| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
14980| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
14981| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
14982| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
14983| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
14984| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
14985| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
14986| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
14987| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
14988| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
14989| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
14990| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
14991| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
14992| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
14993| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
14994| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
14995| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
14996| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
14997| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
14998| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
14999| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
15000| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
15001| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
15002| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
15003| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
15004| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
15005| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
15006| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
15007| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
15008| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
15009| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
15010| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
15011| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
15012| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
15013| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
15014| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
15015| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
15016| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
15017| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
15018| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
15019| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
15020| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15021| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
15022| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
15023| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
15024| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
15025| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
15026| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
15027| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
15028| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
15029| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
15030| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
15031| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
15032| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
15033| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
15034| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
15035| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
15036| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
15037| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
15038| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
15039| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
15040| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
15041| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
15042| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
15043| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
15044| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
15045| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
15046| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
15047| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
15048| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
15049| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
15050| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
15051| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
15052| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
15053| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
15054| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
15055| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
15056| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
15057| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
15058| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
15059| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
15060| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
15061| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
15062| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
15063| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
15064| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
15065| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
15066| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
15067| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
15068| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
15069| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
15070| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
15071| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
15072| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
15073| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
15074| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
15075| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
15076| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
15077| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
15078| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
15079| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
15080| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
15081| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
15082| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
15083| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
15084| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
15085| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
15086| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
15087| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
15088| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
15089| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
15090| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
15091| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
15092| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
15093| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15094| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
15095| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
15096| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
15097| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
15098| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
15099| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
15100| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
15101| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
15102| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
15103| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
15104| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
15105| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15106| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15107| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
15108| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
15109| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
15110| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
15111| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
15112| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
15113| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
15114| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
15115| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
15116| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
15117| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
15118| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
15119| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
15120| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
15121| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
15122| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
15123| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
15124| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
15125| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
15126| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
15127| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
15128| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
15129| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
15130| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
15131| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
15132| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
15133| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
15134| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
15135| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
15136| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
15137| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
15138| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
15139| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
15140| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
15141| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
15142| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
15143| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
15144| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
15145| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
15146| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
15147| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15148| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
15149| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
15150| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
15151| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
15152| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15153| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
15154| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
15155| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
15156| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
15157| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
15158| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
15159| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
15160| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
15161| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
15162| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
15163| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
15164| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
15165| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
15166| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15167| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15168| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
15169| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
15170| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
15171| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
15172| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
15173| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
15174| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
15175| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15176| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
15177| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
15178| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
15179| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
15180| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
15181| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15182| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
15183| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15184| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
15185| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
15186| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
15187| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
15188| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
15189| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
15190| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
15191| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
15192| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
15193| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
15194| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
15195| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
15196| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
15197| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
15198| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
15199| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
15200| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
15201| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
15202| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
15203| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
15204| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
15205| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
15206| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
15207| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
15208| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
15209| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
15210| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
15211| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
15212| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
15213| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
15214| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
15215| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
15216| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
15217| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15218| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
15219| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
15220| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
15221| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
15222| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
15223| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
15224| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
15225| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
15226| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
15227| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
15228| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
15229| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
15230| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
15231| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
15232| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
15233| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
15234| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
15235| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
15236| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
15237| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
15238| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
15239| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
15240| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
15241| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
15242| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15243| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
15244| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15245| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
15246| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
15247| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
15248| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
15249| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
15250| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
15251| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
15252| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
15253| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
15254| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
15255| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
15256| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
15257| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
15258| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
15259| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
15260| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15261| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
15262| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
15263| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
15264| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
15265| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
15266| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
15267| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
15268| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
15269| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
15270| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
15271| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
15272| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
15273| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
15274| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
15275| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
15276| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
15277| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
15278| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
15279| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
15280| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
15281| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
15282| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
15283| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
15284| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
15285| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
15286| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
15287| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15288| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
15289| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
15290| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
15291| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
15292| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
15293| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
15294| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
15295| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
15296| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
15297| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
15298| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
15299| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
15300| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
15301| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
15302| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
15303| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
15304| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
15305| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
15306| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
15307| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
15308| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
15309| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
15310| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
15311| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
15312| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
15313| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
15314| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
15315| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
15316| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
15317| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
15318| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
15319| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
15320| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
15321| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
15322| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
15323| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
15324| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
15325| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
15326| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
15327| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
15328| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
15329| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
15330| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
15331| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
15332| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
15333| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
15334| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
15335| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
15336| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
15337| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
15338| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
15339| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
15340| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
15341| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
15342| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
15343| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
15344| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
15345| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
15346| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
15347| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
15348| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
15349| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
15350| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
15351| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
15352| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
15353| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
15354| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
15355| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
15356| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
15357| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
15358| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
15359| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
15360| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
15361| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
15362| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
15363| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
15364| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
15365| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
15366| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
15367| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
15368| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
15369| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
15370| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
15371| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
15372| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
15373| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
15374| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
15375| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
15376| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
15377| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
15378| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
15379| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
15380| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
15381| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
15382| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
15383| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
15384| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
15385| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
15386| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
15387| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
15388| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
15389| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
15390| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
15391| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
15392| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
15393| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
15394| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
15395| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
15396| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
15397| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
15398| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
15399| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
15400| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
15401| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
15402| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
15403| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
15404| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
15405| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
15406| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
15407| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
15408| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
15409|
15410| SecurityFocus - https://www.securityfocus.com/bid/:
15411| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
15412| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
15413| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
15414| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
15415| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
15416| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
15417| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
15418| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
15419| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
15420| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
15421| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
15422| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
15423| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
15424| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
15425| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
15426| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
15427| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
15428| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
15429| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
15430| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
15431| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
15432| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
15433| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
15434| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
15435| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
15436| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
15437| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
15438| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
15439| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
15440| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
15441| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
15442| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
15443| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
15444| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
15445| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
15446| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
15447| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
15448| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
15449| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
