· 6 years ago · Dec 09, 2019, 09:27 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname pedonia.com ISP WEDOS Internet, a.s.
4Continent Europe Flag
5CZ
6Country Czech Republic Country Code CZ
7Region Hlavni mesto Praha Local time 09 Dec 2019 09:18 CET
8City Prague Postal Code 120 00
9IP Address 89.221.213.22 Latitude 50.076
10 Longitude 14.448
11======================================================================================================================================
12######################################################################################################################################
13> pedonia.com
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: pedonia.com
19Address: 89.221.213.22
20>
21######################################################################################################################################
22 Domain Name: PEDONIA.COM
23 Registry Domain ID: 1987198265_DOMAIN_COM-VRSN
24 Registrar WHOIS Server: whois.ascio.com
25 Registrar URL: http://www.ascio.com
26 Updated Date: 2019-01-24T05:20:05Z
27 Creation Date: 2015-12-14T13:10:09Z
28 Registry Expiry Date: 2020-12-14T13:10:09Z
29 Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
30 Registrar IANA ID: 106
31 Registrar Abuse Contact Email: abuse@ascio.com
32 Registrar Abuse Contact Phone: +1.4165350123
33 Domain Status: ok https://icann.org/epp#ok
34 Name Server: NS.WEDOS.COM
35 Name Server: NS.WEDOS.CZ
36 Name Server: NS.WEDOS.EU
37 Name Server: NS.WEDOS.NET
38 DNSSEC: unsigned
39######################################################################################################################################
40[+] Target : pedonia.com
41
42[+] IP Address : 89.221.213.22
43
44[+] Headers :
45
46[+] Date : Mon, 09 Dec 2019 08:21:37 GMT
47[+] Server : ATS
48[+] Last-Modified : Wed, 28 Nov 2018 15:16:55 GMT
49[+] ETag : "2414-57bbb0e7d0985-gzip"
50[+] Accept-Ranges : bytes
51[+] Cache-Control : max-age=300
52[+] Expires : Mon, 09 Dec 2019 08:26:37 GMT
53[+] Vary : Accept-Encoding
54[+] Content-Encoding : gzip
55[+] Content-Length : 4411
56[+] Content-Type : text/html
57[+] Age : 140
58
59[+] SSL Certificate Information :
60
61[+] commonName : wms-le2.fhdomain.eu
62[+] countryName : US
63[+] organizationName : Let's Encrypt
64[+] commonName : Let's Encrypt Authority X3
65[+] Version : 3
66[+] Serial Number : 03BF98FFD2DC41B43A8EFF1D0CF9192112F2
67[+] Not Before : Nov 21 00:14:59 2019 GMT
68[+] Not After : Feb 19 00:14:59 2020 GMT
69[+] OCSP : ('http://ocsp.int-x3.letsencrypt.org',)
70[+] subject Alt Name : (('DNS', 'test.wms-le2.fhdomain.eu'), ('DNS', 'wms-le2.fhdomain.eu'), ('DNS', 'www.test.wms-le2.fhdomain.eu'), ('DNS', 'www.wms-le2.fhdomain.eu'))
71[+] CA Issuers : ('http://cert.int-x3.letsencrypt.org/',)
72
73[+] Whois Lookup :
74
75[+] NIR : None
76[+] ASN Registry : ripencc
77[+] ASN : 197019
78[+] ASN CIDR : 89.221.208.0/20
79[+] ASN Country Code : CZ
80[+] ASN Date : 2006-10-11
81[+] ASN Description : WEDOS, CZ
82[+] cidr : 89.221.208.0/20
83[+] name : CZ-WEDOS-20061011
84[+] handle : JG3833-RIPE
85[+] range : 89.221.208.0 - 89.221.223.255
86[+] description : None
87[+] country : CZ
88[+] state : None
89[+] city : None
90[+] address : Masarykova 1230
9137341
92Hluboka nad Vltavou
93CZECH REPUBLIC
94[+] postal_code : None
95[+] emails : None
96[+] created : 2016-10-11T08:37:08Z
97[+] updated : 2017-09-11T18:50:06Z
98
99[+] Crawling Target...
100
101[+] Looking for robots.txt........[ Found ]
102[+] Extracting robots Links.......[ 1 ]
103[+] Looking for sitemap.xml.......[ Not Found ]
104[+] Extracting CSS Links..........[ 0 ]
105[+] Extracting Javascript Links...[ 0 ]
106[+] Extracting Internal Links.....[ 0 ]
107[+] Extracting External Links.....[ 0 ]
108[+] Extracting Images.............[ 2 ]
109
110[+] Total Links Extracted : 3
111
112[+] Dumping Links in /opt/FinalRecon/dumps/pedonia.com.dump
113[+] Completed!
114#######################################################################################################################################
115[i] Scanning Site: http://pedonia.com
116
117
118
119B A S I C I N F O
120====================
121
122
123[+] Site Title: ��e Pedonia - Pedonia Empire
124[+] IP address: 89.221.213.22
125[+] Web Server: ATS
126[+] CMS: Could Not Detect
127[+] Cloudflare: Not Detected
128[+] Robots File: Found
129
130-------------[ contents ]----------------
131User-agent: *
132Disallow:
133Crawl-Delay: 5
134Request-rate: 18/1m 2100-0529
135Request-rate: 6/1m 0530-2059
136
137-----------[end of contents]-------------
138
139
140
141W H O I S L O O K U P
142========================
143
144 Domain Name: PEDONIA.COM
145 Registry Domain ID: 1987198265_DOMAIN_COM-VRSN
146 Registrar WHOIS Server: whois.ascio.com
147 Registrar URL: http://www.ascio.com
148 Updated Date: 2019-01-24T05:20:05Z
149 Creation Date: 2015-12-14T13:10:09Z
150 Registry Expiry Date: 2020-12-14T13:10:09Z
151 Registrar: Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA
152 Registrar IANA ID: 106
153 Registrar Abuse Contact Email: abuse@ascio.com
154 Registrar Abuse Contact Phone: +1.4165350123
155 Domain Status: ok https://icann.org/epp#ok
156 Name Server: NS.WEDOS.COM
157 Name Server: NS.WEDOS.CZ
158 Name Server: NS.WEDOS.EU
159 Name Server: NS.WEDOS.NET
160 DNSSEC: unsigned
161 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
162>>> Last update of whois database: 2019-12-09T08:23:50Z <<<
163
164For more information on Whois status codes, please visit https://icann.org/epp
165
166
167
168The Registry database contains ONLY .COM, .NET, .EDU domains and
169Registrars.
170
171
172
173
174G E O I P L O O K U P
175=========================
176
177[i] IP Address: 89.221.213.22
178[i] Country: Czechia
179[i] State:
180[i] City:
181[i] Latitude: 50.0848
182[i] Longitude: 14.411200000000001
183
184
185
186
187H T T P H E A D E R S
188=======================
189
190
191[i] HTTP/1.0 200 OK
192[i] Date: Mon, 09 Dec 2019 08:24:02 GMT
193[i] Server: ATS
194[i] Last-Modified: Wed, 28 Nov 2018 15:16:55 GMT
195[i] Accept-Ranges: bytes
196[i] Content-Length: 9236
197[i] Cache-Control: max-age=300
198[i] Vary: Accept-Encoding
199[i] Content-Type: text/html
200[i] Etag: "2414-57bbb0e7d0985"
201[i] Expires: Mon, 09 Dec 2019 08:29:02 GMT
202[i] Age: 7
203
204
205
206
207D N S L O O K U P
208===================
209
210pedonia.com. 3599 IN SOA ns.wedos.net. wedos.wedos.com. 2018111901 3600 1800 2592000 3600
211pedonia.com. 3599 IN NS ns.wedos.cz.
212pedonia.com. 3599 IN NS ns.wedos.eu.
213pedonia.com. 3599 IN NS ns.wedos.com.
214pedonia.com. 3599 IN NS ns.wedos.net.
215pedonia.com. 1799 IN A 89.221.213.22
216pedonia.com. 1799 IN MX 1 wes1-mx1.wedos.net.
217pedonia.com. 1799 IN MX 1 wes1-mx2.wedos.net.
218pedonia.com. 1799 IN MX 10 wes1-mx-backup.wedos.net.
219
220
221
222
223S U B N E T C A L C U L A T I O N
224====================================
225
226Address = 89.221.213.22
227Network = 89.221.213.22 / 32
228Netmask = 255.255.255.255
229Broadcast = not needed on Point-to-Point links
230Wildcard Mask = 0.0.0.0
231Hosts Bits = 0
232Max. Hosts = 1 (2^0 - 0)
233Host Range = { 89.221.213.22 - 89.221.213.22 }
234
235
236
237N M A P P O R T S C A N
238============================
239
240Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-09 08:24 UTC
241Nmap scan report for pedonia.com (89.221.213.22)
242Host is up (0.099s latency).
243rDNS record for 89.221.213.22: hc1-wd12.wedos.net
244
245PORT STATE SERVICE
24621/tcp open ftp
24722/tcp filtered ssh
24823/tcp filtered telnet
24980/tcp open http
250110/tcp filtered pop3
251143/tcp filtered imap
252443/tcp open https
2533389/tcp filtered ms-wbt-server
254
255Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds
256
257
258
259S U B - D O M A I N F I N D E R
260==================================
261
262
263[i] Total Subdomains Found : 1
264
265[+] Subdomain: wwww.pedonia.com
266[-] IP: 89.221.213.22
267######################################################################################################################################
268[+] Starting At 2019-12-09 03:24:25.260022
269[+] Collecting Information On: http://pedonia.com/
270[#] Status: 200
271--------------------------------------------------
272[#] Web Server Detected: ATS
273[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
274- Date: Mon, 09 Dec 2019 08:21:37 GMT
275- Server: ATS
276- Last-Modified: Wed, 28 Nov 2018 15:16:55 GMT
277- ETag: "2414-57bbb0e7d0985-gzip"
278- Accept-Ranges: bytes
279- Cache-Control: max-age=300
280- Expires: Mon, 09 Dec 2019 08:26:37 GMT
281- Vary: Accept-Encoding
282- Content-Encoding: gzip
283- Content-Length: 4411
284- Content-Type: text/html
285- Age: 168
286--------------------------------------------------
287[#] Finding Location..!
288[#] status: success
289[#] country: Czechia
290[#] countryCode: CZ
291[#] region: 10
292[#] regionName: Hlavni mesto Praha
293[#] city: Prague
294[#] zip: 120 00
295[#] lat: 50.0761
296[#] lon: 14.4479
297[#] timezone: Europe/Prague
298[#] isp: WEDOS Internet, a.s.
299[#] org: WEDOS Internet
300[#] as: AS197019 WEDOS Internet, a.s.
301[#] query: 89.221.213.22
302--------------------------------------------------
303[x] Didn't Detect WAF Presence on: http://pedonia.com/
304--------------------------------------------------
305[#] Starting Reverse DNS
306[-] Failed ! Fail
307--------------------------------------------------
308[!] Scanning Open Port
309[#] 21/tcp open ftp
310[#] 80/tcp open http
311[#] 443/tcp open https
312--------------------------------------------------
313[+] Collecting Information Disclosure!
314[#] Detecting sitemap.xml file
315[-] sitemap.xml file not Found!?
316[#] Detecting robots.txt file
317[!] robots.txt File Found: http://pedonia.com//robots.txt
318[#] Detecting GNU Mailman
319[-] GNU Mailman App Not Detected!?
320--------------------------------------------------
321[+] Crawling Url Parameter On: http://pedonia.com/
322--------------------------------------------------
323[#] Searching Html Form !
324[-] No Html Form Found!?
325--------------------------------------------------
326[-] No DOM Paramter Found!?
327--------------------------------------------------
328[-] No internal Dynamic Parameter Found!?
329--------------------------------------------------
330[-] No external Dynamic Paramter Found!?
331--------------------------------------------------
332[!] 2 Internal links Discovered
333[+] http://pedonia.com//en_version.html
334[+] http://pedonia.com//mailto:pedonia@protonmail.com
335--------------------------------------------------
336[-] No External Link Found!?
337--------------------------------------------------
338[#] Mapping Subdomain..
339[!] Found 2 Subdomain
340- www.pedonia.com
341- wwww.pedonia.com
342--------------------------------------------------
343[!] Done At 2019-12-09 03:24:46.601199
344#####################################################################################################################################
345[INFO] ------TARGET info------
346[*] TARGET: http://pedonia.com/
347[*] TARGET IP: 89.221.213.22
348[INFO] NO load balancer detected for pedonia.com...
349[*] DNS servers: ns.wedos.net.
350[*] TARGET server: ATS
351[*] CC: CZ
352[*] Country: Czechia
353[*] RegionCode: 10
354[*] RegionName: Hlavni mesto Praha
355[*] City: Prague
356[*] ASN: AS197019
357[*] BGP_PREFIX: 89.221.208.0/20
358[*] ISP: WEDOS WEDOS Internet, a.s., CZ
359[INFO] DNS enumeration:
360[*] ad.pedonia.com 89.221.213.22
361[*] admin.pedonia.com 89.221.213.22
362[*] ads.pedonia.com 89.221.213.22
363[*] alpha.pedonia.com 89.221.213.22
364[*] api.pedonia.com 89.221.213.22
365[*] api-online.pedonia.com 89.221.213.22
366[*] apolo.pedonia.com 89.221.213.22
367[*] app.pedonia.com 89.221.213.22
368[*] beta.pedonia.com 89.221.213.22
369[*] bi.pedonia.com 89.221.213.22
370[*] blog.pedonia.com 89.221.213.22
371[*] cdn.pedonia.com 89.221.213.22
372[*] events.pedonia.com 89.221.213.22
373[*] ex.pedonia.com 89.221.213.22
374[*] files.pedonia.com 89.221.213.22
375[*] ftp.pedonia.com 207935.w35.wedos.net. 89.221.213.22
376[*] gateway.pedonia.com 89.221.213.22
377[*] go.pedonia.com 89.221.213.22
378[*] help.pedonia.com 89.221.213.22
379[*] ib.pedonia.com 89.221.213.22
380[*] images.pedonia.com 89.221.213.22
381[*] internetbanking.pedonia.com 89.221.213.22
382[*] intranet.pedonia.com 89.221.213.22
383[*] jobs.pedonia.com 89.221.213.22
384[*] join.pedonia.com 89.221.213.22
385[*] live.pedonia.com 89.221.213.22
386[*] login.pedonia.com 89.221.213.22
387[*] m.pedonia.com 89.221.213.22
388[*] mail.pedonia.com 89.221.213.22
389[*] mail2.pedonia.com 89.221.213.22
390[*] mobile.pedonia.com 89.221.213.22
391[*] moodle.pedonia.com 89.221.213.22
392[*] mx.pedonia.com 89.221.213.22
393[*] mx2.pedonia.com 89.221.213.22
394[*] mx3.pedonia.com 89.221.213.22
395[*] my.pedonia.com 89.221.213.22
396[*] new.pedonia.com 89.221.213.22
397[*] news.pedonia.com 89.221.213.22
398[*] ns1.pedonia.com 89.221.213.22
399[*] ns2.pedonia.com 89.221.213.22
400[*] ns3.pedonia.com 89.221.213.22
401[*] oauth.pedonia.com 89.221.213.22
402[*] old.pedonia.com 89.221.213.22
403[*] one.pedonia.com 89.221.213.22
404[*] open.pedonia.com 89.221.213.22
405[*] out.pedonia.com 89.221.213.22
406[*] outlook.pedonia.com 89.221.213.22
407[*] portfolio.pedonia.com 89.221.213.22
408[*] raw.pedonia.com 89.221.213.22
409[*] repo.pedonia.com 89.221.213.22
410[*] router.pedonia.com 89.221.213.22
411[*] search.pedonia.com 89.221.213.22
412[*] siem.pedonia.com 89.221.213.22
413[*] slack.pedonia.com 89.221.213.22
414[*] slackbot.pedonia.com 89.221.213.22
415[*] snmp.pedonia.com 89.221.213.22
416[*] stream.pedonia.com 89.221.213.22
417[*] support.pedonia.com 89.221.213.22
418[*] syslog.pedonia.com 89.221.213.22
419[*] tags.pedonia.com 89.221.213.22
420[*] test.pedonia.com 89.221.213.22
421[*] upload.pedonia.com 89.221.213.22
422[*] video.pedonia.com 89.221.213.22
423[*] vpn.pedonia.com 89.221.213.22
424[*] webconf.pedonia.com 89.221.213.22
425[*] webmail.pedonia.com 89.221.213.22
426[*] webportal.pedonia.com 89.221.213.22
427[*] wiki.pedonia.com 89.221.213.22
428[*] www2.pedonia.com 89.221.213.22
429[*] www3.pedonia.com 89.221.213.22
430[*] zendesk.pedonia.com 89.221.213.22
431[INFO] Possible abuse mails are:
432[*] abuse@pedonia.com
433[*] postmaster@wedos.com
434[INFO] NO PAC (Proxy Auto Configuration) file FOUND
435[ALERT] robots.txt file FOUND in http://pedonia.com/robots.txt
436[INFO] Checking for HTTP status codes recursively from http://pedonia.com/robots.txt
437[INFO] Status code Folders
438[INFO] Starting FUZZing in http://pedonia.com/FUzZzZzZzZz...
439[INFO] Status code Folders
440[*] 200 http://pedonia.com/images
441[*] 200 http://pedonia.com/download
442[ALERT] Look in the source code. It may contain passwords
443[INFO] Links found from http://pedonia.com/ http://89.221.213.22/:
444[*] http://pedonia.com/en_version.html
445cut: intervalle de champ incorrecte
446Saisissez « cut --help » pour plus d'informations.
447[INFO] Shodan detected the following opened ports on 89.221.213.22:
448[*] 0
449[*] 1
450[*] 10
451[*] 11
452[*] 12
453[*] 13
454[*] 14
455[*] 15
456[*] 16
457[*] 17
458[*] 18
459[*] 19
460[*] 2
461[*] 21
462[*] 22
463[*] 23
464[*] 24
465[*] 25
466[*] 26
467[*] 27
468[*] 28
469[*] 29
470[*] 3
471[*] 30
472[*] 31
473[*] 32
474[*] 33
475[*] 34
476[*] 35
477[*] 36
478[*] 37
479[*] 38
480[*] 39
481[*] 4
482[*] 40
483[*] 41
484[*] 42
485[*] 43
486[*] 44
487[*] 443
488[*] 45
489[*] 46
490[*] 47
491[*] 48
492[*] 49
493[*] 5
494[*] 50
495[*] 51
496[*] 52
497[*] 53
498[*] 54
499[*] 55
500[*] 56
501[*] 57
502[*] 58
503[*] 59
504[*] 6
505[*] 60
506[*] 61
507[*] 62
508[*] 63
509[*] 64
510[*] 65
511[*] 66
512[*] 67
513[*] 68
514[*] 69
515[*] 7
516[*] 70
517[*] 71
518[*] 72
519[*] 73
520[*] 74
521[*] 75
522[*] 76
523[*] 77
524[*] 78
525[*] 79
526[*] 8
527[*] 80
528[*] 81
529[*] 82
530[*] 83
531[*] 84
532[*] 85
533[*] 86
534[*] 87
535[*] 88
536[*] 89
537[*] 9
538[*] 90
539[*] 91
540[*] 92
541[*] 93
542[*] 94
543[*] 95
544[*] 96
545[*] 97
546[*] 98
547[*] 99
548[INFO] ------VirusTotal SECTION------
549[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
550[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
551[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
552[INFO] ------Alexa Rank SECTION------
553[INFO] Percent of Visitors Rank in Country:
554[INFO] Percent of Search Traffic:
555[INFO] Percent of Unique Visits:
556[INFO] Total Sites Linking In:
557[*] Total Sites
558[INFO] Useful links related to pedonia.com - 89.221.213.22:
559[*] https://www.virustotal.com/pt/ip-address/89.221.213.22/information/
560[*] https://www.hybrid-analysis.com/search?host=89.221.213.22
561[*] https://www.shodan.io/host/89.221.213.22
562[*] https://www.senderbase.org/lookup/?search_string=89.221.213.22
563[*] https://www.alienvault.com/open-threat-exchange/ip/89.221.213.22
564[*] http://pastebin.com/search?q=89.221.213.22
565[*] http://urlquery.net/search.php?q=89.221.213.22
566[*] http://www.alexa.com/siteinfo/pedonia.com
567[*] http://www.google.com/safebrowsing/diagnostic?site=pedonia.com
568[*] https://censys.io/ipv4/89.221.213.22
569[*] https://www.abuseipdb.com/check/89.221.213.22
570[*] https://urlscan.io/search/#89.221.213.22
571[*] https://github.com/search?q=89.221.213.22&type=Code
572[INFO] Useful links related to AS197019 - 89.221.208.0/20:
573[*] http://www.google.com/safebrowsing/diagnostic?site=AS:197019
574[*] https://www.senderbase.org/lookup/?search_string=89.221.208.0/20
575[*] http://bgp.he.net/AS197019
576[*] https://stat.ripe.net/AS197019
577[INFO] Date: 09/12/19 | Time: 03:25:22
578[INFO] Total time: 0 minute(s) and 52 second(s)
579######################################################################################################################################
580Trying "pedonia.com"
581;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51297
582;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 4, ADDITIONAL: 8
583
584;; QUESTION SECTION:
585;pedonia.com. IN ANY
586
587;; ANSWER SECTION:
588pedonia.com. 5 IN MX 10 wes1-mx-backup.wedos.net.
589pedonia.com. 5 IN MX 1 wes1-mx2.wedos.net.
590pedonia.com. 5 IN MX 1 wes1-mx1.wedos.net.
591pedonia.com. 5 IN A 89.221.213.22
592pedonia.com. 5 IN SOA ns.wedos.net. wedos.wedos.com. 2018111901 3600 1800 2592000 3600
593pedonia.com. 5 IN NS ns.wedos.cz.
594pedonia.com. 5 IN NS ns.wedos.eu.
595pedonia.com. 5 IN NS ns.wedos.net.
596pedonia.com. 5 IN NS ns.wedos.com.
597
598;; AUTHORITY SECTION:
599pedonia.com. 3600 IN NS ns.wedos.cz.
600pedonia.com. 3600 IN NS ns.wedos.net.
601pedonia.com. 3600 IN NS ns.wedos.com.
602pedonia.com. 3600 IN NS ns.wedos.eu.
603
604;; ADDITIONAL SECTION:
605ns.wedos.cz. 1291 IN A 46.28.104.67
606ns.wedos.cz. 1291 IN AAAA 2a02:2b88:1:1::2
607ns.wedos.eu. 7399 IN A 164.138.27.146
608ns.wedos.eu. 7399 IN AAAA 2a02:2770::21a:4aff:fe46:ddc9
609ns.wedos.com. 7399 IN A 31.31.77.88
610ns.wedos.com. 7399 IN AAAA 2a02:2b88:2:1::66e7:1
611ns.wedos.net. 14450 IN A 213.136.87.214
612ns.wedos.net. 14450 IN AAAA 2a02:c207:2011:4247::1
613
614Received 499 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 162 ms
615######################################################################################################################################
616; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace pedonia.com any
617;; global options: +cmd
618. 86073 IN NS g.root-servers.net.
619. 86073 IN NS j.root-servers.net.
620. 86073 IN NS e.root-servers.net.
621. 86073 IN NS m.root-servers.net.
622. 86073 IN NS h.root-servers.net.
623. 86073 IN NS f.root-servers.net.
624. 86073 IN NS d.root-servers.net.