15450| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
15451| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
15452| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
15453| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
15454| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
15455| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
15456| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
15457| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
15458| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
15459| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
15460| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
15461| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
15462| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
15463| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
15464| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
15465| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
15466| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
15467| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
15468| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
15469| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
15470| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
15471| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
15472| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
15473| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
15474| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
15475| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
15476| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
15477| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
15478| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
15479| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
15480| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
15481| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
15482| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
15483| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
15484| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
15485| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
15486| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
15487| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
15488| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
15489| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
15490| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
15491| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
15492| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
15493| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
15494| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
15495| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
15496| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
15497| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
15498| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
15499| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
15500| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
15501| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
15502| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
15503| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
15504| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
15505| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
15506| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
15507| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
15508| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
15509| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
15510| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
15511| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
15512| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
15513| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
15514| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
15515| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
15516| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
15517| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
15518| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
15519| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
15520| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
15521| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
15522| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
15523| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
15524| [100447] Apache2Triad Multiple Security Vulnerabilities
15525| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
15526| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
15527| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
15528| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
15529| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
15530| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
15531| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
15532| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
15533| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
15534| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
15535| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
15536| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
15537| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
15538| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
15539| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
15540| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
15541| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
15542| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
15543| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
15544| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
15545| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
15546| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
15547| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
15548| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
15549| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
15550| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
15551| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
15552| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
15553| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
15554| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
15555| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
15556| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
15557| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
15558| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
15559| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
15560| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
15561| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
15562| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
15563| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
15564| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
15565| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
15566| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
15567| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
15568| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
15569| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
15570| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
15571| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
15572| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
15573| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
15574| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
15575| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
15576| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
15577| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
15578| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
15579| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
15580| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
15581| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
15582| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
15583| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
15584| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
15585| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
15586| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
15587| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
15588| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
15589| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
15590| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
15591| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
15592| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
15593| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
15594| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
15595| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
15596| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
15597| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
15598| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
15599| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
15600| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
15601| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
15602| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
15603| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
15604| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
15605| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
15606| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
15607| [95675] Apache Struts Remote Code Execution Vulnerability
15608| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
15609| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
15610| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
15611| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
15612| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
15613| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
15614| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
15615| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
15616| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
15617| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
15618| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
15619| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
15620| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
15621| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
15622| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
15623| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
15624| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
15625| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
15626| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
15627| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
15628| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
15629| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
15630| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
15631| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
15632| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
15633| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
15634| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
15635| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
15636| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
15637| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
15638| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
15639| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
15640| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
15641| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
15642| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
15643| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
15644| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
15645| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
15646| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
15647| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
15648| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
15649| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
15650| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
15651| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
15652| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
15653| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
15654| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
15655| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
15656| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
15657| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
15658| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
15659| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
15660| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
15661| [91736] Apache XML-RPC Multiple Security Vulnerabilities
15662| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
15663| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
15664| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
15665| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
15666| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
15667| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
15668| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
15669| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
15670| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
15671| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
15672| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
15673| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
15674| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
15675| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
15676| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
15677| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
15678| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
15679| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
15680| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
15681| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
15682| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
15683| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
15684| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
15685| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
15686| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
15687| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
15688| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
15689| [90482] Apache CVE-2004-1387 Local Security Vulnerability
15690| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
15691| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
15692| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
15693| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
15694| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
15695| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
15696| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
15697| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
15698| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
15699| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
15700| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
15701| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
15702| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
15703| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
15704| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
15705| [86399] Apache CVE-2007-1743 Local Security Vulnerability
15706| [86397] Apache CVE-2007-1742 Local Security Vulnerability
15707| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
15708| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
15709| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
15710| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
15711| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
15712| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
15713| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
15714| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
15715| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
15716| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
15717| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
15718| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
15719| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
15720| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
15721| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
15722| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
15723| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
15724| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
15725| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
15726| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
15727| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
15728| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
15729| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
15730| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
15731| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
15732| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
15733| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
15734| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
15735| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
15736| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
15737| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
15738| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
15739| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
15740| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
15741| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
15742| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
15743| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
15744| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
15745| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
15746| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
15747| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
15748| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
15749| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
15750| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
15751| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
15752| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
15753| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
15754| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
15755| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
15756| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
15757| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
15758| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
15759| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
15760| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
15761| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
15762| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
15763| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
15764| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
15765| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
15766| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
15767| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
15768| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
15769| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
15770| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
15771| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
15772| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
15773| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
15774| [76933] Apache James Server Unspecified Command Execution Vulnerability
15775| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
15776| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
15777| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
15778| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
15779| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
15780| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
15781| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
15782| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
15783| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
15784| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
15785| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
15786| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
15787| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
15788| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
15789| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
15790| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
15791| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
15792| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
15793| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
15794| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
15795| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
15796| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
15797| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
15798| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
15799| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
15800| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
15801| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
15802| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
15803| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
15804| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
15805| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
15806| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
15807| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
15808| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
15809| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
15810| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
15811| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
15812| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
15813| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
15814| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
15815| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
15816| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
15817| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
15818| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
15819| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
15820| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
15821| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
15822| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
15823| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
15824| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
15825| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
15826| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
15827| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
15828| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
15829| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
15830| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
15831| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
15832| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
15833| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
15834| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
15835| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
15836| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
15837| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
15838| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
15839| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
15840| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
15841| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
15842| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
15843| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
15844| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
15845| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
15846| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
15847| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
15848| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
15849| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
15850| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
15851| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
15852| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
15853| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
15854| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
15855| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
15856| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
15857| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
15858| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
15859| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
15860| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
15861| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
15862| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
15863| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
15864| [68229] Apache Harmony PRNG Entropy Weakness
15865| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
15866| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
15867| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
15868| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
15869| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
15870| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
15871| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
15872| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
15873| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
15874| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
15875| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
15876| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
15877| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
15878| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
15879| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
15880| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
15881| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
15882| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
15883| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
15884| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
15885| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
15886| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
15887| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
15888| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
15889| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
15890| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
15891| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
15892| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
15893| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
15894| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
15895| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
15896| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
15897| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
15898| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
15899| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
15900| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
15901| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
15902| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
15903| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
15904| [64780] Apache CloudStack Unauthorized Access Vulnerability
15905| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
15906| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
15907| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
15908| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
15909| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
15910| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
15911| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
15912| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
15913| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
15914| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
15915| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
15916| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
15917| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
15918| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