625. 86073 IN NS i.root-servers.net.
626. 86073 IN NS b.root-servers.net.
627. 86073 IN NS l.root-servers.net.
628. 86073 IN NS k.root-servers.net.
629. 86073 IN NS c.root-servers.net.
630. 86073 IN NS a.root-servers.net.
631. 86073 IN RRSIG NS 8 0 518400 20191222050000 20191209040000 22545 . CR1ytCPppEagg7LXvI/cezZJUn1piLfREIWRtsuiTKkhLAfJEzTISaEi 3nNcaiHwdRn3d/D4uouq4A/up7zEg+QBuqcbbjSjdWWKizzuuplfGVu2 AhoXSSsmCqz/2wXAcy2s/afxxZXUnQsEONqlJGa1kH/oVljPSQ/gVBwd Ddu513N0hKMKb5kLx5xJKygfwySPuB6IO2JS0dMlg7CbX1Q/XArU/Dxn sJdcF4/tC6l1787DwiCF5Phf1RvzLOKM3MZY4QY/8lBJSk2NTewkVU7R tKe16QNaCmIzPj5zbL55XyWdCABd7TkPnit4vTHQB+5MvQq4VEMdUyft k2iR3A==
632;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 166 ms
633
634com. 172800 IN NS e.gtld-servers.net.
635com. 172800 IN NS b.gtld-servers.net.
636com. 172800 IN NS j.gtld-servers.net.
637com. 172800 IN NS m.gtld-servers.net.
638com. 172800 IN NS i.gtld-servers.net.
639com. 172800 IN NS f.gtld-servers.net.
640com. 172800 IN NS a.gtld-servers.net.
641com. 172800 IN NS g.gtld-servers.net.
642com. 172800 IN NS h.gtld-servers.net.
643com. 172800 IN NS l.gtld-servers.net.
644com. 172800 IN NS k.gtld-servers.net.
645com. 172800 IN NS c.gtld-servers.net.
646com. 172800 IN NS d.gtld-servers.net.
647com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
648com. 86400 IN RRSIG DS 8 1 86400 20191222050000 20191209040000 22545 . X/VQ2EzAYlYesq/DehhBb8BAX3T6zoGyEsgTZ2tZYKeCb0CjnFqOJmBs lKuY6AWTeHwUzxPeSgZYK2TZKkj/8OA+GYpQAvglybIFPug8CJXtYRJr aKU8orH/NUOpM5vUIGdRnd85/PP9RGfFFnVOBH+JLuZOTUq7mYCcn4eC nCrExaHQB+Bgkg+hUbTR+4j7s1Fe0lnrCuMo1vmGmqLL81F2ByeW2rw2 shUYiM5vHF91LhnZ+ix9LMuU7/DG3mFVPNQyHK7/euA5e3q3nGtH5SBj vcFTI5sLc0bb/5lod1fmZjUQpo28+e97LEBeNV3tyYNqVedGN7pOnDiR x5jRng==
649;; Received 1171 bytes from 2001:503:ba3e::2:30#53(a.root-servers.net) in 51 ms
650
651pedonia.com. 172800 IN NS ns.wedos.net.
652pedonia.com. 172800 IN NS ns.wedos.cz.
653pedonia.com. 172800 IN NS ns.wedos.eu.
654pedonia.com. 172800 IN NS ns.wedos.com.
655CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
656CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20191213054807 20191206043807 12163 com. NjRosY9LtJZsqeG+g+/JAi8jqB/0KYSqvkI/a4KEUM8atk25ERfJ+69Y WLKQDc048p4OC4TFn/R+Z73M3Xo1uAp0QSiBOzQXasVb0RvXKJOIfDyy mIMQh9IJGXXBMNgrbCG1AaN4DyU4uTxi6nIsoOc58h1FYov7seLt9ezy waw1r5UbrRg6J7xML7Ge/yui3VffXOYoeitCRJZkeTvcGg==
6577LLJ09VT8663C9H7H8I3NCSMBD4QNHTL.com. 86400 IN NSEC3 1 1 0 - 7LLK11P0VR61K7JA9LBHTM24LDUOCB4H NS DS RRSIG
6587LLJ09VT8663C9H7H8I3NCSMBD4QNHTL.com. 86400 IN RRSIG NSEC3 8 2 86400 20191214055213 20191207044213 12163 com. RrZpveM3SYgNmiItF1cEjBr82kDry6LeNNcZaojNNZHGs2ssuMiI1Xq5 N7BMeQZQ4fnYGuC8u0jSGOP91+ouEqRMwCKAT/z69XwVA7xkTcsE7FFQ 9ndAlt5KZKMA1RfE6K9qy6+ygMB4NDexLrR2V9jEsW265RXQLH2GFjy+ F+Y3fzHhU5OX7aT0SD6Cv4CUgZd3pigTfLXBr0Y2SdhocQ==
659;; Received 732 bytes from 2001:503:d2d::30#53(k.gtld-servers.net) in 75 ms
660
661pedonia.com. 3600 IN SOA ns.wedos.net. wedos.wedos.com. 2018111901 3600 1800 2592000 3600
662pedonia.com. 3600 IN NS ns.wedos.cz.
663pedonia.com. 3600 IN NS ns.wedos.eu.
664pedonia.com. 3600 IN NS ns.wedos.com.
665pedonia.com. 3600 IN NS ns.wedos.net.
666pedonia.com. 1800 IN A 89.221.213.22
667pedonia.com. 1800 IN MX 1 wes1-mx1.wedos.net.
668pedonia.com. 1800 IN MX 1 wes1-mx2.wedos.net.
669pedonia.com. 1800 IN MX 10 wes1-mx-backup.wedos.net.
670;; Received 302 bytes from 2a02:2b88:1:1::2#53(ns.wedos.cz) in 136 ms
671
672#####################################################################################################################################
673[*] Performing General Enumeration of Domain: pedonia.com
674[!] Wildcard resolution is enabled on this domain
675[!] It is resolving to 89.221.213.22
676[!] All queries will resolve to this address!!
677[-] DNSSEC is not configured for pedonia.com
678[*] SOA ns.wedos.net 213.136.87.214
679[*] NS ns.wedos.eu 164.138.27.146
680[*] Bind Version for 164.138.27.146 off
681[*] NS ns.wedos.eu 2a02:2770::21a:4aff:fe46:ddc9
682[*] Bind Version for 2a02:2770::21a:4aff:fe46:ddc9 off
683[*] NS ns.wedos.cz 46.28.104.67
684[*] Bind Version for 46.28.104.67 off
685[*] NS ns.wedos.cz 2a02:2b88:1:1::2
686[*] Bind Version for 2a02:2b88:1:1::2 off
687[*] NS ns.wedos.com 31.31.77.88
688[*] Bind Version for 31.31.77.88 off
689[*] NS ns.wedos.com 2a02:2b88:2:1::66e7:1
690[*] Bind Version for 2a02:2b88:2:1::66e7:1 off
691[*] NS ns.wedos.net 213.136.87.214
692[*] Bind Version for 213.136.87.214 off
693[*] NS ns.wedos.net 2a02:c207:2011:4247::1
694[*] Bind Version for 2a02:c207:2011:4247::1 off
695[*] MX wes1-mx1.wedos.net 46.28.106.11
696[*] MX wes1-mx2.wedos.net 46.28.106.12
697[*] MX wes1-mx-backup.wedos.net 46.28.106.56
698[*] A pedonia.com 89.221.213.22
699[*] Enumerating SRV Records
700[-] No SRV Records Found for pedonia.com
701[+] 0 Records Found
702######################################################################################################################################
703[*] Processing domain pedonia.com
704[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
705[+] Getting nameservers
706164.138.27.146 - ns.wedos.eu
70746.28.104.67 - ns.wedos.cz
70831.31.77.88 - ns.wedos.com
709213.136.87.214 - ns.wedos.net
710[-] Zone transfer failed
711
712[+] MX records found, added to target list
7131 wes1-mx1.wedos.net.
7141 wes1-mx2.wedos.net.
71510 wes1-mx-backup.wedos.net.
716
717[+] Wildcard domain found - 89.221.213.22
718[*] Scanning pedonia.com for A records
71946.28.106.9 - imap.pedonia.com
72046.28.106.10 - imap.pedonia.com
72146.28.106.10 - pop3.pedonia.com
72246.28.106.9 - pop3.pedonia.com
72346.28.106.14 - smtp.pedonia.com
72446.28.106.13 - smtp.pedonia.com
725######################################################################################################################################
726AVAILABLE PLUGINS
727 -----------------
728
729 OpenSslCipherSuitesPlugin
730 RobotPlugin
731 HttpHeadersPlugin
732 CompressionPlugin
733 OpenSslCcsInjectionPlugin
734 SessionRenegotiationPlugin
735 SessionResumptionPlugin
736 CertificateInfoPlugin
737 FallbackScsvPlugin
738 HeartbleedPlugin
739 EarlyDataPlugin
740
741
742
743 CHECKING HOST(S) AVAILABILITY
744 -----------------------------
745
746 89.221.213.22:443 => 89.221.213.22
747
748
749
750
751 SCAN RESULTS FOR 89.221.213.22:443 - 89.221.213.22
752 --------------------------------------------------
753
754 * TLSV1 Cipher Suites:
755 Server rejected all cipher suites.
756
757 * Certificate Information:
758 Content
759 SHA1 Fingerprint: ad3205e2b4fb036a9172ca242c3705bdef183009
760 Common Name: wms-le2.fhdomain.eu
761 Issuer: Let's Encrypt Authority X3
762 Serial Number: 326534160844994766983912840367437458248434
763 Not Before: 2019-11-21 00:14:59
764 Not After: 2020-02-19 00:14:59
765 Signature Algorithm: sha256
766 Public Key Algorithm: RSA
767 Key Size: 2048
768 Exponent: 65537 (0x10001)
769 DNS Subject Alternative Names: ['test.wms-le2.fhdomain.eu', 'wms-le2.fhdomain.eu', 'www.test.wms-le2.fhdomain.eu', 'www.wms-le2.fhdomain.eu']
770
771 Trust
772 Hostname Validation: FAILED - Certificate does NOT match 89.221.213.22
773 Android CA Store (9.0.0_r9): OK - Certificate is trusted
774 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
775 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
776 Mozilla CA Store (2019-03-14): OK - Certificate is trusted
777 Windows CA Store (2019-05-27): OK - Certificate is trusted
778 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
779 Received Chain: wms-le2.fhdomain.eu --> Let's Encrypt Authority X3
780 Verified Chain: wms-le2.fhdomain.eu --> Let's Encrypt Authority X3 --> DST Root CA X3
781 Received Chain Contains Anchor: OK - Anchor certificate not sent
782 Received Chain Order: OK - Order is valid
783 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
784
785 Extensions
786 OCSP Must-Staple: NOT SUPPORTED - Extension not found
787 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
788
789 OCSP Stapling
790 NOT SUPPORTED - Server did not send back an OCSP response
791
792 * TLSV1_1 Cipher Suites:
793 Forward Secrecy OK - Supported
794 RC4 OK - Not Supported
795
796 Preferred:
797 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
798 Accepted:
799 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
800 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
801 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
802 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
803 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
804 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
805
806 * TLSV1_2 Cipher Suites:
807 Forward Secrecy OK - Supported
808 RC4 OK - Not Supported
809
810 Preferred:
811 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found on Accelerator
812 Accepted:
813 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found on Accelerator
814 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found on Accelerator
815 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
816 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found on Accelerator
817 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found on Accelerator
818 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
819 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 404 Not Found on Accelerator
820 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found on Accelerator
821 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 404 Not Found on Accelerator
822 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
823 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found on Accelerator
824 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found on Accelerator
825 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
826 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 404 Not Found on Accelerator
827 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 404 Not Found on Accelerator
828 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 404 Not Found on Accelerator
829 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 404 Not Found on Accelerator
830 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 404 Not Found on Accelerator
831 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 404 Not Found on Accelerator
832 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 404 Not Found on Accelerator
833
834 * Deflate Compression:
835 OK - Compression disabled
836
837 * SSLV3 Cipher Suites:
838 Server rejected all cipher suites.
839
840 * OpenSSL CCS Injection:
841 OK - Not vulnerable to OpenSSL CCS injection
842
843 * TLS 1.2 Session Resumption Support:
844 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
845 With TLS Tickets: OK - Supported
846
847 * Session Renegotiation:
848 Client-initiated Renegotiation: OK - Rejected
849 Secure Renegotiation: OK - Supported
850
851 * SSLV2 Cipher Suites:
852 Server rejected all cipher suites.
853
854 * Downgrade Attacks:
855 TLS_FALLBACK_SCSV: OK - Supported
856
857 * TLSV1_3 Cipher Suites:
858 Server rejected all cipher suites.
859
860 * OpenSSL Heartbleed:
861 OK - Not vulnerable to Heartbleed
862
863 * ROBOT Attack:
864 OK - Not vulnerable
865
866
867 SCAN COMPLETED IN 25.13 S
868 -------------------------
869######################################################################################################################################
870Domains still to check: 1
871 Checking if the hostname pedonia.com. given is in fact a domain...
872
873Analyzing domain: pedonia.com.