15919| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
15920| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
15921| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
15922| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
15923| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
15924| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
15925| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
15926| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
15927| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
15928| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
15929| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
15930| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
15931| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
15932| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
15933| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
15934| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
15935| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
15936| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
15937| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
15938| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
15939| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
15940| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
15941| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
15942| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
15943| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
15944| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
15945| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
15946| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
15947| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
15948| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
15949| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
15950| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
15951| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
15952| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
15953| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
15954| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
15955| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
15956| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
15957| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
15958| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
15959| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
15960| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
15961| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
15962| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
15963| [59670] Apache VCL Multiple Input Validation Vulnerabilities
15964| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
15965| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
15966| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
15967| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
15968| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
15969| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
15970| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
15971| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
15972| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
15973| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
15974| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
15975| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
15976| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
15977| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
15978| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
15979| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
15980| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
15981| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
15982| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
15983| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
15984| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
15985| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
15986| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
15987| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
15988| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
15989| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
15990| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
15991| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
15992| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
15993| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
15994| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
15995| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
15996| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
15997| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
15998| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
15999| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
16000| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
16001| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
16002| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
16003| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
16004| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
16005| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
16006| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
16007| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
16008| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
16009| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
16010| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
16011| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
16012| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
16013| [54798] Apache Libcloud Man In The Middle Vulnerability
16014| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
16015| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
16016| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
16017| [54189] Apache Roller Cross Site Request Forgery Vulnerability
16018| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
16019| [53880] Apache CXF Child Policies Security Bypass Vulnerability
16020| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
16021| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
16022| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
16023| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
16024| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
16025| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
16026| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
16027| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
16028| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
16029| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
16030| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
16031| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
16032| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
16033| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
16034| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
16035| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
16036| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
16037| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
16038| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
16039| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
16040| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16041| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
16042| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
16043| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
16044| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
16045| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
16046| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
16047| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
16048| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
16049| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
16050| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
16051| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
16052| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
16053| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
16054| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
16055| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
16056| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
16057| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
16058| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
16059| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
16060| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
16061| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
16062| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
16063| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
16064| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
16065| [49290] Apache Wicket Cross Site Scripting Vulnerability
16066| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
16067| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
16068| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
16069| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
16070| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
16071| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
16072| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
16073| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16074| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
16075| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
16076| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
16077| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
16078| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
16079| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
16080| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
16081| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
16082| [46953] Apache MPM-ITK Module Security Weakness
16083| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
16084| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
16085| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
16086| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
16087| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
16088| [46166] Apache Tomcat JVM Denial of Service Vulnerability
16089| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
16090| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
16091| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
16092| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
16093| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
16094| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
16095| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
16096| [44616] Apache Shiro Directory Traversal Vulnerability
16097| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
16098| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
16099| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
16100| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
16101| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
16102| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
16103| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
16104| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
16105| [42492] Apache CXF XML DTD Processing Security Vulnerability
16106| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
16107| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
16108| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
16109| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
16110| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
16111| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
16112| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
16113| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
16114| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
16115| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
16116| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
16117| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
16118| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
16119| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
16120| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
16121| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
16122| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
16123| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
16124| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
16125| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
16126| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
16127| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
16128| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
16129| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
16130| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
16131| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
16132| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
16133| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
16134| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
16135| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
16136| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
16137| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
16138| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
16139| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
16140| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
16141| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16142| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
16143| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
16144| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
16145| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
16146| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
16147| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
16148| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
16149| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
16150| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
16151| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
16152| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
16153| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
16154| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
16155| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
16156| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
16157| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
16158| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
16159| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
16160| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
16161| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
16162| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
16163| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
16164| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
16165| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
16166| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
16167| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
16168| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
16169| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
16170| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
16171| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
16172| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
16173| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
16174| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
16175| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
16176| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
16177| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
16178| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
16179| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
16180| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
16181| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
16182| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
16183| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
16184| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
16185| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
16186| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
16187| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
16188| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
16189| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
16190| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
16191| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
16192| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
16193| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
16194| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
16195| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
16196| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
16197| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
16198| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
16199| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
16200| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
16201| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
16202| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
16203| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
16204| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
16205| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
16206| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
16207| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
16208| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
16209| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
16210| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
16211| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
16212| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
16213| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
16214| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
16215| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
16216| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
16217| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
16218| [20527] Apache Mod_TCL Remote Format String Vulnerability
16219| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
16220| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
16221| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
16222| [19106] Apache Tomcat Information Disclosure Vulnerability
16223| [18138] Apache James SMTP Denial Of Service Vulnerability
16224| [17342] Apache Struts Multiple Remote Vulnerabilities
16225| [17095] Apache Log4Net Denial Of Service Vulnerability
16226| [16916] Apache mod_python FileSession Code Execution Vulnerability
16227| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
16228| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
16229| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
16230| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
16231| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
16232| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
16233| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
16234| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
16235| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
16236| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
16237| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
16238| [15177] PHP Apache 2 Local Denial of Service Vulnerability
16239| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
16240| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
16241| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
16242| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
16243| [14106] Apache HTTP Request Smuggling Vulnerability
16244| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
16245| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
16246| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
16247| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
16248| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
16249| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
16250| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
16251| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
16252| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
16253| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
16254| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
16255| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
16256| [11471] Apache mod_include Local Buffer Overflow Vulnerability
16257| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
16258| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
16259| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
16260| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
16261| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
16262| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
16263| [11094] Apache mod_ssl Denial Of Service Vulnerability
16264| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
16265| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
16266| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
16267| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
16268| [10478] ClueCentral Apache Suexec Patch Security Weakness
16269| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
16270| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
16271| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
16272| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
16273| [9921] Apache Connection Blocking Denial Of Service Vulnerability
16274| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
16275| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
16276| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
16277| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
16278| [9733] Apache Cygwin Directory Traversal Vulnerability
16279| [9599] Apache mod_php Global Variables Information Disclosure Weakness
16280| [9590] Apache-SSL Client Certificate Forging Vulnerability
16281| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
16282| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
16283| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
16284| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
16285| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
16286| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
16287| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
16288| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
16289| [8898] Red Hat Apache Directory Index Default Configuration Error
16290| [8883] Apache Cocoon Directory Traversal Vulnerability
16291| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
16292| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
16293| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
16294| [8707] Apache htpasswd Password Entropy Weakness
16295| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
16296| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
16297| [8226] Apache HTTP Server Multiple Vulnerabilities
16298| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
16299| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
16300| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
16301| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
16302| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
16303| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
16304| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
16305| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
16306| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
16307| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
16308| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
16309| [7255] Apache Web Server File Descriptor Leakage Vulnerability
16310| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
16311| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
16312| [6939] Apache Web Server ETag Header Information Disclosure Weakness
16313| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
16314| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
16315| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
16316| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
16317| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
16318| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
16319| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
16320| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
16321| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
16322| [6117] Apache mod_php File Descriptor Leakage Vulnerability
16323| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
16324| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
16325| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
16326| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
16327| [5992] Apache HTDigest Insecure Temporary File Vulnerability
16328| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
16329| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
16330| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
16331| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
16332| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
16333| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
16334| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
16335| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
16336| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
16337| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
16338| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
16339| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
16340| [5485] Apache 2.0 Path Disclosure Vulnerability
16341| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
16342| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
16343| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
16344| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
16345| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
16346| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
16347| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
16348| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
16349| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
16350| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
16351| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
16352| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
16353| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
16354| [4437] Apache Error Message Cross-Site Scripting Vulnerability
16355| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
16356| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
16357| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
16358| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
16359| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
16360| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
16361| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
16362| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
16363| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
16364| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
16365| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
16366| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
16367| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
16368| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
16369| [3596] Apache Split-Logfile File Append Vulnerability
16370| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
16371| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
16372| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
16373| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
16374| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
16375| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
16376| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
16377| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
16378| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
16379| [3169] Apache Server Address Disclosure Vulnerability
16380| [3009] Apache Possible Directory Index Disclosure Vulnerability
16381| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
16382| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
16383| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
16384| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