874 Checking NameServers using system default resolver...
875 IP: 164.138.27.146 (Netherlands)
876 HostName: ns.wedos.eu Type: NS
877 HostName: ns.wedos.eu Type: PTR
878 IP: 46.28.104.67 (Czech Republic)
879 HostName: ns.wedos.cz Type: NS
880 HostName: ns.wedos.cz Type: PTR
881 IP: 31.31.77.88 (Czech Republic)
882 HostName: ns.wedos.com Type: NS
883 HostName: ns.wedos.com Type: PTR
884 IP: 213.136.87.214 (Germany)
885 HostName: ns.wedos.net Type: NS
886 HostName: ns.wedos.net Type: PTR
887
888 Checking MailServers using system default resolver...
889 IP: 46.28.106.11 (Czech Republic)
890 HostName: wes1-mx1.wedos.net Type: MX
891 HostName: wes1-mx1.wedos.net Type: PTR
892 IP: 46.28.106.12 (Czech Republic)
893 HostName: wes1-mx2.wedos.net Type: MX
894 HostName: wes1-mx2.wedos.net Type: PTR
895 IP: 46.28.106.56 (Czech Republic)
896 HostName: wes1-mx-backup.wedos.net Type: MX
897 HostName: wes1-mx-backup.wedos.net Type: PTR
898 WARNING!! This domain has wildcards activated for hostnames resolution. We are checking "www" anyway, but perhaps it doesn't exists!
899
900 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
901 No zone transfer found on nameserver 213.136.87.214
902 No zone transfer found on nameserver 164.138.27.146
903 No zone transfer found on nameserver 46.28.104.67
904 No zone transfer found on nameserver 31.31.77.88
905
906 Checking SPF record...
907 No SPF record
908
909 Checking 1 most common hostnames using system default resolver...
910 IP: 89.221.213.22 (Czech Republic)
911 HostName: www.pedonia.com. Type: A
912
913 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
914 Checking netblock 46.28.106.0
915 Checking netblock 213.136.87.0
916 Checking netblock 164.138.27.0
917 Checking netblock 89.221.213.0
918 Checking netblock 46.28.104.0
919 Checking netblock 31.31.77.0
920
921 Searching for pedonia.com. emails in Google
922
923 Checking 8 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
924 Host 46.28.106.11 is up (reset ttl 64)
925 Host 213.136.87.214 is up (reset ttl 64)
926 Host 164.138.27.146 is up (reset ttl 64)
927 Host 89.221.213.22 is up (reset ttl 64)
928 Host 46.28.106.56 is up (reset ttl 64)
929 Host 46.28.106.12 is up (reset ttl 64)
930 Host 46.28.104.67 is up (reset ttl 64)
931 Host 31.31.77.88 is up (reset ttl 64)
932
933 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
934 Scanning ip 46.28.106.11 (wes1-mx1.wedos.net (PTR)):
935 Scanning ip 213.136.87.214 (ns.wedos.net (PTR)):
936 Scanning ip 164.138.27.146 (ns.wedos.eu (PTR)):
937 53/tcp open domain syn-ack ttl 50 (unknown banner: off)
938 | dns-nsid:
939 | NSID: ill7-tilaa (696c6c372d74696c6161)
940 | id.server: off
941 |_ bind.version: off
942 | fingerprint-strings:
943 | DNSVersionBindReqTCP:
944 | version
945 |_ bind
946 Scanning ip 89.221.213.22 (www.pedonia.com.):
947 80/tcp open http-proxy syn-ack ttl 55 Apache Traffic Server
948 |_http-server-header: ATS
949 443/tcp open ssl/http-proxy syn-ack ttl 55 Apache Traffic Server
950 |_http-server-header: ATS
951 |_http-title: Not Found on Accelerator
952 | ssl-cert: Subject: commonName=wms-le2.fhdomain.eu
953 | Subject Alternative Name: DNS:test.wms-le2.fhdomain.eu, DNS:wms-le2.fhdomain.eu, DNS:www.test.wms-le2.fhdomain.eu, DNS:www.wms-le2.fhdomain.eu
954 | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
955 | Public Key type: rsa
956 | Public Key bits: 2048
957 | Signature Algorithm: sha256WithRSAEncryption
958 | Not valid before: 2019-11-21T00:14:59
959 | Not valid after: 2020-02-19T00:14:59
960 | MD5: 14a3 a0fd 07fc 4f69 ac6b b424 e4e4 a852
961 |_SHA-1: ad32 05e2 b4fb 036a 9172 ca24 2c37 05bd ef18 3009
962 |_ssl-date: TLS randomness does not represent time
963 | tls-alpn:
964 | h2
965 |_ http/1.1
966 Device type: general purpose|storage-misc|media device|WAP
967 Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
968 Scanning ip 46.28.106.56 (wes1-mx-backup.wedos.net (PTR)):
969 Scanning ip 46.28.106.12 (wes1-mx2.wedos.net (PTR)):
970 Scanning ip 46.28.104.67 (ns.wedos.cz (PTR)):
971 53/tcp open domain syn-ack ttl 55 (unknown banner: off)
972 | dns-nsid:
973 | NSID: ()
974 | id.server: off
975 |_ bind.version: off
976 | fingerprint-strings:
977 | DNSVersionBindReqTCP:
978 | version
979 |_ bind
980 Scanning ip 31.31.77.88 (ns.wedos.com (PTR)):
981 53/tcp open domain syn-ack ttl 55 (unknown banner: off)
982 | dns-nsid:
983 | NSID: ()
984 | id.server: off
985 |_ bind.version: off
986 | fingerprint-strings:
987 | DNSVersionBindReqTCP:
988 | version
989 |_ bind
990 WebCrawling domain's web servers... up to 50 max links.
991
992 + URL to crawl: http://www.pedonia.com.
993 + Date: 2019-12-09
994
995 + Crawling URL: http://www.pedonia.com.:
996 + Links:
997 + Crawling http://www.pedonia.com.
998 + Crawling http://www.pedonia.com./en_version.html
999 + Crawling http://www.pedonia.com./
1000 + Crawling http://www.pedonia.com./index.html
1001 + Searching for directories...
1002 + Searching open folders...
1003 + Crawl finished successfully.
1004----------------------------------------------------------------------
1005Summary of http://http://www.pedonia.com.
1006----------------------------------------------------------------------
1007+ Links crawled:
1008 - http://www.pedonia.com.
1009 - http://www.pedonia.com./
1010 - http://www.pedonia.com./en_version.html
1011 - http://www.pedonia.com./index.html
1012 Total links crawled: 4
1013
1014+ Links to files found:
1015 - http://www.pedonia.com./cz_symb.gif
1016 - http://www.pedonia.com./en_symb.gif
1017 - http://www.pedonia.com./logo.png
1018 Total links to files: 3
1019
1020+ Externals links found:
1021 Total external links: 0
1022
1023+ Email addresses found:
1024 Total email address found: 0
1025
1026+ Directories found:
1027 Total directories: 0
1028
1029+ Directory indexing found:
1030 Total directories with indexing: 0
1031
1032----------------------------------------------------------------------
1033
1034
1035 + URL to crawl: http://www.pedonia.com.:443
1036 + Date: 2019-12-09
1037
1038 + Crawling URL: http://www.pedonia.com.:443:
1039 + Links:
1040 + Crawling http://www.pedonia.com.:443
1041 + Searching for directories...
1042 + Searching open folders...
1043
1044--Finished--
1045Summary information for domain pedonia.com.