16385| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
16386| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
16387| [2216] Apache Web Server DoS Vulnerability
16388| [2182] Apache /tmp File Race Vulnerability
16389| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
16390| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
16391| [1821] Apache mod_cookies Buffer Overflow Vulnerability
16392| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
16393| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
16394| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
16395| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
16396| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
16397| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
16398| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
16399| [1457] Apache::ASP source.asp Example Script Vulnerability
16400| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
16401| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
16402|
16403| IBM X-Force - https://exchange.xforce.ibmcloud.com:
16404| [86258] Apache CloudStack text fields cross-site scripting
16405| [85983] Apache Subversion mod_dav_svn module denial of service
16406| [85875] Apache OFBiz UEL code execution
16407| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
16408| [85871] Apache HTTP Server mod_session_dbd unspecified
16409| [85756] Apache Struts OGNL expression command execution
16410| [85755] Apache Struts DefaultActionMapper class open redirect
16411| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
16412| [85574] Apache HTTP Server mod_dav denial of service
16413| [85573] Apache Struts Showcase App OGNL code execution
16414| [85496] Apache CXF denial of service
16415| [85423] Apache Geronimo RMI classloader code execution
16416| [85326] Apache Santuario XML Security for C++ buffer overflow
16417| [85323] Apache Santuario XML Security for Java spoofing
16418| [85319] Apache Qpid Python client SSL spoofing
16419| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
16420| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
16421| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
16422| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
16423| [84952] Apache Tomcat CVE-2012-3544 denial of service
16424| [84763] Apache Struts CVE-2013-2135 security bypass
16425| [84762] Apache Struts CVE-2013-2134 security bypass
16426| [84719] Apache Subversion CVE-2013-2088 command execution
16427| [84718] Apache Subversion CVE-2013-2112 denial of service
16428| [84717] Apache Subversion CVE-2013-1968 denial of service
16429| [84577] Apache Tomcat security bypass
16430| [84576] Apache Tomcat symlink
16431| [84543] Apache Struts CVE-2013-2115 security bypass
16432| [84542] Apache Struts CVE-2013-1966 security bypass
16433| [84154] Apache Tomcat session hijacking
16434| [84144] Apache Tomcat denial of service
16435| [84143] Apache Tomcat information disclosure
16436| [84111] Apache HTTP Server command execution
16437| [84043] Apache Virtual Computing Lab cross-site scripting
16438| [84042] Apache Virtual Computing Lab cross-site scripting
16439| [83782] Apache CloudStack information disclosure
16440| [83781] Apache CloudStack security bypass
16441| [83720] Apache ActiveMQ cross-site scripting
16442| [83719] Apache ActiveMQ denial of service
16443| [83718] Apache ActiveMQ denial of service
16444| [83263] Apache Subversion denial of service
16445| [83262] Apache Subversion denial of service
16446| [83261] Apache Subversion denial of service
16447| [83259] Apache Subversion denial of service
16448| [83035] Apache mod_ruid2 security bypass
16449| [82852] Apache Qpid federation_tag security bypass
16450| [82851] Apache Qpid qpid::framing::Buffer denial of service
16451| [82758] Apache Rave User RPC API information disclosure
16452| [82663] Apache Subversion svn_fs_file_length() denial of service
16453| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
16454| [82641] Apache Qpid AMQP denial of service
16455| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
16456| [82618] Apache Commons FileUpload symlink
16457| [82360] Apache HTTP Server manager interface cross-site scripting
16458| [82359] Apache HTTP Server hostnames cross-site scripting
16459| [82338] Apache Tomcat log/logdir information disclosure
16460| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
16461| [82268] Apache OpenJPA deserialization command execution
16462| [81981] Apache CXF UsernameTokens security bypass
16463| [81980] Apache CXF WS-Security security bypass
16464| [81398] Apache OFBiz cross-site scripting
16465| [81240] Apache CouchDB directory traversal
16466| [81226] Apache CouchDB JSONP code execution
16467| [81225] Apache CouchDB Futon user interface cross-site scripting
16468| [81211] Apache Axis2/C SSL spoofing
16469| [81167] Apache CloudStack DeployVM information disclosure
16470| [81166] Apache CloudStack AddHost API information disclosure
16471| [81165] Apache CloudStack createSSHKeyPair API information disclosure
16472| [80518] Apache Tomcat cross-site request forgery security bypass
16473| [80517] Apache Tomcat FormAuthenticator security bypass
16474| [80516] Apache Tomcat NIO denial of service
16475| [80408] Apache Tomcat replay-countermeasure security bypass
16476| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
16477| [80317] Apache Tomcat slowloris denial of service
16478| [79984] Apache Commons HttpClient SSL spoofing
16479| [79983] Apache CXF SSL spoofing
16480| [79830] Apache Axis2/Java SSL spoofing
16481| [79829] Apache Axis SSL spoofing
16482| [79809] Apache Tomcat DIGEST security bypass
16483| [79806] Apache Tomcat parseHeaders() denial of service
16484| [79540] Apache OFBiz unspecified
16485| [79487] Apache Axis2 SAML security bypass
16486| [79212] Apache Cloudstack code execution
16487| [78734] Apache CXF SOAP Action security bypass
16488| [78730] Apache Qpid broker denial of service
16489| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
16490| [78563] Apache mod_pagespeed module unspecified cross-site scripting
16491| [78562] Apache mod_pagespeed module security bypass
16492| [78454] Apache Axis2 security bypass
16493| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
16494| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
16495| [78321] Apache Wicket unspecified cross-site scripting
16496| [78183] Apache Struts parameters denial of service
16497| [78182] Apache Struts cross-site request forgery
16498| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
16499| [77987] mod_rpaf module for Apache denial of service
16500| [77958] Apache Struts skill name code execution
16501| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
16502| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
16503| [77568] Apache Qpid broker security bypass
16504| [77421] Apache Libcloud spoofing
16505| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
16506| [77046] Oracle Solaris Apache HTTP Server information disclosure
16507| [76837] Apache Hadoop information disclosure
16508| [76802] Apache Sling CopyFrom denial of service
16509| [76692] Apache Hadoop symlink
16510| [76535] Apache Roller console cross-site request forgery
16511| [76534] Apache Roller weblog cross-site scripting
16512| [76152] Apache CXF elements security bypass
16513| [76151] Apache CXF child policies security bypass
16514| [75983] MapServer for Windows Apache file include
16515| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
16516| [75558] Apache POI denial of service
16517| [75545] PHP apache_request_headers() buffer overflow
16518| [75302] Apache Qpid SASL security bypass
16519| [75211] Debian GNU/Linux apache 2 cross-site scripting
16520| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
16521| [74871] Apache OFBiz FlexibleStringExpander code execution
16522| [74870] Apache OFBiz multiple cross-site scripting
16523| [74750] Apache Hadoop unspecified spoofing
16524| [74319] Apache Struts XSLTResult.java file upload
16525| [74313] Apache Traffic Server header buffer overflow
16526| [74276] Apache Wicket directory traversal
16527| [74273] Apache Wicket unspecified cross-site scripting
16528| [74181] Apache HTTP Server mod_fcgid module denial of service
16529| [73690] Apache Struts OGNL code execution
16530| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
16531| [73100] Apache MyFaces in directory traversal
16532| [73096] Apache APR hash denial of service
16533| [73052] Apache Struts name cross-site scripting
16534| [73030] Apache CXF UsernameToken security bypass
16535| [72888] Apache Struts lastName cross-site scripting
16536| [72758] Apache HTTP Server httpOnly information disclosure
16537| [72757] Apache HTTP Server MPM denial of service
16538| [72585] Apache Struts ParameterInterceptor security bypass
16539| [72438] Apache Tomcat Digest security bypass
16540| [72437] Apache Tomcat Digest security bypass
16541| [72436] Apache Tomcat DIGEST security bypass
16542| [72425] Apache Tomcat parameter denial of service
16543| [72422] Apache Tomcat request object information disclosure
16544| [72377] Apache HTTP Server scoreboard security bypass
16545| [72345] Apache HTTP Server HTTP request denial of service
16546| [72229] Apache Struts ExceptionDelegator command execution
16547| [72089] Apache Struts ParameterInterceptor directory traversal
16548| [72088] Apache Struts CookieInterceptor command execution
16549| [72047] Apache Geronimo hash denial of service
16550| [72016] Apache Tomcat hash denial of service
16551| [71711] Apache Struts OGNL expression code execution
16552| [71654] Apache Struts interfaces security bypass
16553| [71620] Apache ActiveMQ failover denial of service
16554| [71617] Apache HTTP Server mod_proxy module information disclosure
16555| [71508] Apache MyFaces EL security bypass
16556| [71445] Apache HTTP Server mod_proxy security bypass
16557| [71203] Apache Tomcat servlets privilege escalation
16558| [71181] Apache HTTP Server ap_pregsub() denial of service
16559| [71093] Apache HTTP Server ap_pregsub() buffer overflow
16560| [70336] Apache HTTP Server mod_proxy information disclosure
16561| [69804] Apache HTTP Server mod_proxy_ajp denial of service
16562| [69472] Apache Tomcat AJP security bypass
16563| [69396] Apache HTTP Server ByteRange filter denial of service
16564| [69394] Apache Wicket multi window support cross-site scripting
16565| [69176] Apache Tomcat XML information disclosure
16566| [69161] Apache Tomcat jsvc information disclosure
16567| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
16568| [68541] Apache Tomcat sendfile information disclosure
16569| [68420] Apache XML Security denial of service
16570| [68238] Apache Tomcat JMX information disclosure
16571| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
16572| [67804] Apache Subversion control rules information disclosure
16573| [67803] Apache Subversion control rules denial of service
16574| [67802] Apache Subversion baselined denial of service
16575| [67672] Apache Archiva multiple cross-site scripting
16576| [67671] Apache Archiva multiple cross-site request forgery
16577| [67564] Apache APR apr_fnmatch() denial of service
16578| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
16579| [67515] Apache Tomcat annotations security bypass
16580| [67480] Apache Struts s:submit information disclosure
16581| [67414] Apache APR apr_fnmatch() denial of service
16582| [67356] Apache Struts javatemplates cross-site scripting
16583| [67354] Apache Struts Xwork cross-site scripting
16584| [66676] Apache Tomcat HTTP BIO information disclosure
16585| [66675] Apache Tomcat web.xml security bypass
16586| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
16587| [66241] Apache HttpComponents information disclosure
16588| [66154] Apache Tomcat ServletSecurity security bypass
16589| [65971] Apache Tomcat ServletSecurity security bypass
16590| [65876] Apache Subversion mod_dav_svn denial of service
16591| [65343] Apache Continuum unspecified cross-site scripting
16592| [65162] Apache Tomcat NIO connector denial of service
16593| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
16594| [65160] Apache Tomcat HTML Manager interface cross-site scripting
16595| [65159] Apache Tomcat ServletContect security bypass
16596| [65050] Apache CouchDB web-based administration UI cross-site scripting
16597| [64773] Oracle HTTP Server Apache Plugin unauthorized access
16598| [64473] Apache Subversion blame -g denial of service
16599| [64472] Apache Subversion walk() denial of service
16600| [64407] Apache Axis2 CVE-2010-0219 code execution
16601| [63926] Apache Archiva password privilege escalation
16602| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
16603| [63493] Apache Archiva credentials cross-site request forgery
16604| [63477] Apache Tomcat HttpOnly session hijacking
16605| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
16606| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
16607| [62959] Apache Shiro filters security bypass
16608| [62790] Apache Perl cgi module denial of service
16609| [62576] Apache Qpid exchange denial of service
16610| [62575] Apache Qpid AMQP denial of service
16611| [62354] Apache Qpid SSL denial of service
16612| [62235] Apache APR-util apr_brigade_split_line() denial of service
16613| [62181] Apache XML-RPC SAX Parser information disclosure
16614| [61721] Apache Traffic Server cache poisoning
16615| [61202] Apache Derby BUILTIN authentication functionality information disclosure
16616| [61186] Apache CouchDB Futon cross-site request forgery
16617| [61169] Apache CXF DTD denial of service
16618| [61070] Apache Jackrabbit search.jsp SQL injection
16619| [61006] Apache SLMS Quoting cross-site request forgery
16620| [60962] Apache Tomcat time cross-site scripting
16621| [60883] Apache mod_proxy_http information disclosure
16622| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
16623| [60264] Apache Tomcat Transfer-Encoding denial of service
16624| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
16625| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
16626| [59413] Apache mod_proxy_http timeout information disclosure
16627| [59058] Apache MyFaces unencrypted view state cross-site scripting
16628| [58827] Apache Axis2 xsd file include
16629| [58790] Apache Axis2 modules cross-site scripting
16630| [58299] Apache ActiveMQ queueBrowse cross-site scripting
16631| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
16632| [58056] Apache ActiveMQ .jsp source code disclosure
16633| [58055] Apache Tomcat realm name information disclosure
16634| [58046] Apache HTTP Server mod_auth_shadow security bypass
16635| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
16636| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
16637| [57429] Apache CouchDB algorithms information disclosure
16638| [57398] Apache ActiveMQ Web console cross-site request forgery
16639| [57397] Apache ActiveMQ createDestination.action cross-site scripting
16640| [56653] Apache HTTP Server DNS spoofing
16641| [56652] Apache HTTP Server DNS cross-site scripting
16642| [56625] Apache HTTP Server request header information disclosure
16643| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
16644| [56623] Apache HTTP Server mod_proxy_ajp denial of service
16645| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
16646| [55857] Apache Tomcat WAR files directory traversal
16647| [55856] Apache Tomcat autoDeploy attribute security bypass
16648| [55855] Apache Tomcat WAR directory traversal
16649| [55210] Intuit component for Joomla! Apache information disclosure
16650| [54533] Apache Tomcat 404 error page cross-site scripting
16651| [54182] Apache Tomcat admin default password
16652| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
16653| [53666] Apache HTTP Server Solaris pollset support denial of service
16654| [53650] Apache HTTP Server HTTP basic-auth module security bypass
16655| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
16656| [53041] mod_proxy_ftp module for Apache denial of service
16657| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
16658| [51953] Apache Tomcat Path Disclosure
16659| [51952] Apache Tomcat Path Traversal
16660| [51951] Apache stronghold-status Information Disclosure
16661| [51950] Apache stronghold-info Information Disclosure
16662| [51949] Apache PHP Source Code Disclosure
16663| [51948] Apache Multiviews Attack
16664| [51946] Apache JServ Environment Status Information Disclosure
16665| [51945] Apache error_log Information Disclosure
16666| [51944] Apache Default Installation Page Pattern Found
16667| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
16668| [51942] Apache AXIS XML External Entity File Retrieval
16669| [51941] Apache AXIS Sample Servlet Information Leak
16670| [51940] Apache access_log Information Disclosure
16671| [51626] Apache mod_deflate denial of service
16672| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
16673| [51365] Apache Tomcat RequestDispatcher security bypass
16674| [51273] Apache HTTP Server Incomplete Request denial of service
16675| [51195] Apache Tomcat XML information disclosure
16676| [50994] Apache APR-util xml/apr_xml.c denial of service
16677| [50993] Apache APR-util apr_brigade_vprintf denial of service
16678| [50964] Apache APR-util apr_strmatch_precompile() denial of service
16679| [50930] Apache Tomcat j_security_check information disclosure
16680| [50928] Apache Tomcat AJP denial of service
16681| [50884] Apache HTTP Server XML ENTITY denial of service
16682| [50808] Apache HTTP Server AllowOverride privilege escalation
16683| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
16684| [50059] Apache mod_proxy_ajp information disclosure
16685| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
16686| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
16687| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
16688| [49921] Apache ActiveMQ Web interface cross-site scripting
16689| [49898] Apache Geronimo Services/Repository directory traversal
16690| [49725] Apache Tomcat mod_jk module information disclosure
16691| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
16692| [49712] Apache Struts unspecified cross-site scripting
16693| [49213] Apache Tomcat cal2.jsp cross-site scripting
16694| [48934] Apache Tomcat POST doRead method information disclosure
16695| [48211] Apache Tomcat header HTTP request smuggling
16696| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
16697| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
16698| [47709] Apache Roller "
16699| [47104] Novell Netware ApacheAdmin console security bypass
16700| [47086] Apache HTTP Server OS fingerprinting unspecified
16701| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
16702| [45791] Apache Tomcat RemoteFilterValve security bypass
16703| [44435] Oracle WebLogic Apache Connector buffer overflow
16704| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
16705| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
16706| [44156] Apache Tomcat RequestDispatcher directory traversal
16707| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
16708| [43885] Oracle WebLogic Server Apache Connector buffer overflow
16709| [42987] Apache HTTP Server mod_proxy module denial of service
16710| [42915] Apache Tomcat JSP files path disclosure
16711| [42914] Apache Tomcat MS-DOS path disclosure
16712| [42892] Apache Tomcat unspecified unauthorized access
16713| [42816] Apache Tomcat Host Manager cross-site scripting
16714| [42303] Apache 403 error cross-site scripting
16715| [41618] Apache-SSL ExpandCert() authentication bypass
16716| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
16717| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
16718| [40614] Apache mod_jk2 HTTP Host header buffer overflow
16719| [40562] Apache Geronimo init information disclosure
16720| [40478] Novell Web Manager webadmin-apache.conf security bypass
16721| [40411] Apache Tomcat exception handling information disclosure
16722| [40409] Apache Tomcat native (APR based) connector weak security
16723| [40403] Apache Tomcat quotes and %5C cookie information disclosure
16724| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
16725| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
16726| [39867] Apache HTTP Server mod_negotiation cross-site scripting
16727| [39804] Apache Tomcat SingleSignOn information disclosure
16728| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
16729| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
16730| [39608] Apache HTTP Server balancer manager cross-site request forgery
16731| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
16732| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
16733| [39472] Apache HTTP Server mod_status cross-site scripting
16734| [39201] Apache Tomcat JULI logging weak security
16735| [39158] Apache HTTP Server Windows SMB shares information disclosure
16736| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
16737| [38951] Apache::AuthCAS Perl module cookie SQL injection
16738| [38800] Apache HTTP Server 413 error page cross-site scripting
16739| [38211] Apache Geronimo SQLLoginModule authentication bypass
16740| [37243] Apache Tomcat WebDAV directory traversal
16741| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
16742| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
16743| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
16744| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
16745| [36782] Apache Geronimo MEJB unauthorized access
16746| [36586] Apache HTTP Server UTF-7 cross-site scripting
16747| [36468] Apache Geronimo LoginModule security bypass
16748| [36467] Apache Tomcat functions.jsp cross-site scripting
16749| [36402] Apache Tomcat calendar cross-site request forgery
16750| [36354] Apache HTTP Server mod_proxy module denial of service
16751| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
16752| [36336] Apache Derby lock table privilege escalation
16753| [36335] Apache Derby schema privilege escalation
16754| [36006] Apache Tomcat "
16755| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
16756| [35999] Apache Tomcat \"
16757| [35795] Apache Tomcat CookieExample cross-site scripting
16758| [35536] Apache Tomcat SendMailServlet example cross-site scripting
16759| [35384] Apache HTTP Server mod_cache module denial of service
16760| [35097] Apache HTTP Server mod_status module cross-site scripting
16761| [35095] Apache HTTP Server Prefork MPM module denial of service
16762| [34984] Apache HTTP Server recall_headers information disclosure
16763| [34966] Apache HTTP Server MPM content spoofing
16764| [34965] Apache HTTP Server MPM information disclosure
16765| [34963] Apache HTTP Server MPM multiple denial of service
16766| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
16767| [34869] Apache Tomcat JSP example Web application cross-site scripting
16768| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
16769| [34496] Apache Tomcat JK Connector security bypass
16770| [34377] Apache Tomcat hello.jsp cross-site scripting
16771| [34212] Apache Tomcat SSL configuration security bypass
16772| [34210] Apache Tomcat Accept-Language cross-site scripting
16773| [34209] Apache Tomcat calendar application cross-site scripting
16774| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
16775| [34167] Apache Axis WSDL file path disclosure
16776| [34068] Apache Tomcat AJP connector information disclosure
16777| [33584] Apache HTTP Server suEXEC privilege escalation
16778| [32988] Apache Tomcat proxy module directory traversal
16779| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
16780| [32708] Debian Apache tty privilege escalation
16781| [32441] ApacheStats extract() PHP call unspecified
16782| [32128] Apache Tomcat default account
16783| [31680] Apache Tomcat RequestParamExample cross-site scripting
16784| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
16785| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
16786| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
16787| [30456] Apache mod_auth_kerb off-by-one buffer overflow
16788| [29550] Apache mod_tcl set_var() format string
16789| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
16790| [28357] Apache HTTP Server mod_alias script source information disclosure
16791| [28063] Apache mod_rewrite off-by-one buffer overflow
16792| [27902] Apache Tomcat URL information disclosure
16793| [26786] Apache James SMTP server denial of service
16794| [25680] libapache2 /tmp/svn file upload
16795| [25614] Apache Struts lookupMap cross-site scripting
16796| [25613] Apache Struts ActionForm denial of service
16797| [25612] Apache Struts isCancelled() security bypass
16798| [24965] Apache mod_python FileSession command execution
16799| [24716] Apache James spooler memory leak denial of service
16800| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
16801| [24158] Apache Geronimo jsp-examples cross-site scripting
16802| [24030] Apache auth_ldap module multiple format strings
16803| [24008] Apache mod_ssl custom error message denial of service
16804| [24003] Apache mod_auth_pgsql module multiple syslog format strings
16805| [23612] Apache mod_imap referer field cross-site scripting
16806| [23173] Apache Struts error message cross-site scripting
16807| [22942] Apache Tomcat directory listing denial of service
16808| [22858] Apache Multi-Processing Module code allows denial of service
16809| [22602] RHSA-2005:582 updates for Apache httpd not installed
16810| [22520] Apache mod-auth-shadow "
16811| [22466] ApacheTop symlink
16812| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
16813| [22006] Apache HTTP Server byte-range filter denial of service
16814| [21567] Apache mod_ssl off-by-one buffer overflow
16815| [21195] Apache HTTP Server header HTTP request smuggling
16816| [20383] Apache HTTP Server htdigest buffer overflow
16817| [19681] Apache Tomcat AJP12 request denial of service
16818| [18993] Apache HTTP server check_forensic symlink attack
16819| [18790] Apache Tomcat Manager cross-site scripting
16820| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
16821| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
16822| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
16823| [17961] Apache Web server ServerTokens has not been set
16824| [17930] Apache HTTP Server HTTP GET request denial of service
16825| [17785] Apache mod_include module buffer overflow
16826| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
16827| [17473] Apache HTTP Server Satisfy directive allows access to resources
16828| [17413] Apache htpasswd buffer overflow
16829| [17384] Apache HTTP Server environment variable configuration file buffer overflow
16830| [17382] Apache HTTP Server IPv6 apr_util denial of service
16831| [17366] Apache HTTP Server mod_dav module LOCK denial of service
16832| [17273] Apache HTTP Server speculative mode denial of service
16833| [17200] Apache HTTP Server mod_ssl denial of service
16834| [16890] Apache HTTP Server server-info request has been detected
16835| [16889] Apache HTTP Server server-status request has been detected
16836| [16705] Apache mod_ssl format string attack
16837| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
16838| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
16839| [16230] Apache HTTP Server PHP denial of service
16840| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
16841| [15958] Apache HTTP Server authentication modules memory corruption
16842| [15547] Apache HTTP Server mod_disk_cache local information disclosure
16843| [15540] Apache HTTP Server socket starvation denial of service
16844| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
16845| [15422] Apache HTTP Server mod_access information disclosure
16846| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
16847| [15293] Apache for Cygwin "
16848| [15065] Apache-SSL has a default password
16849| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
16850| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
16851| [14751] Apache Mod_python output filter information disclosure
16852| [14125] Apache HTTP Server mod_userdir module information disclosure
16853| [14075] Apache HTTP Server mod_php file descriptor leak
16854| [13703] Apache HTTP Server account