1046-----------------------------------------
1047
1048 Domain Ips Information:
1049 IP: 46.28.106.11
1050 HostName: wes1-mx1.wedos.net Type: MX
1051 HostName: wes1-mx1.wedos.net Type: PTR
1052 Country: Czech Republic
1053 Is Active: True (reset ttl 64)
1054 IP: 213.136.87.214
1055 HostName: ns.wedos.net Type: NS
1056 HostName: ns.wedos.net Type: PTR
1057 Country: Germany
1058 Is Active: True (reset ttl 64)
1059 IP: 164.138.27.146
1060 HostName: ns.wedos.eu Type: NS
1061 HostName: ns.wedos.eu Type: PTR
1062 Country: Netherlands
1063 Is Active: True (reset ttl 64)
1064 Port: 53/tcp open domain syn-ack ttl 50 (unknown banner: off)
1065 Script Info: | dns-nsid:
1066 Script Info: | NSID: ill7-tilaa (696c6c372d74696c6161)
1067 Script Info: | id.server: off
1068 Script Info: |_ bind.version: off
1069 Script Info: | fingerprint-strings:
1070 Script Info: | DNSVersionBindReqTCP:
1071 Script Info: | version
1072 Script Info: |_ bind
1073 IP: 89.221.213.22
1074 HostName: www.pedonia.com. Type: A
1075 Country: Czech Republic
1076 Is Active: True (reset ttl 64)
1077 Port: 80/tcp open http-proxy syn-ack ttl 55 Apache Traffic Server
1078 Script Info: |_http-server-header: ATS
1079 Port: 443/tcp open ssl/http-proxy syn-ack ttl 55 Apache Traffic Server
1080 Script Info: |_http-server-header: ATS
1081 Script Info: |_http-title: Not Found on Accelerator
1082 Script Info: | ssl-cert: Subject: commonName=wms-le2.fhdomain.eu
1083 Script Info: | Subject Alternative Name: DNS:test.wms-le2.fhdomain.eu, DNS:wms-le2.fhdomain.eu, DNS:www.test.wms-le2.fhdomain.eu, DNS:www.wms-le2.fhdomain.eu
1084 Script Info: | Issuer: commonName=Let's Encrypt Authority X3/organizationName=Let's Encrypt/countryName=US
1085 Script Info: | Public Key type: rsa
1086 Script Info: | Public Key bits: 2048
1087 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1088 Script Info: | Not valid before: 2019-11-21T00:14:59
1089 Script Info: | Not valid after: 2020-02-19T00:14:59
1090 Script Info: | MD5: 14a3 a0fd 07fc 4f69 ac6b b424 e4e4 a852
1091 Script Info: |_SHA-1: ad32 05e2 b4fb 036a 9172 ca24 2c37 05bd ef18 3009
1092 Script Info: |_ssl-date: TLS randomness does not represent time
1093 Script Info: | tls-alpn:
1094 Script Info: | h2
1095 Script Info: |_ http/1.1
1096 Script Info: Device type: general purpose|storage-misc|media device|WAP
1097 Script Info: Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
1098 IP: 46.28.106.56
1099 HostName: wes1-mx-backup.wedos.net Type: MX
1100 HostName: wes1-mx-backup.wedos.net Type: PTR
1101 Country: Czech Republic
1102 Is Active: True (reset ttl 64)
1103 IP: 46.28.106.12
1104 HostName: wes1-mx2.wedos.net Type: MX
1105 HostName: wes1-mx2.wedos.net Type: PTR
1106 Country: Czech Republic
1107 Is Active: True (reset ttl 64)
1108 IP: 46.28.104.67
1109 HostName: ns.wedos.cz Type: NS
1110 HostName: ns.wedos.cz Type: PTR
1111 Country: Czech Republic
1112 Is Active: True (reset ttl 64)
1113 Port: 53/tcp open domain syn-ack ttl 55 (unknown banner: off)
1114 Script Info: | dns-nsid:
1115 Script Info: | NSID: ()
1116 Script Info: | id.server: off
1117 Script Info: |_ bind.version: off
1118 Script Info: | fingerprint-strings:
1119 Script Info: | DNSVersionBindReqTCP:
1120 Script Info: | version
1121 Script Info: |_ bind
1122 IP: 31.31.77.88
1123 HostName: ns.wedos.com Type: NS
1124 HostName: ns.wedos.com Type: PTR
1125 Country: Czech Republic
1126 Is Active: True (reset ttl 64)
1127 Port: 53/tcp open domain syn-ack ttl 55 (unknown banner: off)
1128 Script Info: | dns-nsid:
1129 Script Info: | NSID: ()
1130 Script Info: | id.server: off
1131 Script Info: |_ bind.version: off
1132 Script Info: | fingerprint-strings:
1133 Script Info: | DNSVersionBindReqTCP:
1134 Script Info: | version
1135 Script Info: |_ bind
1136
1137--------------End Summary --------------
1138-----------------------------------------
1139######################################################################################################################################
1140traceroute to pedonia.com (89.221.213.22), 30 hops max, 60 byte packets
1141 1 10.209.200.1 (10.209.200.1) 129.706 ms 129.698 ms 129.693 ms
1142 2 * * *
1143 3 te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49) 130.174 ms 134.207 ms 134.372 ms
1144 4 be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249) 134.191 ms 134.353 ms 134.345 ms
1145 5 be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194) 139.747 ms 139.853 ms be3740.ccr21.sto03.atlas.cogentco.com (154.54.60.190) 139.700 ms
1146 6 be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105) 158.282 ms 155.967 ms 152.494 ms
1147 7 be3027.ccr21.prg01.atlas.cogentco.com (130.117.1.206) 167.474 ms 163.891 ms 163.867 ms
1148 8 149.6.25.178 (149.6.25.178) 162.410 ms 163.803 ms 167.635 ms
1149 9 46.28.104.42 (46.28.104.42) 162.835 ms 164.314 ms 167.908 ms
115010 hc1-wd12.wedos.net (89.221.213.22) 166.085 ms 167.628 ms 166.750 ms
1151######################################################################################################################################
1152----- pedonia.com -----
1153
1154
1155Host's addresses:
1156__________________
1157
1158pedonia.com. 98 IN A 89.221.213.22
1159
1160
1161Wildcard detection using: jksvfucnbujn
1162_______________________________________
1163
1164jksvfucnbujn.pedonia.com. 1800 IN A 89.221.213.22
1165
1166
1167!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1168
1169 Wildcards detected, all subdomains will point to the same IP address
1170 Omitting results containing 89.221.213.22.
1171 Maybe you are using OpenDNS servers.
1172
1173!!!!!!!!!!!!!!!!!!!!!!!!!!!!
1174
1175
1176Name Servers:
1177______________
1178
1179ns.wedos.com. 85307 IN A 31.31.77.88
1180ns.wedos.eu. 85415 IN A 164.138.27.146
1181ns.wedos.cz. 2680 IN A 46.28.104.67
1182ns.wedos.net. 85081 IN A 213.136.87.214
1183
1184
1185Mail (MX) Servers:
1186___________________
1187
1188wes1-mx1.wedos.net. 903 IN A 46.28.106.11
1189wes1-mx2.wedos.net. 903 IN A 46.28.106.12
1190wes1-mx-backup.wedos.net. 903 IN A 46.28.106.56
1191
1192
1193Brute forcing with /usr/share/dnsenum/dns.txt:
1194_______________________________________________
1195
1196ftp.pedonia.com. 542 IN CNAME 207935.w35.wedos.net.
1197smtp.pedonia.com. 884 IN CNAME smtp-207935.m35.wedos.net.
1198smtp-207935.m35.wedos.net. 884 IN CNAME wes1-smtp.wedos.net.
1199wes1-smtp.wedos.net. 884 IN A 46.28.106.13
1200wes1-smtp.wedos.net. 884 IN A 46.28.106.14
1201
1202
1203Launching Whois Queries:
1204_________________________
1205
1206 whois ip result: 89.221.213.0 -> 89.221.208.0/20
1207
1208
1209pedonia.com___________
1210
1211 89.221.208.0/20
1212
1213######################################################################################################################################
1214WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
1215Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 03:28 EST
1216Nmap scan report for hc1-wd12.wedos.net (89.221.213.22)
1217Host is up (0.16s latency).
1218Not shown: 490 filtered ports, 3 closed ports
1219Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1220PORT STATE SERVICE
122121/tcp open ftp
122280/tcp open http
1223443/tcp open https
1224
1225Nmap done: 1 IP address (1 host up) scanned in 6.90 seconds
1226######################################################################################################################################
1227Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 03:28 EST
1228Nmap scan report for hc1-wd12.wedos.net (89.221.213.22)
1229Host is up (0.13s latency).
1230Not shown: 2 filtered ports
1231PORT STATE SERVICE
123253/udp open|filtered domain
123367/udp open|filtered dhcps
123468/udp open|filtered dhcpc
123569/udp open|filtered tftp
123688/udp open|filtered kerberos-sec
1237123/udp open|filtered ntp
1238139/udp open|filtered netbios-ssn
1239161/udp open|filtered snmp
1240162/udp open|filtered snmptrap
1241389/udp open|filtered ldap
1242500/udp open|filtered isakmp
1243520/udp open|filtered route
12442049/udp open|filtered nfs
1245
1246Nmap done: 1 IP address (1 host up) scanned in 3.02 seconds
1247######################################################################################################################################
1248Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 03:53 EST
1249Nmap scan report for hc1-wd12.wedos.net (89.221.213.22)
1250Host is up (0.15s latency).
1251Not shown: 994 filtered ports
1252PORT STATE SERVICE VERSION
125325/tcp closed smtp
125480/tcp open http-proxy Apache Traffic Server
1255|_http-server-header: ATS
1256139/tcp closed netbios-ssn
1257443/tcp open ssl/http-proxy Apache Traffic Server
1258|_http-server-header: ATS
1259|_http-title: Not Found on Accelerator
1260| ssl-cert: Subject: commonName=wms-le2.fhdomain.eu
1261| Subject Alternative Name: DNS:test.wms-le2.fhdomain.eu, DNS:wms-le2.fhdomain.eu, DNS:www.test.wms-le2.fhdomain.eu, DNS:www.wms-le2.fhdomain.eu
1262| Not valid before: 2019-11-21T00:14:59
1263|_Not valid after: 2020-02-19T00:14:59
1264|_ssl-date: TLS randomness does not represent time
1265| tls-alpn:
1266| h2
1267|_ http/1.1
1268445/tcp closed microsoft-ds
126921571/tcp closed unknown
1270Device type: general purpose|storage-misc|WAP
1271Running (JUST GUESSING): Linux 2.6.X|4.X|3.X (92%), HP embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
1272OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:4.4 cpe:/o:linux:linux_kernel:3 cpe:/h:hp:p2000_g3 cpe:/o:linux:linux_kernel:2.6.32 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
1273Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 4.4 (88%), Linux 3.10 - 4.11 (87%), Linux 3.10 - 3.12 (87%), Linux 2.6.18 (86%), Linux 3.2 - 4.9 (86%), Linux 3.7 (85%), HP P2000 G3 NAS device (85%), Linux 3.16 - 4.6 (85%), Linux 4.9 (85%)
1274No exact OS matches for host (test conditions non-ideal).
1275
1276####################################################################################################################################
1277Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 03:53 EST
1278Nmap scan report for hc1-wd12.wedos.net (89.221.213.22)
1279Host is up (0.16s latency).
1280Not shown: 994 filtered ports
1281PORT STATE SERVICE VERSION
128225/tcp closed smtp
128380/tcp open http-proxy Apache Traffic Server
1284|_http-server-header: ATS
1285139/tcp closed netbios-ssn
1286443/tcp open ssl/http-proxy Apache Traffic Server
1287|_http-server-header: ATS
1288|_http-title: Not Found on Accelerator
1289| ssl-cert: Subject: commonName=wms-le2.fhdomain.eu
1290| Subject Alternative Name: DNS:test.wms-le2.fhdomain.eu, DNS:wms-le2.fhdomain.eu, DNS:www.test.wms-le2.fhdomain.eu, DNS:www.wms-le2.fhdomain.eu
1291| Not valid before: 2019-11-21T00:14:59
1292|_Not valid after: 2020-02-19T00:14:59
1293|_ssl-date: TLS randomness does not represent time
1294| tls-alpn:
1295| h2
1296|_ http/1.1
1297445/tcp closed microsoft-ds
129821571/tcp closed unknown
1299Device type: general purpose|storage-misc|media device|WAP
1300Running (JUST GUESSING): Linux 2.6.X|3.X|4.X (92%), HP embedded (85%), Infomir embedded (85%), Ubiquiti embedded (85%), Ubiquiti AirOS 5.X (85%)
1301OS CPE: cpe:/o:linux:linux_kernel:2.6 cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4.4 cpe:/h:hp:p2000_g3 cpe:/h:infomir:mag-250 cpe:/o:linux:linux_kernel:2.6.32 cpe:/h:ubnt:airmax_nanostation cpe:/o:ubnt:airos:5.5.9
1302Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%), Linux 3.10 - 3.12 (88%), Linux 4.4 (88%), Linux 4.9 (87%), Linux 3.10 - 4.11 (87%), Linux 2.6.18 (86%), Linux 3.2 - 4.9 (86%), Linux 3.7 (85%), HP P2000 G3 NAS device (85%), Linux 3.16 - 4.6 (85%)
1303No exact OS matches for host (test conditions non-ideal).
1304Network Distance: 12 hops
1305
1306TRACEROUTE (using port 21571/tcp)
1307HOP RTT ADDRESS
13081 134.75 ms 10.209.200.1
13092 ...