16855| [13689] Apache HTTP Server configuration allows symlinks
16856| [13688] Apache HTTP Server configuration allows SSI
16857| [13687] Apache HTTP Server Server: header value
16858| [13685] Apache HTTP Server ServerTokens value
16859| [13684] Apache HTTP Server ServerSignature value
16860| [13672] Apache HTTP Server config allows directory autoindexing
16861| [13671] Apache HTTP Server default content
16862| [13670] Apache HTTP Server config file directive references outside content root
16863| [13668] Apache HTTP Server httpd not running in chroot environment
16864| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
16865| [13664] Apache HTTP Server config file contains ScriptAlias entry
16866| [13663] Apache HTTP Server CGI support modules loaded
16867| [13661] Apache HTTP Server config file contains AddHandler entry
16868| [13660] Apache HTTP Server 500 error page not CGI script
16869| [13659] Apache HTTP Server 413 error page not CGI script
16870| [13658] Apache HTTP Server 403 error page not CGI script
16871| [13657] Apache HTTP Server 401 error page not CGI script
16872| [13552] Apache HTTP Server mod_cgid module information disclosure
16873| [13550] Apache GET request directory traversal
16874| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
16875| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
16876| [13429] Apache Tomcat non-HTTP request denial of service
16877| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
16878| [13295] Apache weak password encryption
16879| [13254] Apache Tomcat .jsp cross-site scripting
16880| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
16881| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
16882| [12681] Apache HTTP Server mod_proxy could allow mail relaying
16883| [12662] Apache HTTP Server rotatelogs denial of service
16884| [12554] Apache Tomcat stores password in plain text
16885| [12553] Apache HTTP Server redirects and subrequests denial of service
16886| [12552] Apache HTTP Server FTP proxy server denial of service
16887| [12551] Apache HTTP Server prefork MPM denial of service
16888| [12550] Apache HTTP Server weaker than expected encryption
16889| [12549] Apache HTTP Server type-map file denial of service
16890| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
16891| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
16892| [12091] Apache HTTP Server apr_password_validate denial of service
16893| [12090] Apache HTTP Server apr_psprintf code execution
16894| [11804] Apache HTTP Server mod_access_referer denial of service
16895| [11750] Apache HTTP Server could leak sensitive file descriptors
16896| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
16897| [11703] Apache long slash path allows directory listing
16898| [11695] Apache HTTP Server LF (Line Feed) denial of service
16899| [11694] Apache HTTP Server filestat.c denial of service
16900| [11438] Apache HTTP Server MIME message boundaries information disclosure
16901| [11412] Apache HTTP Server error log terminal escape sequence injection
16902| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
16903| [11195] Apache Tomcat web.xml could be used to read files
16904| [11194] Apache Tomcat URL appended with a null character could list directories
16905| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
16906| [11126] Apache HTTP Server illegal character file disclosure
16907| [11125] Apache HTTP Server DOS device name HTTP POST code execution
16908| [11124] Apache HTTP Server DOS device name denial of service
16909| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
16910| [10938] Apache HTTP Server printenv test CGI cross-site scripting
16911| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
16912| [10575] Apache mod_php module could allow an attacker to take over the httpd process
16913| [10499] Apache HTTP Server WebDAV HTTP POST view source
16914| [10457] Apache HTTP Server mod_ssl "
16915| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
16916| [10414] Apache HTTP Server htdigest multiple buffer overflows
16917| [10413] Apache HTTP Server htdigest temporary file race condition
16918| [10412] Apache HTTP Server htpasswd temporary file race condition
16919| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
16920| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
16921| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
16922| [10280] Apache HTTP Server shared memory scorecard overwrite
16923| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
16924| [10241] Apache HTTP Server Host: header cross-site scripting
16925| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
16926| [10208] Apache HTTP Server mod_dav denial of service
16927| [10206] HP VVOS Apache mod_ssl denial of service
16928| [10200] Apache HTTP Server stderr denial of service
16929| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
16930| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
16931| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
16932| [10098] Slapper worm targets OpenSSL/Apache systems
16933| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
16934| [9875] Apache HTTP Server .var file request could disclose installation path
16935| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
16936| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
16937| [9623] Apache HTTP Server ap_log_rerror() path disclosure
16938| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
16939| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
16940| [9396] Apache Tomcat null character to threads denial of service
16941| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
16942| [9249] Apache HTTP Server chunked encoding heap buffer overflow
16943| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
16944| [8932] Apache Tomcat example class information disclosure
16945| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
16946| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
16947| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
16948| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
16949| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
16950| [8400] Apache HTTP Server mod_frontpage buffer overflows
16951| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
16952| [8308] Apache "
16953| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
16954| [8119] Apache and PHP OPTIONS request reveals "
16955| [8054] Apache is running on the system
16956| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
16957| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
16958| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
16959| [7836] Apache HTTP Server log directory denial of service
16960| [7815] Apache for Windows "
16961| [7810] Apache HTTP request could result in unexpected behavior
16962| [7599] Apache Tomcat reveals installation path
16963| [7494] Apache "
16964| [7419] Apache Web Server could allow remote attackers to overwrite .log files
16965| [7363] Apache Web Server hidden HTTP requests
16966| [7249] Apache mod_proxy denial of service
16967| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
16968| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
16969| [7059] Apache "
16970| [7057] Apache "
16971| [7056] Apache "
16972| [7055] Apache "
16973| [7054] Apache "
16974| [6997] Apache Jakarta Tomcat error message may reveal information
16975| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
16976| [6970] Apache crafted HTTP request could reveal the internal IP address
16977| [6921] Apache long slash path allows directory listing
16978| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
16979| [6527] Apache Web Server for Windows and OS2 denial of service
16980| [6316] Apache Jakarta Tomcat may reveal JSP source code
16981| [6305] Apache Jakarta Tomcat directory traversal
16982| [5926] Linux Apache symbolic link
16983| [5659] Apache Web server discloses files when used with php script
16984| [5310] Apache mod_rewrite allows attacker to view arbitrary files
16985| [5204] Apache WebDAV directory listings
16986| [5197] Apache Web server reveals CGI script source code
16987| [5160] Apache Jakarta Tomcat default installation
16988| [5099] Trustix Secure Linux installs Apache with world writable access
16989| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
16990| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
16991| [4931] Apache source.asp example file allows users to write to files
16992| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
16993| [4205] Apache Jakarta Tomcat delivers file contents
16994| [2084] Apache on Debian by default serves the /usr/doc directory
16995| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
16996| [697] Apache HTTP server beck exploit
16997| [331] Apache cookies buffer overflow
16998|
16999| Exploit-DB - https://www.exploit-db.com:
17000| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
17001| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
17002| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
17003| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
17004| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
17005| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
17006| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
17007| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
17008| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
17009| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
17010| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
17011| [29859] Apache Roller OGNL Injection
17012| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
17013| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
17014| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
17015| [29290] Apache / PHP 5.x Remote Code Execution Exploit
17016| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
17017| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
17018| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
17019| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
17020| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
17021| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
17022| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
17023| [27096] Apache Geronimo 1.0 Error Page XSS
17024| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
17025| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
17026| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
17027| [25986] Plesk Apache Zeroday Remote Exploit
17028| [25980] Apache Struts includeParams Remote Code Execution
17029| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
17030| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
17031| [24874] Apache Struts ParametersInterceptor Remote Code Execution
17032| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
17033| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
17034| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
17035| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
17036| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
17037| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
17038| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
17039| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
17040| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
17041| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
17042| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
17043| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
17044| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
17045| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
17046| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
17047| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
17048| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
17049| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
17050| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
17051| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
17052| [21719] Apache 2.0 Path Disclosure Vulnerability
17053| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
17054| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
17055| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
17056| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
17057| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
17058| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
17059| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
17060| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
17061| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
17062| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
17063| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
17064| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
17065| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
17066| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
17067| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
17068| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
17069| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
17070| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
17071| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
17072| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
17073| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
17074| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
17075| [20558] Apache 1.2 Web Server DoS Vulnerability
17076| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
17077| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
17078| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
17079| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
17080| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
17081| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
17082| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
17083| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
17084| [19231] PHP apache_request_headers Function Buffer Overflow
17085| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
17086| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
17087| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
17088| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
17089| [18442] Apache httpOnly Cookie Disclosure
17090| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
17091| [18221] Apache HTTP Server Denial of Service
17092| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
17093| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
17094| [17691] Apache Struts < 2.2.0 - Remote Command Execution
17095| [16798] Apache mod_jk 1.2.20 Buffer Overflow
17096| [16782] Apache Win32 Chunked Encoding
17097| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
17098| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
17099| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
17100| [15319] Apache 2.2 (Windows) Local Denial of Service
17101| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
17102| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17103| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
17104| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
17105| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
17106| [12330] Apache OFBiz - Multiple XSS
17107| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
17108| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
17109| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
17110| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
17111| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
17112| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
17113| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
17114| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
17115| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17116| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
17117| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
17118| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
17119| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
17120| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
17121| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
17122| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
17123| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
17124| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
17125| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
17126| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
17127| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
17128| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
17129| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
17130| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
17131| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
17132| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
17133| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
17134| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
17135| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
17136| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
17137| [466] htpasswd Apache 1.3.31 - Local Exploit
17138| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
17139| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
17140| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
17141| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
17142| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
17143| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
17144| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
17145| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
17146| [9] Apache HTTP Server 2.x Memory Leak Exploit
17147|
17148| OpenVAS (Nessus) - http://www.openvas.org:
17149| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
17150| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
17151| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
17152| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
17153| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
17154| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
17155| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
17156| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
17157| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
17158| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
17159| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
17160| [900571] Apache APR-Utils Version Detection
17161| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
17162| [900496] Apache Tiles Multiple XSS Vulnerability
17163| [900493] Apache Tiles Version Detection
17164| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
17165| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
17166| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
17167| [870175] RedHat Update for apache RHSA-2008:0004-01
17168| [864591] Fedora Update for apache-poi FEDORA-2012-10835
17169| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
17170| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
17171| [864250] Fedora Update for apache-poi FEDORA-2012-7683
17172| [864249] Fedora Update for apache-poi FEDORA-2012-7686
17173| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
17174| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
17175| [855821] Solaris Update for Apache 1.3 122912-19
17176| [855812] Solaris Update for Apache 1.3 122911-19
17177| [855737] Solaris Update for Apache 1.3 122911-17
17178| [855731] Solaris Update for Apache 1.3 122912-17
17179| [855695] Solaris Update for Apache 1.3 122911-16
17180| [855645] Solaris Update for Apache 1.3 122912-16
17181| [855587] Solaris Update for kernel update and Apache 108529-29
17182| [855566] Solaris Update for Apache 116973-07
17183| [855531] Solaris Update for Apache 116974-07
17184| [855524] Solaris Update for Apache 2 120544-14
17185| [855494] Solaris Update for Apache 1.3 122911-15
17186| [855478] Solaris Update for Apache Security 114145-11
17187| [855472] Solaris Update for Apache Security 113146-12
17188| [855179] Solaris Update for Apache 1.3 122912-15
17189| [855147] Solaris Update for kernel update and Apache 108528-29
17190| [855077] Solaris Update for Apache 2 120543-14
17191| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
17192| [850088] SuSE Update for apache2 SUSE-SA:2007:061
17193| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
17194| [841209] Ubuntu Update for apache2 USN-1627-1
17195| [840900] Ubuntu Update for apache2 USN-1368-1
17196| [840798] Ubuntu Update for apache2 USN-1259-1
17197| [840734] Ubuntu Update for apache2 USN-1199-1
17198| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
17199| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
17200| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
17201| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
17202| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
17203| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
17204| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
17205| [835253] HP-UX Update for Apache Web Server HPSBUX02645
17206| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
17207| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
17208| [835236] HP-UX Update for Apache with PHP HPSBUX02543
17209| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
17210| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
17211| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
17212| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
17213| [835188] HP-UX Update for Apache HPSBUX02308
17214| [835181] HP-UX Update for Apache With PHP HPSBUX02332
17215| [835180] HP-UX Update for Apache with PHP HPSBUX02342
17216| [835172] HP-UX Update for Apache HPSBUX02365
17217| [835168] HP-UX Update for Apache HPSBUX02313
17218| [835148] HP-UX Update for Apache HPSBUX01064
17219| [835139] HP-UX Update for Apache with PHP HPSBUX01090
17220| [835131] HP-UX Update for Apache HPSBUX00256
17221| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
17222| [835104] HP-UX Update for Apache HPSBUX00224
17223| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
17224| [835101] HP-UX Update for Apache HPSBUX01232
17225| [835080] HP-UX Update for Apache HPSBUX02273
17226| [835078] HP-UX Update for ApacheStrong HPSBUX00255
17227| [835044] HP-UX Update for Apache HPSBUX01019
17228| [835040] HP-UX Update for Apache PHP HPSBUX00207
17229| [835025] HP-UX Update for Apache HPSBUX00197
17230| [835023] HP-UX Update for Apache HPSBUX01022
17231| [835022] HP-UX Update for Apache HPSBUX02292
17232| [835005] HP-UX Update for Apache HPSBUX02262
17233| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
17234| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
17235| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
17236| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
17237| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
17238| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
17239| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
17240| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
17241| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
17242| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
17243| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
17244| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
17245| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
17246| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
17247| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
17248| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
17249| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
17250| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
17251| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
17252| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
17253| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
17254| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
17255| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
17256| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
17257| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
17258| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
17259| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
17260| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
17261| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
17262| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
17263| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
17264| [801942] Apache Archiva Multiple Vulnerabilities
17265| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
17266| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
17267| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
17268| [801284] Apache Derby Information Disclosure Vulnerability
17269| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
17270| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
17271| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
17272| [800680] Apache APR Version Detection
17273| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
17274| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
17275| [800677] Apache Roller Version Detection
17276| [800279] Apache mod_jk Module Version Detection
17277| [800278] Apache Struts Cross Site Scripting Vulnerability
17278| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
17279| [800276] Apache Struts Version Detection
17280| [800271] Apache Struts Directory Traversal Vulnerability
17281| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
17282| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
17283| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
17284| [103122] Apache Web Server ETag Header Information Disclosure Weakness
17285| [103074] Apache Continuum Cross Site Scripting Vulnerability
17286| [103073] Apache Continuum Detection
17287| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
17288| [101023] Apache Open For Business Weak Password security check
17289| [101020] Apache Open For Business HTML injection vulnerability
17290| [101019] Apache Open For Business service detection
17291| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
17292| [100923] Apache Archiva Detection
17293| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
17294| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
17295| [100813] Apache Axis2 Detection
17296| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
17297| [100795] Apache Derby Detection
17298| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
17299| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
17300| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
17301| [100514] Apache Multiple Security Vulnerabilities
17302| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
17303| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
17304| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
17305| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
17306| [72626] Debian Security Advisory DSA 2579-1 (apache2)
17307| [72612] FreeBSD Ports: apache22
17308| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
17309| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
17310| [71512] FreeBSD Ports: apache
17311| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
17312| [71256] Debian Security Advisory DSA 2452-1 (apache2)
17313| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
17314| [70737] FreeBSD Ports: apache
17315| [70724] Debian Security Advisory DSA 2405-1 (apache2)
17316| [70600] FreeBSD Ports: apache
17317| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
17318| [70235] Debian Security Advisory DSA 2298-2 (apache2)
17319| [70233] Debian Security Advisory DSA 2298-1 (apache2)
17320| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
17321| [69338] Debian Security Advisory DSA 2202-1 (apache2)
17322| [67868] FreeBSD Ports: apache
17323| [66816] FreeBSD Ports: apache
17324| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
17325| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
17326| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
17327| [66081] SLES11: Security update for Apache 2
17328| [66074] SLES10: Security update for Apache 2
17329| [66070] SLES9: Security update for Apache 2
17330| [65998] SLES10: Security update for apache2-mod_python
17331| [65893] SLES10: Security update for Apache 2
17332| [65888] SLES10: Security update for Apache 2
17333| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
17334| [65510] SLES9: Security update for Apache 2
17335| [65472] SLES9: Security update for Apache
17336| [65467] SLES9: Security update for Apache
17337| [65450] SLES9: Security update for apache2
17338| [65390] SLES9: Security update for Apache2
17339| [65363] SLES9: Security update for Apache2
17340| [65309] SLES9: Security update for Apache and mod_ssl
17341| [65296] SLES9: Security update for webdav apache module
17342| [65283] SLES9: Security update for Apache2
17343| [65249] SLES9: Security update for Apache 2
17344| [65230] SLES9: Security update for Apache 2
17345| [65228] SLES9: Security update for Apache 2
17346| [65212] SLES9: Security update for apache2-mod_python
17347| [65209] SLES9: Security update for apache2-worker
17348| [65207] SLES9: Security update for Apache 2
17349| [65168] SLES9: Security update for apache2-mod_python
17350| [65142] SLES9: Security update for Apache2
17351| [65136] SLES9: Security update for Apache 2
17352| [65132] SLES9: Security update for apache
17353| [65131] SLES9: Security update for Apache 2 oes/CORE
17354| [65113] SLES9: Security update for apache2
17355| [65072] SLES9: Security update for apache and mod_ssl
17356| [65017] SLES9: Security update for Apache 2
17357| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
17358| [64783] FreeBSD Ports: apache
17359| [64774] Ubuntu USN-802-2 (apache2)
17360| [64653] Ubuntu USN-813-2 (apache2)
17361| [64559] Debian Security Advisory DSA 1834-2 (apache2)
17362| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
17363| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
17364| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
17365| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
17366| [64443] Ubuntu USN-802-1 (apache2)
17367| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
17368| [64423] Debian Security Advisory DSA 1834-1 (apache2)
17369| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
17370| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
17371| [64251] Debian Security Advisory DSA 1816-1 (apache2)
17372| [64201] Ubuntu USN-787-1 (apache2)
17373| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
17374| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
17375| [63565] FreeBSD Ports: apache
17376| [63562] Ubuntu USN-731-1 (apache2)
17377| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
17378| [61185] FreeBSD Ports: apache
17379| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
17380| [60387] Slackware Advisory SSA:2008-045-02 apache
17381| [58826] FreeBSD Ports: apache-tomcat
17382| [58825] FreeBSD Ports: apache-tomcat
17383| [58804] FreeBSD Ports: apache
17384| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
17385| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
17386| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
17387| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
17388| [57335] Debian Security Advisory DSA 1167-1 (apache)
17389| [57201] Debian Security Advisory DSA 1131-1 (apache)
17390| [57200] Debian Security Advisory DSA 1132-1 (apache2)
17391| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
17392| [57145] FreeBSD Ports: apache
17393| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
17394| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
17395| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
17396| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
17397| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
17398| [56067] FreeBSD Ports: apache
17399| [55803] Slackware Advisory SSA:2005-310-04 apache
17400| [55519] Debian Security Advisory DSA 839-1 (apachetop)
17401| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
17402| [55355] FreeBSD Ports: apache
17403| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
17404| [55261] Debian Security Advisory DSA 805-1 (apache2)
17405| [55259] Debian Security Advisory DSA 803-1 (apache)
17406| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
17407| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
17408| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
17409| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
17410| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
17411| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
17412| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
17413| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
17414| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
17415| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
17416| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
17417| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
17418| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
17419| [54439] FreeBSD Ports: apache
17420| [53931] Slackware Advisory SSA:2004-133-01 apache
17421| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
17422| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
17423| [53878] Slackware Advisory SSA:2003-308-01 apache security update
17424| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
17425| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
17426| [53848] Debian Security Advisory DSA 131-1 (apache)
17427| [53784] Debian Security Advisory DSA 021-1 (apache)
17428| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
17429| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
17430| [53735] Debian Security Advisory DSA 187-1 (apache)
17431| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
17432| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
17433| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
17434| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
17435| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
17436| [53282] Debian Security Advisory DSA 594-1 (apache)
17437| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
17438| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
17439| [53215] Debian Security Advisory DSA 525-1 (apache)
17440| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
17441| [52529] FreeBSD Ports: apache+ssl
17442| [52501] FreeBSD Ports: apache
17443| [52461] FreeBSD Ports: apache
17444| [52390] FreeBSD Ports: apache
17445| [52389] FreeBSD Ports: apache
17446| [52388] FreeBSD Ports: apache
17447| [52383] FreeBSD Ports: apache
17448| [52339] FreeBSD Ports: apache+mod_ssl
17449| [52331] FreeBSD Ports: apache
17450| [52329] FreeBSD Ports: ru-apache+mod_ssl
17451| [52314] FreeBSD Ports: apache
17452| [52310] FreeBSD Ports: apache
17453| [15588] Detect Apache HTTPS
17454| [15555] Apache mod_proxy content-length buffer overflow
17455| [15554] Apache mod_include priviledge escalation
17456| [14771] Apache <= 1.3.33 htpasswd local overflow
17457| [14177] Apache mod_access rule bypass
17458| [13644] Apache mod_rootme Backdoor
17459| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
17460| [12280] Apache Connection Blocking Denial of Service
17461| [12239] Apache Error Log Escape Sequence Injection
17462| [12123] Apache Tomcat source.jsp malformed request information disclosure
17463| [12085] Apache Tomcat servlet/JSP container default files
17464| [11438] Apache Tomcat Directory Listing and File disclosure
17465| [11204] Apache Tomcat Default Accounts
17466| [11092] Apache 2.0.39 Win32 directory traversal
17467| [11046] Apache Tomcat TroubleShooter Servlet Installed
17468| [11042] Apache Tomcat DOS Device Name XSS
17469| [11041] Apache Tomcat /servlet Cross Site Scripting
17470| [10938] Apache Remote Command Execution via .bat files
17471| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
17472| [10773] MacOS X Finder reveals contents of Apache Web files
17473| [10766] Apache UserDir Sensitive Information Disclosure
17474| [10756] MacOS X Finder reveals contents of Apache Web directories
17475| [10752] Apache Auth Module SQL Insertion Attack
17476| [10704] Apache Directory Listing
17477| [10678] Apache /server-info accessible
17478| [10677] Apache /server-status accessible
17479| [10440] Check for Apache Multiple / vulnerability
17480|
17481| SecurityTracker - https://www.securitytracker.com:
17482| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
17483| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
17484| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
17485| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
17486| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17487| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17488| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17489| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
17490| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
17491| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
17492| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
17493| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
17494| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
17495| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
17496| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
17497| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
17498| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
17499| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
17500| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
17501| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
17502| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
17503| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
17504| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
17505| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
17506| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
17507| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17508| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
17509| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
17510| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
17511| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
17512| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
17513| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
17514| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
17515| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
17516| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
17517| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
17518| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
17519| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
17520| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
17521| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
17522| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
17523| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
17524| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
17525| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
17526| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
17527| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
17528| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
17529| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
17530| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
17531| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
17532| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
17533| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
17534| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
17535| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
17536| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
17537| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
17538| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
17539| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
17540| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
17541| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
17542| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
17543| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
17544| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
17545| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
17546| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
17547| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
17548| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
17549| [1024096] Apache mod_proxy_http May Return Results for a Different Request
17550| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
17551| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
17552| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
17553| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
17554| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
17555| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
17556| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
17557| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
17558| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
17559| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
17560| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
17561| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
17562| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
17563| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17564| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
17565| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
17566| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
17567| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
17568| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
17569| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
17570| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
17571| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
17572| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
17573| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
17574| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
17575| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
17576| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
17577| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
17578| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
17579| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
17580| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
17581| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
17582| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
17583| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
17584| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
17585| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
17586| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
17587| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
17588| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
17589| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
17590| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
17591| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
17592| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
17593| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
17594| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
17595| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
17596| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
17597| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
17598| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
17599| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
17600| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
17601| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
17602| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
17603| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
17604| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
17605| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
17606| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
17607| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
17608| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
17609| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
17610| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
17611| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
17612| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
17613| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
17614| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
17615| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
17616| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
17617| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
17618| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
17619| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
17620| [1008920] Apache mod_digest May Validate Replayed Client Responses
17621| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
17622| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
17623| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
17624| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
17625| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
17626| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
17627| [1008030] Apache mod_rewrite Contains a Buffer Overflow
17628| [1008029] Apache mod_alias Contains a Buffer Overflow
17629| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
17630| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
17631| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
17632| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
17633| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
17634| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
17635| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
17636| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
17637| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
17638| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
17639| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
17640| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
17641| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
17642| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
17643| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
17644| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
17645| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
17646| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
17647| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
17648| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
17649| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
17650| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
17651| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
17652| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
17653| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
17654| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
17655| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
17656| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
17657| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
17658| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
17659| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
17660| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
17661| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
17662| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
17663| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
17664| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
17665| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
17666| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
17667| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17668| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
17669| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
17670| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
17671| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
17672| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
17673| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
17674| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
17675| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
17676| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
17677| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
17678| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
17679| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
17680| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
17681| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
17682| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
17683| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
17684| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
17685|
17686| OSVDB - http://www.osvdb.org:
17687| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
17688| [96077] Apache CloudStack Global Settings Multiple Field XSS
17689| [96076] Apache CloudStack Instances Menu Display Name Field XSS
17690| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
17691| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
17692| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
17693| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
17694| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
17695| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
17696| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
17697| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
17698| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
17699| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17700| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
17701| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
17702| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
17703| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
17704| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
17705| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
17706| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
17707| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
17708| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
17709| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
17710| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
17711| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
17712| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
17713| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
17714| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
17715| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
17716| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
17717| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
17718| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
17719| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
17720| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
17721| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
17722| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
17723| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
17724| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
17725| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
17726| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
17727| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
17728| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
17729| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
17730| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
17731| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
17732| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
17733| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
17734| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
17735| [94279] Apache Qpid CA Certificate Validation Bypass
17736| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
17737| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
17738| [94042] Apache Axis JAX-WS Java Unspecified Exposure
17739| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
17740| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
17741| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
17742| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
17743| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
17744| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
17745| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
17746| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
17747| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
17748| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
17749| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
17750| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
17751| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
17752| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
17753| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
17754| [93541] Apache Solr json.wrf Callback XSS
17755| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
17756| [93521] Apache jUDDI Security API Token Session Persistence Weakness
17757| [93520] Apache CloudStack Default SSL Key Weakness
17758| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
17759| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
17760| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
17761| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
17762| [93515] Apache HBase table.jsp name Parameter XSS
17763| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
17764| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
17765| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
17766| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
17767| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
17768| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
17769| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
17770| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
17771| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
17772| [93252] Apache Tomcat FORM Authenticator Session Fixation
17773| [93172] Apache Camel camel/endpoints/ Endpoint XSS
17774| [93171] Apache Sling HtmlResponse Error Message XSS
17775| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
17776| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
17777| [93168] Apache Click ErrorReport.java id Parameter XSS
17778| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
17779| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
17780| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
17781| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
17782| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
17783| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
17784| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
17785| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
17786| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
17787| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
17788| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
17789| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
17790| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
17791| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
17792| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
17793| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
17794| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
17795| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
17796| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
17797| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
17798| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
17799| [93144] Apache Solr Admin Command Execution CSRF
17800| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
17801| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
17802| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
17803| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
17804| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
17805| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
17806| [92748] Apache CloudStack VM Console Access Restriction Bypass
17807| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
17808| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
17809| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
17810| [92706] Apache ActiveMQ Debug Log Rendering XSS
17811| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
17812| [92270] Apache Tomcat Unspecified CSRF
17813| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
17814| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
17815| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
17816| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