13103 135.46 ms te0-0-2-1.nr11.b069785-0.tll01.atlas.cogentco.com (149.6.188.49)
13114 135.29 ms be2160.rcr51.tll01.atlas.cogentco.com (154.25.10.249)
13125 137.53 ms be3741.ccr22.sto03.atlas.cogentco.com (154.54.60.194)
13136 152.54 ms be2282.ccr42.ham01.atlas.cogentco.com (154.54.72.105)
13147 167.34 ms be3027.ccr21.prg01.atlas.cogentco.com (130.117.1.206)
13158 167.19 ms 149.6.25.178
13169 163.19 ms ddos-filter-r4.wedos.net (46.28.104.38)
131710 171.01 ms r4-b.wedos.net (46.28.104.36)
131811 164.04 ms 46.28.104.42
131912 162.47 ms hc1-wd12.wedos.net (89.221.213.22)
1320
1321#####################################################################################################################################
1322Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 04:05 EST
1323SENT (0.2158s) ICMP [10.209.203.82 > 89.221.213.22 Echo request (type=8/code=0) id=60351 seq=0] IP [ttl=54 id=8054 iplen=28 ]
1324SENT (0.2159s) igmp (2) 10.209.203.82 > 89.221.213.22: ttl=58 id=12428 iplen=28
1325SENT (0.2159s) ipv4 (4) 10.209.203.82 > 89.221.213.22: ttl=38 id=20288 iplen=20
1326RCVD (0.3784s) ICMP [89.221.213.22 > 10.209.203.82 Echo reply (type=0/code=0) id=60351 seq=0] IP [ttl=55 id=63231 iplen=28 ]
1327NSOCK INFO [0.4070s] nsock_iod_new2(): nsock_iod_new (IOD #1)
1328NSOCK INFO [0.4070s] nsock_connect_udp(): UDP connection requested to 192.168.0.1:53 (IOD #1) EID 8
1329NSOCK INFO [0.4070s] nsock_read(): Read request from IOD #1 [192.168.0.1:53] (timeout: -1ms) EID 18
1330NSOCK INFO [0.4070s] nsock_iod_new2(): nsock_iod_new (IOD #2)
1331NSOCK INFO [0.4070s] nsock_connect_udp(): UDP connection requested to 2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53 (IOD #2) EID 24
1332NSOCK INFO [0.4070s] nsock_read(): Read request from IOD #2 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53] (timeout: -1ms) EID 34
1333NSOCK INFO [0.4070s] nsock_iod_new2(): nsock_iod_new (IOD #3)
1334NSOCK INFO [0.4070s] nsock_connect_udp(): UDP connection requested to 38.132.106.139:53 (IOD #3) EID 40
1335NSOCK INFO [0.4070s] nsock_read(): Read request from IOD #3 [38.132.106.139:53] (timeout: -1ms) EID 50
1336NSOCK INFO [0.4070s] nsock_iod_new2(): nsock_iod_new (IOD #4)
1337NSOCK INFO [0.4070s] nsock_connect_udp(): UDP connection requested to 194.187.251.67:53 (IOD #4) EID 56
1338NSOCK INFO [0.4070s] nsock_read(): Read request from IOD #4 [194.187.251.67:53] (timeout: -1ms) EID 66
1339NSOCK INFO [0.4070s] nsock_iod_new2(): nsock_iod_new (IOD #5)
1340NSOCK INFO [0.4070s] nsock_connect_udp(): UDP connection requested to 185.93.180.131:53 (IOD #5) EID 72
1341NSOCK INFO [0.4070s] nsock_read(): Read request from IOD #5 [185.93.180.131:53] (timeout: -1ms) EID 82
1342NSOCK INFO [0.4070s] nsock_write(): Write request for 44 bytes to IOD #1 EID 91 [192.168.0.1:53]
1343NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [192.168.0.1:53]
1344NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [192.168.0.1:53]
1345NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [2001:18c0:121:6900:724f:b8ff:fefd:5b6a:53]
1346NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [38.132.106.139:53]
1347NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [194.187.251.67:53]
1348NSOCK INFO [0.4070s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 72 [185.93.180.131:53]
1349NSOCK INFO [0.4240s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [192.168.0.1:53] (345 bytes)
1350NSOCK INFO [0.4240s] nsock_read(): Read request from IOD #1 [192.168.0.1:53] (timeout: -1ms) EID 98
1351NSOCK INFO [0.4240s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
1352NSOCK INFO [0.4240s] nevent_delete(): nevent_delete on event #98 (type READ)
1353NSOCK INFO [0.4240s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
1354NSOCK INFO [0.4240s] nevent_delete(): nevent_delete on event #34 (type READ)
1355NSOCK INFO [0.4240s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
1356NSOCK INFO [0.4240s] nevent_delete(): nevent_delete on event #50 (type READ)
1357NSOCK INFO [0.4240s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
1358NSOCK INFO [0.4240s] nevent_delete(): nevent_delete on event #66 (type READ)
1359NSOCK INFO [0.4240s] nsock_iod_delete(): nsock_iod_delete (IOD #5)
1360NSOCK INFO [0.4240s] nevent_delete(): nevent_delete on event #82 (type READ)
1361Nmap scan report for pedonia.com (89.221.213.22)
1362Host is up (0.16s latency).
1363rDNS record for 89.221.213.22: hc1-wd12.wedos.net
1364Nmap done: 1 IP address (1 host up) scanned in 0.42 seconds
1365#######################################################################################################################################
1366Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 04:05 EST
1367Nmap scan report for pedonia.com (89.221.213.22)
1368Host is up (0.16s latency).
1369rDNS record for 89.221.213.22: hc1-wd12.wedos.net
1370Not shown: 993 filtered ports
1371PORT STATE SERVICE VERSION
137221/tcp open ftp vsftpd 3.0.2
137325/tcp closed smtp
137480/tcp open http-proxy Apache Traffic Server
1375|_http-server-header: ATS
1376139/tcp closed netbios-ssn
1377443/tcp open ssl/http-proxy Apache Traffic Server
1378|_http-server-header: ATS
1379|_http-title: Not Found on Accelerator
1380445/tcp closed microsoft-ds
138121571/tcp closed unknown
1382Service Info: OS: Unix
1383
1384######################################################################################################################################
1385Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 04:07 EST
1386Nmap scan report for pedonia.com (89.221.213.22)
1387Host is up (0.15s latency).
1388rDNS record for 89.221.213.22: hc1-wd12.wedos.net
1389Not shown: 993 filtered ports
1390PORT STATE SERVICE
139121/tcp open ftp
139225/tcp closed smtp
139380/tcp open http
1394139/tcp closed netbios-ssn
1395443/tcp open https
1396445/tcp closed microsoft-ds
139721571/tcp closed unknown
1398
1399Host script results:
1400| dns-brute:
1401| DNS Brute-force hostnames:
1402| smtp.pedonia.com - 46.28.106.13
1403| smtp.pedonia.com - 46.28.106.14
1404|_ *A: 89.221.213.22
1405#######################################################################################################################################
1406Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-09 04:07 EST
1407Nmap scan report for hc1-wd12.wedos.net (89.221.213.22)
1408Host is up (0.16s latency).
1409Not shown: 993 filtered ports
1410PORT STATE SERVICE VERSION
141121/tcp open ftp vsftpd 3.0.2
1412| vulscan: VulDB - https://vuldb.com:
1413| [68991] vsftpd 3.0.2 deny_file unknown vulnerability
1414|
1415| MITRE CVE - https://cve.mitre.org:
1416| [CVE-2012-2127] fs/proc/root.c in the procfs implementation in the Linux kernel before 3.2 does not properly interact with CLONE_NEWPID clone system calls, which allows remote attackers to cause a denial of service (reference leak and memory consumption) by making many connections to a daemon that uses PID namespaces to isolate clients, as demonstrated by vsftpd.
1417| [CVE-2008-2375] Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
1418|
1419| SecurityFocus - https://www.securityfocus.com/bid/:
1420| [82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability
1421| [72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability
1422| [51013] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
1423| [48539] vsftpd Compromised Source Packages Backdoor Vulnerability
1424| [46617] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
1425| [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
1426| [30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
1427| [29322] vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
1428| [10394] Vsftpd Listener Denial of Service Vulnerability
1429| [7253] Red Hat Linux 9 vsftpd Compiling Error Weakness
1430|
1431| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1432| [68366] vsftpd package backdoor
1433| [65873] vsftpd vsf_filename_passes_filter denial of service
1434| [55148] VSFTPD-WEBMIN-MODULE unknown unspecified
1435| [43685] vsftpd authentication attempts denial of service
1436| [42593] vsftpd deny_file denial of service
1437| [16222] vsftpd connection denial of service
1438| [14844] vsftpd message allows attacker to obtain username
1439| [11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server
1440|
1441| Exploit-DB - https://www.exploit-db.com:
1442| [17491] VSFTPD 2.3.4 - Backdoor Command Execution
1443| [16270] vsftpd 2.3.2 - Denial of Service Vulnerability
1444| [5814] vsftpd 2.0.5 (CWD) Remote Memory Consumption Exploit (post auth)
1445|
1446| OpenVAS (Nessus) - http://www.openvas.org:
1447| [881289] CentOS Update for vsftpd CESA-2011:0337 centos5 x86_64
1448| [880533] CentOS Update for vsftpd CESA-2011:0337 centos5 i386
1449| [880479] CentOS Update for vsftpd CESA-2011:0337 centos4 i386
1450| [880293] CentOS Update for vsftpd CESA-2008:0579 centos3 i386
1451| [880025] CentOS Update for vsftpd CESA-2008:0579 centos3 x86_64
1452| [870407] RedHat Update for vsftpd RHSA-2011:0337-01
1453| [870152] RedHat Update for vsftpd RHSA-2008:0680-01
1454| [870114] RedHat Update for vsftpd RHSA-2008:0295-01
1455| [870032] RedHat Update for vsftpd RHSA-2008:0579-01
1456| [862926] Fedora Update for vsftpd FEDORA-2011-2615
1457| [862925] Fedora Update for vsftpd FEDORA-2011-2590
1458| [860821] Fedora Update for vsftpd FEDORA-2008-4347
1459| [860676] Fedora Update for vsftpd FEDORA-2008-4373
1460| [860005] Fedora Update for vsftpd FEDORA-2008-4362
1461| [840831] Ubuntu Update for vsftpd USN-1288-1
1462| [840623] Ubuntu Update for vsftpd vulnerability USN-1098-1
1463| [831351] Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd)
1464| [103362] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
1465| [103185] vsftpd Compromised Source Packages Backdoor Vulnerability
1466| [103101] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
1467| [71966] Slackware Advisory SSA:2012-041-05 vsftpd
1468| [70770] Gentoo Security Advisory GLSA 201110-07 (vsftpd)
1469| [70399] Debian Security Advisory DSA 2305-1 (vsftpd)
1470| [65857] SLES10: Security update for vsftpd
1471| [65225] SLES9: Security update for vsftpd
1472|
1473| SecurityTracker - https://www.securitytracker.com:
1474| [1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
1475| [1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service
1476| [1020079] vsftpd Memory Leak in 'deny_file' Option Lets Remote Authenticated Users Deny Service
1477| [1008628] vsftpd Discloses Whether Usernames are Valid or Not
1478|
1479| OSVDB - http://www.osvdb.org:
1480| [73573] vsftpd on vsftpd.beasts.org Trojaned Distribution
1481| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
1482| [61362] Vsftpd Webmin Module Unspecified Issues
1483| [46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
1484| [45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS
1485| [36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation
1486| [28610] vsftpd SIGURG Handler Unspecified Issue
1487| [28609] vsftpd tunable_chroot_local_user Filesystem Root Access
1488| [6861] vsftpd Login Error Message Username Enumeration
1489| [6306] vsftpd Connection Handling DoS
1490| [4564] vsftpd on Red Hat Linux Restricted Access Failure
1491|_
149225/tcp closed smtp
149380/tcp open http-proxy Apache Traffic Server
1494|_http-server-header: ATS
1495| vulscan: VulDB - https://vuldb.com:
1496| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1497| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1498| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1499| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1500| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1501| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1502| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1503| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1504| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1505| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1506| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1507| [99930] Apache Traffic Server up to 6.2.0 denial of service
1508| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
1509| [73593] Apache Traffic Server up to 5.1.0 denial of service
1510| [70701] Apache Traffic Server up to 3.3.5 denial of service
1511| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
1512| [54693] Apache Traffic Server DNS Cache unknown vulnerability
1513| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1514| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1515| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1516| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1517| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1518| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1519| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1520| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1521| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1522| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1523| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1524| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1525| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1526| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1527| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1528| [136204] Munica Web Server 1.14 Communication HTTP Traffic unknown vulnerability
1529| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1530| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1531| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1532| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1533| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1534| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1535| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1536| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1537| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1538| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1539| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1540| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1541| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1542| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1543| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1544| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1545| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1546| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1547| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1548| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1549| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1550| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1551| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1552| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1553| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1554| [117115] Apache Tika up to 1.17 tika-server command injection
1555| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1556| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1557| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1558| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1559| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1560| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1561| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1562| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1563| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1564| [112857] F5 BIG-IP Virtual Server up to 11.6.2/12.1.3/13.0.0 Traffic Management Microkernel denial of service
1565| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1566| [110985] F5 BIG-IP Virtual Server up to 12.0.x/12.1.2/13.0.0 Traffic Management Microkernel denial of service
1567| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1568| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1569| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1570| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1571| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1572| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1573| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1574| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
1575| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
1576| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
1577| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
1578| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
1579| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
1580| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
1581| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
1582| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
1583| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
1584| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
1585| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
1586| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
1587| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
1588| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
1589| [94540] Apache Tika 1.9 tika-server File information disclosure
1590| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
1591| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
1592| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
1593| [87765] Apache James Server 2.3.2 Command privilege escalation
1594| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
1595| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
1596| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
1597| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
1598| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
1599| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
1600| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
1601| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
1602| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
1603| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
1604| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
1605| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
1606| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
1607| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
1608| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
1609| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
1610| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
1611| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
1612| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
1613| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
1614| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
1615| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
1616| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
1617| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
1618| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
1619| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
1620| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
1621| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
1622| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
1623| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
1624| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
1625| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
1626| [6301] Apache HTTP Server mod_pagespeed cross site scripting
1627| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
1628| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
1629| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
1630| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
1631| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
1632| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
1633| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
1634| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
1635| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
1636| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
1637| [4355] Apache HTTP Server APR apr_fnmatch denial of service
1638| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
1639| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
1640| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
1641| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
1642| [51757] Apache HTTP Server 2.0.44 cross site scripting
1643| [51756] Apache HTTP Server 2.0.44 spoofing
1644| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
1645| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
1646| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
1647| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
1648| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
1649| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
1650| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
1651| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
1652| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
1653| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
1654| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
1655| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
1656| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
1657| [40221] Apache HTTP Server 2.2.6 information disclosure
1658| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
1659| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
1660| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
1661| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
1662| [34252] Apache HTTP Server denial of service
1663| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
1664|
1665| MITRE CVE - https://cve.mitre.org:
1666| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
1667| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
1668| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
1669| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
1670| [CVE-2013-2961] The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
1671| [CVE-2013-2870] Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
1672| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
1673| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
1674| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
1675| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
1676| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
1677| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
1678| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
1679| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
1680| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
1681| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
1682| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
1683| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
1684| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
1685| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
1686| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
1687| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
1688| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
1689| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
1690| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
1691| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
1692| [CVE-2012-5770] The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.