17817| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
17818| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
17819| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
17820| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
17821| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
17822| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
17823| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
17824| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
17825| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
17826| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
17827| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
17828| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
17829| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
17830| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
17831| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
17832| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
17833| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
17834| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
17835| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
17836| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
17837| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
17838| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
17839| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
17840| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
17841| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
17842| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
17843| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
17844| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
17845| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
17846| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
17847| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
17848| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
17849| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
17850| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
17851| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
17852| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
17853| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
17854| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
17855| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
17856| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
17857| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
17858| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
17859| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
17860| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
17861| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
17862| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
17863| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
17864| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
17865| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
17866| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
17867| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
17868| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
17869| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
17870| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
17871| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
17872| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
17873| [86901] Apache Tomcat Error Message Path Disclosure
17874| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
17875| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
17876| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
17877| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
17878| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
17879| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
17880| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
17881| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
17882| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
17883| [85430] Apache mod_pagespeed Module Unspecified XSS
17884| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
17885| [85249] Apache Wicket Unspecified XSS
17886| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
17887| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
17888| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
17889| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
17890| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
17891| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
17892| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
17893| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
17894| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
17895| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
17896| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
17897| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
17898| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
17899| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
17900| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
17901| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
17902| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
17903| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
17904| [83339] Apache Roller Blogger Roll Unspecified XSS
17905| [83270] Apache Roller Unspecified Admin Action CSRF
17906| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
17907| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
17908| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
17909| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
17910| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
17911| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
17912| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
17913| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
17914| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
17915| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
17916| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
17917| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
17918| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
17919| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
17920| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
17921| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
17922| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
17923| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
17924| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
17925| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
17926| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
17927| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
17928| [80300] Apache Wicket wicket:pageMapName Parameter XSS
17929| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
17930| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
17931| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
17932| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
17933| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
17934| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
17935| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
17936| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
17937| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
17938| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
17939| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
17940| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
17941| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
17942| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
17943| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
17944| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
17945| [78331] Apache Tomcat Request Object Recycling Information Disclosure
17946| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
17947| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
17948| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
17949| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
17950| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
17951| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
17952| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
17953| [77593] Apache Struts Conversion Error OGNL Expression Injection
17954| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
17955| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
17956| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
17957| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
17958| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
17959| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
17960| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
17961| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
17962| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
17963| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
17964| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
17965| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
17966| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
17967| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
17968| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
17969| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
17970| [74725] Apache Wicket Multi Window Support Unspecified XSS
17971| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
17972| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
17973| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
17974| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
17975| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
17976| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
17977| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
17978| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
17979| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
17980| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
17981| [73644] Apache XML Security Signature Key Parsing Overflow DoS
17982| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
17983| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
17984| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
17985| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
17986| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
17987| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
17988| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
17989| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
17990| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
17991| [73154] Apache Archiva Multiple Unspecified CSRF
17992| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
17993| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
17994| [72238] Apache Struts Action / Method Names <
17995| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
17996| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
17997| [71557] Apache Tomcat HTML Manager Multiple XSS
17998| [71075] Apache Archiva User Management Page XSS
17999| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
18000| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
18001| [70924] Apache Continuum Multiple Admin Function CSRF
18002| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
18003| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
18004| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
18005| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
18006| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
18007| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
18008| [69520] Apache Archiva Administrator Credential Manipulation CSRF
18009| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
18010| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
18011| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
18012| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
18013| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
18014| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
18015| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
18016| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
18017| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
18018| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
18019| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
18020| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
18021| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
18022| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
18023| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
18024| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
18025| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
18026| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
18027| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
18028| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
18029| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
18030| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
18031| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
18032| [65054] Apache ActiveMQ Jetty Error Handler XSS
18033| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
18034| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
18035| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
18036| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
18037| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
18038| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
18039| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
18040| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
18041| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
18042| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
18043| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
18044| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
18045| [63895] Apache HTTP Server mod_headers Unspecified Issue
18046| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
18047| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
18048| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
18049| [63140] Apache Thrift Service Malformed Data Remote DoS
18050| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
18051| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
18052| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
18053| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
18054| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
18055| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
18056| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
18057| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
18058| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
18059| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
18060| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
18061| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
18062| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
18063| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
18064| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
18065| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
18066| [60678] Apache Roller Comment Email Notification Manipulation DoS
18067| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
18068| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
18069| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
18070| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
18071| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
18072| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
18073| [60232] PHP on Apache php.exe Direct Request Remote DoS
18074| [60176] Apache Tomcat Windows Installer Admin Default Password
18075| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
18076| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
18077| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
18078| [59944] Apache Hadoop jobhistory.jsp XSS
18079| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
18080| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
18081| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
18082| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
18083| [59019] Apache mod_python Cookie Salting Weakness
18084| [59018] Apache Harmony Error Message Handling Overflow
18085| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
18086| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
18087| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
18088| [59010] Apache Solr get-file.jsp XSS
18089| [59009] Apache Solr action.jsp XSS
18090| [59008] Apache Solr analysis.jsp XSS
18091| [59007] Apache Solr schema.jsp Multiple Parameter XSS
18092| [59006] Apache Beehive select / checkbox Tag XSS
18093| [59005] Apache Beehive jpfScopeID Global Parameter XSS
18094| [59004] Apache Beehive Error Message XSS
18095| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
18096| [59002] Apache Jetspeed default-page.psml URI XSS
18097| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
18098| [59000] Apache CXF Unsigned Message Policy Bypass
18099| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
18100| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
18101| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
18102| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
18103| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
18104| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
18105| [58993] Apache Hadoop browseBlock.jsp XSS
18106| [58991] Apache Hadoop browseDirectory.jsp XSS
18107| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
18108| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
18109| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
18110| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
18111| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
18112| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
18113| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
18114| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
18115| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
18116| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
18117| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
18118| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
18119| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
18120| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
18121| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
18122| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
18123| [58974] Apache Sling /apps Script User Session Management Access Weakness
18124| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
18125| [58931] Apache Geronimo Cookie Parameters Validation Weakness
18126| [58930] Apache Xalan-C++ XPath Handling Remote DoS
18127| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
18128| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
18129| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
18130| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
18131| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
18132| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
18133| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
18134| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
18135| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
18136| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
18137| [58805] Apache Derby Unauthenticated Database / Admin Access
18138| [58804] Apache Wicket Header Contribution Unspecified Issue
18139| [58803] Apache Wicket Session Fixation
18140| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
18141| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
18142| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
18143| [58799] Apache Tapestry Logging Cleartext Password Disclosure
18144| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
18145| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
18146| [58796] Apache Jetspeed Unsalted Password Storage Weakness
18147| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
18148| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
18149| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
18150| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
18151| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
18152| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
18153| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
18154| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
18155| [58775] Apache JSPWiki preview.jsp action Parameter XSS
18156| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18157| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
18158| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
18159| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
18160| [58770] Apache JSPWiki Group.jsp group Parameter XSS
18161| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
18162| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
18163| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
18164| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
18165| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
18166| [58763] Apache JSPWiki Include Tag Multiple Script XSS
18167| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
18168| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
18169| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
18170| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
18171| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
18172| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
18173| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
18174| [58755] Apache Harmony DRLVM Non-public Class Member Access
18175| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
18176| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
18177| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
18178| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
18179| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
18180| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
18181| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
18182| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
18183| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
18184| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
18185| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
18186| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
18187| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
18188| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
18189| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
18190| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
18191| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
18192| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
18193| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
18194| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
18195| [58725] Apache Tapestry Basic String ACL Bypass Weakness
18196| [58724] Apache Roller Logout Functionality Failure Session Persistence
18197| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
18198| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
18199| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
18200| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
18201| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
18202| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
18203| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
18204| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
18205| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
18206| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
18207| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
18208| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
18209| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
18210| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
18211| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
18212| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
18213| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
18214| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
18215| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
18216| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
18217| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
18218| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
18219| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
18220| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
18221| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
18222| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
18223| [58687] Apache Axis Invalid wsdl Request XSS
18224| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
18225| [58685] Apache Velocity Template Designer Privileged Code Execution
18226| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
18227| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
18228| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
18229| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
18230| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
18231| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
18232| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
18233| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
18234| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
18235| [58667] Apache Roller Database Cleartext Passwords Disclosure
18236| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
18237| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
18238| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
18239| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
18240| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
18241| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
18242| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
18243| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
18244| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
18245| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
18246| [56984] Apache Xerces2 Java Malformed XML Input DoS
18247| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
18248| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
18249| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
18250| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
18251| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
18252| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
18253| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
18254| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
18255| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
18256| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
18257| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
18258| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
18259| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
18260| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
18261| [55056] Apache Tomcat Cross-application TLD File Manipulation
18262| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
18263| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
18264| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
18265| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
18266| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
18267| [54589] Apache Jserv Nonexistent JSP Request XSS
18268| [54122] Apache Struts s:a / s:url Tag href Element XSS
18269| [54093] Apache ActiveMQ Web Console JMS Message XSS
18270| [53932] Apache Geronimo Multiple Admin Function CSRF
18271| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
18272| [53930] Apache Geronimo /console/portal/ URI XSS
18273| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
18274| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
18275| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
18276| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
18277| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
18278| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
18279| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
18280| [53380] Apache Struts Unspecified XSS
18281| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
18282| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
18283| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
18284| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
18285| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
18286| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
18287| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
18288| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
18289| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
18290| [51151] Apache Roller Search Function q Parameter XSS
18291| [50482] PHP with Apache php_value Order Unspecified Issue
18292| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
18293| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
18294| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
18295| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
18296| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
18297| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
18298| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
18299| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
18300| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
18301| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
18302| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
18303| [47096] Oracle Weblogic Apache Connector POST Request Overflow
18304| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
18305| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
18306| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
18307| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
18308| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
18309| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
18310| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
18311| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
18312| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
18313| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
18314| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
18315| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
18316| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
18317| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
18318| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
18319| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
18320| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
18321| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
18322| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
18323| [43452] Apache Tomcat HTTP Request Smuggling
18324| [43309] Apache Geronimo LoginModule Login Method Bypass
18325| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
18326| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
18327| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
18328| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
18329| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
18330| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
18331| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
18332| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
18333| [42091] Apache Maven Site Plugin Installation Permission Weakness
18334| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
18335| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
18336| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
18337| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
18338| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
18339| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
18340| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
18341| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
18342| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
18343| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
18344| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
18345| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
18346| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
18347| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
18348| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
18349| [40262] Apache HTTP Server mod_status refresh XSS
18350| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
18351| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
18352| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
18353| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
18354| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
18355| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
18356| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
18357| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
18358| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
18359| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
18360| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
18361| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
18362| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
18363| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
18364| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
18365| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
18366| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
18367| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
18368| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
18369| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
18370| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
18371| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
18372| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
18373| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
18374| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
18375| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
18376| [36080] Apache Tomcat JSP Examples Crafted URI XSS
18377| [36079] Apache Tomcat Manager Uploaded Filename XSS
18378| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
18379| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
18380| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
18381| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
18382| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
18383| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
18384| [34881] Apache Tomcat Malformed Accept-Language Header XSS
18385| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
18386| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
18387| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
18388| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
18389| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
18390| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
18391| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
18392| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
18393| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
18394| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
18395| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
18396| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
18397| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
18398| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
18399| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
18400| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
18401| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
18402| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
18403| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
18404| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
18405| [32724] Apache mod_python _filter_read Freed Memory Disclosure
18406| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
18407| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
18408| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
18409| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
18410| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
18411| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
18412| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
18413| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
18414| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
18415| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
18416| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
18417| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
18418| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
18419| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
18420| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
18421| [24365] Apache Struts Multiple Function Error Message XSS
18422| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
18423| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
18424| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
18425| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
18426| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
18427| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
18428| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
18429| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
18430| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
18431| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
18432| [22459] Apache Geronimo Error Page XSS
18433| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
18434| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
18435| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
18436| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
18437| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
18438| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
18439| [21021] Apache Struts Error Message XSS
18440| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
18441| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
18442| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
18443| [20439] Apache Tomcat Directory Listing Saturation DoS
18444| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
18445| [20285] Apache HTTP Server Log File Control Character Injection
18446| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
18447| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
18448| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
18449| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
18450| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
18451| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
18452| [19821] Apache Tomcat Malformed Post Request Information Disclosure
18453| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
18454| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
18455| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
18456| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
18457| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
18458| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
18459| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
18460| [18233] Apache HTTP Server htdigest user Variable Overfow
18461| [17738] Apache HTTP Server HTTP Request Smuggling
18462| [16586] Apache HTTP Server Win32 GET Overflow DoS
18463| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
18464| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
18465| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
18466| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
18467| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
18468| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
18469| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
18470| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
18471| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
18472| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
18473| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
18474| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
18475| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
18476| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
18477| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
18478| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
18479| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
18480| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
18481| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
18482| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
18483| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
18484| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
18485| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
18486| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
18487| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
18488| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
18489| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
18490| [13304] Apache Tomcat realPath.jsp Path Disclosure
18491| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
18492| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
18493| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
18494| [12848] Apache HTTP Server htdigest realm Variable Overflow
18495| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
18496| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
18497| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
18498| [12557] Apache HTTP Server prefork MPM accept Error DoS
18499| [12233] Apache Tomcat MS-DOS Device Name Request DoS
18500| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
18501| [12231] Apache Tomcat web.xml Arbitrary File Access
18502| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
18503| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
18504| [12178] Apache Jakarta Lucene results.jsp XSS
18505| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
18506| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
18507| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
18508| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
18509| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
18510| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
18511| [10471] Apache Xerces-C++ XML Parser DoS
18512| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
18513| [10068] Apache HTTP Server htpasswd Local Overflow
18514| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
18515| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
18516| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
18517| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
18518| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
18519| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
18520| [9717] Apache HTTP Server mod_cookies Cookie Overflow
18521| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
18522| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
18523| [9714] Apache Authentication Module Threaded MPM DoS
18524| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
18525| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
18526| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
18527| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
18528| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
18529| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
18530| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
18531| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
18532| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
18533| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
18534| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
18535| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
18536| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
18537| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
18538| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
18539| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
18540| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
18541| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
18542| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
18543| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
18544| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
18545| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
18546| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
18547| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
18548| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
18549| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
18550| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
18551| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
18552| [9208] Apache Tomcat .jsp Encoded Newline XSS
18553| [9204] Apache Tomcat ROOT Application XSS
18554| [9203] Apache Tomcat examples Application XSS
18555| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
18556| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
18557| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
18558| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
18559| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
18560| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
18561| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
18562| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
18563| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
18564| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
18565| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
18566| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
18567| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
18568| [7611] Apache HTTP Server mod_alias Local Overflow
18569| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
18570| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
18571| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
18572| [6882] Apache mod_python Malformed Query String Variant DoS
18573| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
18574| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
18575| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
18576| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
18577| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
18578| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
18579| [5526] Apache Tomcat Long .JSP URI Path Disclosure
18580| [5278] Apache Tomcat web.xml Restriction Bypass
18581| [5051] Apache Tomcat Null Character DoS
18582| [4973] Apache Tomcat servlet Mapping XSS
18583| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
18584| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
18585| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
18586| [4568] mod_survey For Apache ENV Tags SQL Injection
18587| [4553] Apache HTTP Server ApacheBench Overflow DoS
18588| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
18589| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
18590| [4383] Apache HTTP Server Socket Race Condition DoS
18591| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
18592| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
18593| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
18594| [4231] Apache Cocoon Error Page Server Path Disclosure
18595| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
18596| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
18597| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
18598| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
18599| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
18600| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
18601| [3322] mod_php for Apache HTTP Server Process Hijack
18602| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
18603| [2885] Apache mod_python Malformed Query String DoS
18604| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
18605| [2733] Apache HTTP Server mod_rewrite Local Overflow
18606| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
18607| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
18608| [2149] Apache::Gallery Privilege Escalation
18609| [2107] Apache HTTP Server mod_ssl Host: Header XSS
18610| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
18611| [1833] Apache HTTP Server Multiple Slash GET Request DoS
18612| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
18613| [872] Apache Tomcat Multiple Default Accounts
18614| [862] Apache HTTP Server SSI Error Page XSS
18615| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
18616| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
18617| [845] Apache Tomcat MSDOS Device XSS
18618| [844] Apache Tomcat Java Servlet Error Page XSS
18619| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
18620| [838] Apache HTTP Server Chunked Encoding Remote Overflow
18621| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
18622| [775] Apache mod_python Module Importing Privilege Function Execution
18623| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
18624| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
18625| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
18626| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
18627| [637] Apache HTTP Server UserDir Directive Username Enumeration
18628| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
18629| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
18630| [562] Apache HTTP Server mod_info /server-info Information Disclosure
18631| [561] Apache Web Servers mod_status /server-status Information Disclosure
18632| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
18633| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
18634| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
18635| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
18636| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
18637| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
18638| [376] Apache Tomcat contextAdmin Arbitrary File Access
18639| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
18640| [222] Apache HTTP Server test-cgi Arbitrary File Access
18641| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
18642| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
18643|_
186447443/tcp closed oracleas-https
186458152/tcp closed unknown
186468443/tcp closed https-alt
1864720000/tcp closed dnp
18648Device type: general purpose|storage-misc|broadband router|WAP
18649Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (94%), HP embedded (91%), Asus embedded (87%)
18650OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel cpe:/h:asus:rt-ac66u cpe:/o:linux:linux_kernel:2.6.22
18651Aggressive OS guesses: Linux 3.16 - 4.6 (94%), Linux 3.10 - 4.11 (92%), Linux 3.13 (92%), Linux 3.13 or 4.2 (92%), Linux 4.2 (92%), Linux 4.4 (92%), Linux 3.18 (91%), HP P2000 G3 NAS device (91%), Linux 3.2 - 4.9 (90%), Linux 3.16 (90%)
18652No exact OS matches for host (test conditions non-ideal).
18653Uptime guess: 165.294 days (since Sun May 12 06:04:40 2019)
18654Network Distance: 8 hops
18655TCP Sequence Prediction: Difficulty=259 (Good luck!)
18656IP ID Sequence Generation: All zeros
18657
18658TRACEROUTE (using port 587/tcp)
18659HOP RTT ADDRESS
186601 201.72 ms 10.243.204.1
186612 301.61 ms 45.131.4.2
186623 301.58 ms 109.236.95.230
186634 301.65 ms 109.236.95.173
186645 301.68 ms ams-ix.sara.xs4all.net (80.249.208.48)
186656 301.71 ms 0.et-8-1-0.xr3.3d12.xs4all.net (194.109.5.2)
186667 301.79 ms 0.ae11.xrc2.3d12.xs4all.net (194.109.5.78)
186678 301.75 ms 82.94.222.132
18668
18669NSE: Script Post-scanning.
18670Initiating NSE at 13:08
18671Completed NSE at 13:08, 0.00s elapsed
18672Initiating NSE at 13:08
18673Completed NSE at 13:08, 0.00s elapsed
18674Read data files from: /usr/bin/../share/nmap
18675#######################################################################################################################################
18676Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-24 13:08 EDT
18677NSE: Loaded 47 scripts for scanning.
18678NSE: Script Pre-scanning.
18679Initiating NSE at 13:08
18680Completed NSE at 13:08, 0.00s elapsed
18681Initiating NSE at 13:08
18682Completed NSE at 13:08, 0.00s elapsed
18683Initiating Parallel DNS resolution of 1 host. at 13:08
18684Completed Parallel DNS resolution of 1 host. at 13:08, 0.02s elapsed
18685Initiating UDP Scan at 13:08
18686Scanning 82.94.222.132 [15 ports]
18687Completed UDP Scan at 13:08, 2.85s elapsed (15 total ports)
18688Initiating Service scan at 13:08
18689Scanning 11 services on 82.94.222.132
18690Service scan Timing: About 9.09% done; ETC: 13:26 (0:16:20 remaining)
18691Completed Service scan at 13:10, 102.59s elapsed (11 services on 1 host)
18692Initiating OS detection (try #1) against 82.94.222.132
18693Retrying OS detection (try #2) against 82.94.222.132
18694Initiating Traceroute at 13:10
18695Completed Traceroute at 13:10, 7.23s elapsed
18696Initiating Parallel DNS resolution of 1 host. at 13:10
18697Completed Parallel DNS resolution of 1 host. at 13:10, 0.00s elapsed
18698NSE: Script scanning 82.94.222.132.
18699Initiating NSE at 13:10
18700Completed NSE at 13:10, 7.12s elapsed
18701Initiating NSE at 13:10
18702Completed NSE at 13:10, 1.06s elapsed
18703Nmap scan report for 82.94.222.132
18704Host is up (0.22s latency).
18705
18706PORT STATE SERVICE VERSION
1870753/udp closed domain
1870867/udp open|filtered dhcps
1870968/udp open|filtered dhcpc
1871069/udp open|filtered tftp
1871188/udp open|filtered kerberos-sec
18712123/udp closed ntp
18713137/udp filtered netbios-ns
18714138/udp filtered netbios-dgm
18715139/udp open|filtered netbios-ssn
18716161/udp open|filtered snmp
18717162/udp open|filtered snmptrap
18718389/udp open|filtered ldap
18719500/udp open|filtered isakmp
18720|_ike-version: ERROR: Script execution failed (use -d to debug)
18721520/udp open|filtered route
187222049/udp open|filtered nfs
18723Too many fingerprints match this host to give specific OS details
18724Network Distance: 8 hops
18725
18726TRACEROUTE (using port 137/udp)
18727HOP RTT ADDRESS
187281 ...
187292 104.83 ms 10.243.204.1
187303 242.80 ms 10.243.204.1
187314 242.80 ms 10.243.204.1
187325 242.80 ms 10.243.204.1
187336 242.80 ms 10.243.204.1
187347 242.79 ms 10.243.204.1
187358 101.24 ms 10.243.204.1
187369 ...
1873710 100.17 ms 10.243.204.1
1873811 ... 18
1873919 100.36 ms 10.243.204.1
1874020 99.00 ms 10.243.204.1
1874121 ... 27
1874228 102.44 ms 10.243.204.1
1874329 99.93 ms 10.243.204.1
1874430 100.84 ms 10.243.204.1
18745
18746NSE: Script Post-scanning.
18747Initiating NSE at 13:10
18748Completed NSE at 13:10, 0.00s elapsed
18749Initiating NSE at 13:10
18750Completed NSE at 13:10, 0.00s elapsed
18751#######################################################################################################################################
18752Hosts
18753=====
18754
18755address mac name os_name os_flavor os_sp purpose info comments
18756------- --- ---- ------- --------- ----- ------- ---- --------
1875782.94.222.132 Linux 3.X server
18758
18759Services
18760========
18761
18762host port proto name state info
18763---- ---- ----- ---- ----- ----
1876482.94.222.132 25 tcp smtp closed
1876582.94.222.132 53 tcp domain closed
1876682.94.222.132 53 udp domain closed
1876782.94.222.132 67 udp dhcps unknown
1876882.94.222.132 68 udp dhcpc unknown
1876982.94.222.132 69 udp tftp unknown
1877082.94.222.132 80 tcp http open nginx
1877182.94.222.132 88 udp kerberos-sec unknown
1877282.94.222.132 113 tcp ident closed
1877382.94.222.132 123 udp ntp closed
1877482.94.222.132 137 udp netbios-ns filtered
1877582.94.222.132 138 udp netbios-dgm filtered
1877682.94.222.132 139 tcp netbios-ssn closed
1877782.94.222.132 139 udp netbios-ssn unknown
1877882.94.222.132 161 udp snmp unknown
1877982.94.222.132 162 udp snmptrap unknown
1878082.94.222.132 220 tcp imap3 closed
1878182.94.222.132 389 udp ldap unknown
1878282.94.222.132 443 tcp ssl/http open nginx
1878382.94.222.132 445 tcp microsoft-ds closed
1878482.94.222.132 500 udp isakmp unknown
1878582.94.222.132 520 udp route unknown
1878682.94.222.132 587 tcp submission closed
1878782.94.222.132 993 tcp ssl/imaps open
1878882.94.222.132 995 tcp pop3s closed
1878982.94.222.132 2049 udp nfs unknown
1879082.94.222.132 5151 tcp esri_sde closed
1879182.94.222.132 5153 tcp toruxserver closed
1879282.94.222.132 7152 tcp ssl/http open nginx
1879382.94.222.132 7153 tcp ssl/http open Apache httpd
1879482.94.222.132 7162 tcp caistoragemgr closed
1879582.94.222.132 7163 tcp http open Apache httpd
1879682.94.222.132 7172 tcp metalbend closed
1879782.94.222.132 7173 tcp http open Apache httpd
1879882.94.222.132 7443 tcp oracleas-https closed
1879982.94.222.132 8152 tcp closed
1880082.94.222.132 8443 tcp https-alt closed
1880182.94.222.132 20000 tcp dnp closed
18802#######################################################################################################################################
18803 Anonymous JTSEC #OpDeathEathers Full Recon #5