1693| [CVE-2012-4698] Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
1694| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
1695| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
1696| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
1697| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
1698| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
1699| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
1700| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1701| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
1702| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
1703| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
1704| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
1705| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
1706| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
1707| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
1708| [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.
1709| [CVE-2012-1466] The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.
1710| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
1711| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
1712| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
1713| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
1714| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
1715| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
1716| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
1717| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
1718| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
1719| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
1720| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
1721| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
1722| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
1723| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
1724| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
1725| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
1726| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
1727| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
1728| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
1729| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
1730| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
1731| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
1732| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
1733| [CVE-2011-1919] Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
1734| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
1735| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
1736| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
1737| [CVE-2011-1499] acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
1738| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
1739| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
1740| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
1741| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
1742| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
1743| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
1744| [CVE-2011-0190] Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.
1745| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
1746| [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
1747| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
1748| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
1749| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
1750| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
1751| [CVE-2010-2811] Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.
1752| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
1753| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
1754| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
1755| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
1756| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
1757| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
1758| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
1759| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
1760| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
1761| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
1762| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
1763| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
1764| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
1765| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
1766| [CVE-2010-0039] The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
1767| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
1768| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
1769| [CVE-2009-5101] Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
1770| [CVE-2009-5038] Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.
1771| [CVE-2009-4455] The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
1772| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
1773| [CVE-2009-4295] Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
1774| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
1775| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
1776| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
1777| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
1778| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
1779| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
1780| [CVE-2009-3000] The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
1781| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
1782| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
1783| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
1784| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
1785| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
1786| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
1787| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
1788| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
1789| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
1790| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
1791| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
1792| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
1793| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
1794| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
1795| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
1796| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
1797| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
1798| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
1799| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
1800| [CVE-2008-5411] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
1801| [CVE-2008-4404] The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
1802| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
1803| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
1804| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
1805| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
1806| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
1807| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
1808| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
1809| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
1810| [CVE-2008-1027] Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
1811| [CVE-2008-0536] Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
1812| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
1813| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
1814| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
1815| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
1816| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
1817| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
1818| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
1819| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
1820| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
1821| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
1822| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1823| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
1824| [CVE-2007-6360] Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.
1825| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
1826| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
1827| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
1828| [CVE-2007-5419] The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
1829| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
1830| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
1831| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
1832| [CVE-2007-4473] Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
1833| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
1834| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
1835| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
1836| [CVE-2007-3165] Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
1837| [CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic)
1838| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
1839| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
1840| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
1841| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
1842| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
1843| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
1844| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
1845| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
1846| [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
1847| [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
1848| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
1849| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
1850| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
1851| [CVE-2007-0966] Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.
1852| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
1853| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
1854| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
1855| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
1856| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
1857| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
1858| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
1859| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
1860| [CVE-2006-6947] The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
1861| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
1862| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
1863| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
1864| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
1865| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
1866| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
1867| [CVE-2006-5746] The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
1868| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
1869| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
1870| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
1871| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
1872| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
1873| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
1874| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
1875| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
1876| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
1877| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
1878| [CVE-2006-2703] The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
1879| [CVE-2006-2462] BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
1880| [CVE-2006-2461] BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
1881| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
1882| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
1883| [CVE-2006-0997] The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
1884| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
1885| [CVE-2006-0987] The default configuration of ISC BIND, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
1886| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
1887| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
1888| [CVE-2005-4813] Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.
1889| [CVE-2005-4766] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
1890| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
1891| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
1892| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
1893| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
1894| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
1895| [CVE-2004-2762] The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
1896| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
1897| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
1898| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
1899| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
1900| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
1901| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
1902| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
1903| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
1904| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
1905| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
1906| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
1907| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
1908| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
1909| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
1910| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
1911| [CVE-2003-0292] Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
1912| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
1913| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
1914| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
1915| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
1916| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
1917| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
1918| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
1919| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
1920| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
1921| [CVE-2002-1169] IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
1922| [CVE-2002-1168] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
1923| [CVE-2002-1167] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
1924| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
1925| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
1926| [CVE-2002-1013] Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
1927| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
1928| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
1929| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
1930| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
1931| [CVE-2002-0452] Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
1932| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
1933| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
1934| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
1935| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
1936| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
1937| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
1938| [CVE-2001-1244] Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
1939| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
1940| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
1941| [CVE-2001-1056] IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
1942| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
1943| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
1944| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
1945| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
1946| [CVE-2000-0406] Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
1947| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
1948| [CVE-1999-1379] DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
1949| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
1950| [CVE-1999-1066] Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.
1951| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
1952| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
1953|
1954| SecurityFocus - https://www.securityfocus.com/bid/:
1955| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
1956| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
1957| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
1958| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
1959| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
1960| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
1961| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
1962| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
1963| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
1964| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
1965| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
1966| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
1967| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
1968| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
1969| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
1970| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
1971| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
1972| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
1973| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
1974| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
1975| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
1976| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
1977| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
1978| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
1979| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
1980| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
1981| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
1982| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
1983| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
1984| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
1985| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
1986| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
1987| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
1988| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
1989| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
1990| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
1991| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
1992| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
1993| [79638] Traffic Server CVE-2014-10022 Denial-Of-Service Vulnerability
1994| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
1995| [76933] Apache James Server Unspecified Command Execution Vulnerability
1996| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
1997| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
1998| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
1999| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
2000| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
2001| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
2002| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
2003| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
2004| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
2005| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
2006| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
2007| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
2008| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
2009| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
2010| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
2011| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
2012| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
2013| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
2014| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
2015| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
2016| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
2017| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
2018| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
2019| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
2020| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
2021| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
2022| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
2023| [52196] NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
2024| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
2025| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
2026| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
2027| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
2028| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
2029| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
2030| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
2031| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
2032| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
2033| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
2034| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
2035| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
2036| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
2037| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
2038| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
2039| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
2040| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
2041| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
2042| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
2043| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
2044| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
2045| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
2046| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
2047| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
2048| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
2049| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
2050| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
2051| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
2052| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
2053| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
2054| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
2055| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
2056| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
2057| [8226] Apache HTTP Server Multiple Vulnerabilities
2058| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
2059| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
2060| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
2061| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
2062| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
2063| [7596] Inktomi Traffic Server Cross-Site Scripting Vulnerability
2064| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
2065| [7255] Apache Web Server File Descriptor Leakage Vulnerability
2066| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
2067| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
2068| [6939] Apache Web Server ETag Header Information Disclosure Weakness
2069| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
2070| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
2071| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
2072| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
2073| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
2074| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
2075| [5098] Inktomi Traffic Server Traffic_Manager Path Argument Buffer Overflow Vulnerability
2076| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
2077| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
2078| [3169] Apache Server Address Disclosure Vulnerability
2079| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
2080| [2216] Apache Web Server DoS Vulnerability
2081| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
2082| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
2083| [983] Nameserver Traffic Amplification and NS Route Discovery Vulnerability
2084|
2085| IBM X-Force - https://exchange.xforce.ibmcloud.com:
2086| [74313] Apache Traffic Server header buffer overflow
2087| [61721] Apache Traffic Server cache poisoning
2088| [85871] Apache HTTP Server mod_session_dbd unspecified
2089| [85574] Apache HTTP Server mod_dav denial of service
2090| [84111] Apache HTTP Server command execution
2091| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
2092| [82360] Apache HTTP Server manager interface cross-site scripting
2093| [82359] Apache HTTP Server hostnames cross-site scripting
2094| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
2095| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
2096| [77046] Oracle Solaris Apache HTTP Server information disclosure
2097| [75983] MapServer for Windows Apache file include
2098| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
2099| [74181] Apache HTTP Server mod_fcgid module denial of service
2100| [73531] NetDecision Traffic Grapher Server .nd file source code disclosure
2101| [72758] Apache HTTP Server httpOnly information disclosure
2102| [72757] Apache HTTP Server MPM denial of service
2103| [72377] Apache HTTP Server scoreboard security bypass
2104| [72345] Apache HTTP Server HTTP request denial of service
2105| [71617] Apache HTTP Server mod_proxy module information disclosure
2106| [71445] Apache HTTP Server mod_proxy security bypass
2107| [71181] Apache HTTP Server ap_pregsub() denial of service
2108| [71093] Apache HTTP Server ap_pregsub() buffer overflow
2109| [70336] Apache HTTP Server mod_proxy information disclosure
2110| [69804] Apache HTTP Server mod_proxy_ajp denial of service
2111| [69396] Apache HTTP Server ByteRange filter denial of service
2112| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
2113| [64773] Oracle HTTP Server Apache Plugin unauthorized access
2114| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
2115| [58046] Apache HTTP Server mod_auth_shadow security bypass
2116| [56653] Apache HTTP Server DNS spoofing
2117| [56652] Apache HTTP Server DNS cross-site scripting
2118| [56625] Apache HTTP Server request header information disclosure
2119| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
2120| [56623] Apache HTTP Server mod_proxy_ajp denial of service
2121| [53666] Apache HTTP Server Solaris pollset support denial of service
2122| [53650] Apache HTTP Server HTTP basic-auth module security bypass
2123| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
2124| [51273] Apache HTTP Server Incomplete Request denial of service
2125| [50884] Apache HTTP Server XML ENTITY denial of service
2126| [50808] Apache HTTP Server AllowOverride privilege escalation
2127| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
2128| [47086] Apache HTTP Server OS fingerprinting unspecified
2129| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
2130| [43885] Oracle WebLogic Server Apache Connector buffer overflow
2131| [42987] Apache HTTP Server mod_proxy module denial of service
2132| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
2133| [39867] Apache HTTP Server mod_negotiation cross-site scripting
2134| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
2135| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
2136| [39608] Apache HTTP Server balancer manager cross-site request forgery
2137| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
2138| [39472] Apache HTTP Server mod_status cross-site scripting
2139| [39158] Apache HTTP Server Windows SMB shares information disclosure
2140| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
2141| [38800] Apache HTTP Server 413 error page cross-site scripting
2142| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
2143| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
2144| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
2145| [36586] Apache HTTP Server UTF-7 cross-site scripting
2146| [36354] Apache HTTP Server mod_proxy module denial of service
2147| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
2148| [35384] Apache HTTP Server mod_cache module denial of service
2149| [35097] Apache HTTP Server mod_status module cross-site scripting
2150| [35095] Apache HTTP Server Prefork MPM module denial of service
2151| [34984] Apache HTTP Server recall_headers information disclosure
2152| [34966] Apache HTTP Server MPM content spoofing
2153| [34965] Apache HTTP Server MPM information disclosure
2154| [34963] Apache HTTP Server MPM multiple denial of service
2155| [33584] Apache HTTP Server suEXEC privilege escalation
2156| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
2157| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
2158| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
2159| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
2160| [28357] Apache HTTP Server mod_alias script source information disclosure
2161| [26786] Apache James SMTP server denial of service
2162| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
2163| [22006] Apache HTTP Server byte-range filter denial of service
2164| [21195] Apache HTTP Server header HTTP request smuggling
2165| [20383] Apache HTTP Server htdigest buffer overflow
2166| [18993] Apache HTTP server check_forensic symlink attack
2167| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
2168| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
2169| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
2170| [17961] Apache Web server ServerTokens has not been set
2171| [17930] Apache HTTP Server HTTP GET request denial of service
2172| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
2173| [17473] Apache HTTP Server Satisfy directive allows access to resources
2174| [17384] Apache HTTP Server environment variable configuration file buffer overflow
2175| [17382] Apache HTTP Server IPv6 apr_util denial of service
2176| [17366] Apache HTTP Server mod_dav module LOCK denial of service
2177| [17273] Apache HTTP Server speculative mode denial of service
2178| [17200] Apache HTTP Server mod_ssl denial of service
2179| [16890] Apache HTTP Server server-info request has been detected
2180| [16889] Apache HTTP Server server-status request has been detected
2181| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
2182| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
2183| [16230] Apache HTTP Server PHP denial of service
2184| [15958] Apache HTTP Server authentication modules memory corruption
2185| [15547] Apache HTTP Server mod_disk_cache local information disclosure
2186| [15540] Apache HTTP Server socket starvation denial of service
2187| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
2188| [15422] Apache HTTP Server mod_access information disclosure
2189| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
2190| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
2191| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
2192| [14125] Apache HTTP Server mod_userdir module information disclosure
2193| [14075] Apache HTTP Server mod_php file descriptor leak
2194| [13703] Apache HTTP Server account
2195| [13689] Apache HTTP Server configuration allows symlinks
2196| [13688] Apache HTTP Server configuration allows SSI
2197| [13687] Apache HTTP Server Server: header value
2198| [13685] Apache HTTP Server ServerTokens value
2199| [13684] Apache HTTP Server ServerSignature value
2200| [13672] Apache HTTP Server config allows directory autoindexing
2201| [13671] Apache HTTP Server default content
2202| [13670] Apache HTTP Server config file directive references outside content root
2203| [13668] Apache HTTP Server httpd not running in chroot environment
2204| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
2205| [13664] Apache HTTP Server config file contains ScriptAlias entry
2206| [13663] Apache HTTP Server CGI support modules loaded
2207| [13661] Apache HTTP Server config file contains AddHandler entry
2208| [13660] Apache HTTP Server 500 error page not CGI script
2209| [13659] Apache HTTP Server 413 error page not CGI script
2210| [13658] Apache HTTP Server 403 error page not CGI script
2211| [13657] Apache HTTP Server 401 error page not CGI script
2212| [13552] Apache HTTP Server mod_cgid module information disclosure
2213| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
2214| [12681] Apache HTTP Server mod_proxy could allow mail relaying
2215| [12662] Apache HTTP Server rotatelogs denial of service
2216| [12553] Apache HTTP Server redirects and subrequests denial of service
2217| [12552] Apache HTTP Server FTP proxy server denial of service
2218| [12551] Apache HTTP Server prefork MPM denial of service
2219| [12550] Apache HTTP Server weaker than expected encryption
2220| [12549] Apache HTTP Server type-map file denial of service
2221| [12091] Apache HTTP Server apr_password_validate denial of service
2222| [12090] Apache HTTP Server apr_psprintf code execution
2223| [12021] Inktomi Traffic Server cross-site scripting
2224| [11804] Apache HTTP Server mod_access_referer denial of service
2225| [11750] Apache HTTP Server could leak sensitive file descriptors
2226| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
2227| [11695] Apache HTTP Server LF (Line Feed) denial of service
2228| [11694] Apache HTTP Server filestat.c denial of service
2229| [11438] Apache HTTP Server MIME message boundaries information disclosure
2230| [11412] Apache HTTP Server error log terminal escape sequence injection
2231| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
2232| [11126] Apache HTTP Server illegal character file disclosure
2233| [11125] Apache HTTP Server DOS device name HTTP POST code execution
2234| [11124] Apache HTTP Server DOS device name denial of service
2235| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
2236| [10938] Apache HTTP Server printenv test CGI cross-site scripting
2237| [10499] Apache HTTP Server WebDAV HTTP POST view source
2238| [10457] Apache HTTP Server mod_ssl "
2239| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
2240| [10414] Apache HTTP Server htdigest multiple buffer overflows
2241| [10413] Apache HTTP Server htdigest temporary file race condition
2242| [10412] Apache HTTP Server htpasswd temporary file race condition
2243| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
2244| [10280] Apache HTTP Server shared memory scorecard overwrite
2245| [10241] Apache HTTP Server Host: header cross-site scripting
2246| [10208] Apache HTTP Server mod_dav denial of service
2247| [10200] Apache HTTP Server stderr denial of service
2248| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
2249| [9875] Apache HTTP Server .var file request could disclose installation path
2250| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
2251| [9623] Apache HTTP Server ap_log_rerror() path disclosure
2252| [9465] Inktomi Traffic Server software -path traffic_manager buffer overflow
2253| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
2254| [9249] Apache HTTP Server chunked encoding heap buffer overflow
2255| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
2256| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
2257| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
2258| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
2259| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
2260| [8400] Apache HTTP Server mod_frontpage buffer overflows
2261| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
2262| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
2263| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
2264| [7836] Apache HTTP Server log directory denial of service
2265| [7419] Apache Web Server could allow remote attackers to overwrite .log files
2266| [7363] Apache Web Server hidden HTTP requests
2267| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
2268| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
2269| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
2270| [6527] Apache Web Server for Windows and OS2 denial of service
2271| [5659] Apache Web server discloses files when used with php script
2272| [5197] Apache Web server reveals CGI script source code
2273| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
2274| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
2275| [697] Apache HTTP server beck exploit
2276|
2277| Exploit-DB - https://www.exploit-db.com:
2278| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
2279| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
2280| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
2281| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
2282| [22601] Inktomi Traffic Server 4.0/5.x Cross-Site Scripting Vulnerability
2283| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
2284| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
2285| [21580] Inktomi Traffic Server 4/5 Traffic_Manager Path Argument Buffer Overflow
2286| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
2287| [20558] Apache 1.2 Web Server DoS Vulnerability
2288| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
2289| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
2290| [18542] Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability
2291| [18221] Apache HTTP Server Denial of Service
2292| [9] Apache HTTP Server 2.x Memory Leak Exploit
2293| [31139] Larson Network Print Server 9.4.2 build 105 (LstNPS) Logging Function USEP Command Remote Format String
2294| [31138] Larson Network Print Server 9.4.2 build 105 (LstNPS) NPSpcSVR.exe License Command Remote Overflow
2295| [31132] Group Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 Multiple Vulnerabilities
2296| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
2297| [31117] WS_FTP Server 6 /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
2298| [31105] Titan FTP Server 6.05 build 550 DELE Command Remote Buffer Overflow Vulnerability
2299| [31100] Anon Proxy Server 0.100/0.102 Remote Authentication Buffer Overflow Vulnerability
2300| [31056] HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities
2301| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
2302| [31039] BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
2303| [31014] haneWIN DNS Server 1.5.3 - Denial of Service
2304| [31001] IceWarp Mail Server 9.1.1 'admin/index.html' Cross-Site Scripting Vulnerability
2305| [30991] Pragma TelnetServer 7.0.4.589 NULL-Pointer Dereference Denial of Service Vulnerability
2306| [30990] Foxit WAC Server 2.0 Build 3503 Denial of Service Vulnerability
2307| [30971] Georgia SoftWorks Secure Shell Server 7.1.3 Multiple Remote Code Execution Vulnerabilities
2308| [30885] QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities
2309| [30856] Easy File Sharing Web Server 1.3x Directory Traversal and Multiple Information Disclosure Vulnerabilities
2310| [30850] HFS HTTP File Server 2.2/2.3 Arbitrary File Upload Vulnerability
2311| [30809] Sentinel Protection Server 7.x/Keys Server 1.0.3 Directory Traversal Vulnerability
2312| [30776] LIVE555 Media Server 2007.11.1 ParseRTSPRequestString Remote Denial Of Service Vulnerability
2313| [30768] IBM WebSphere Application Server 5.1.1 WebContainer HTTP Request Header Security Weakness
2314| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
2315| [30733] phpMyAdmin <= 2.11.1 Server_Status.PHP Cross-Site Scripting Vulnerability
2316| [30708] Aleris Web Publishing Server 3.0 Page.ASP SQL Injection Vulnerability
2317| [30644] Dawn of Time 1.69 MUD Server Multiple Format String Vulnerabilities
2318| [30587] Axis Communications 207W Network Camera Web Interface admin/restartMessage.shtml server Parameter CSRF
2319| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
2320| [30542] EnterpriseDB Advanced Server 8.2 Uninitialized Pointer Vulnerability
2321| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
2322| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
2323| [30472] Zimbra Collaboration Server - LFI
2324| [30373] Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)
2325| [30299] ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
2326| [30298] contentserver 5.6.2929 errors/transaction.asp msg Parameter XSS
2327| [30297] contentserver 5.6.2929 errors/rights.asp msg Parameter XSS
2328| [30296] ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
2329| [30279] SAP Internet Graphics Server <= 7.0 PARAMS Cross Site Scripting Vulnerability
2330| [30278] SAP DB 7.x Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities
2331| [30265] SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability
2332| [30264] Fujitsu ServerView <= 4.50.8 DBASCIIAccess Remote Command Execution Vulnerability
2333| [30259] Claroline <= 1.8.3 $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities
2334| [30256] Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability
2335| [30252] Conti FTP Server 1.0 Large String Denial of Service Vulnerability
2336| [30233] LiteWEB Web Server 2.7 Invalid Page Remote Denial of Service Vulnerability
2337| [30231] Key Focus Web Server 3.1 Index.WKF Cross-Site Scripting Vulnerability
2338| [30224] Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
2339| [30222] MyServer 0.9.8 Post.MSCGI Cross-Site Scripting Vulnerability
2340| [30219] MyServer 0.8.9 Filename Parse Error Information Disclosure Vulnerability
2341| [30218] BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability
2342| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
2343| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
2344| [30186] Firebird SQL Fbserver 2.0 - Remote Buffer Overflow Vulnerability
2345| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
2346| [30051] PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability
2347| [30026] TFTP Server TFTPDWin 0.4.2 Unspecified Directory Traversal Vulnerability
2348| [30025] TeamSpeak Server 2.0.23 Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
2349| [30019] CA Multiple Products Console Server and InoCore.dll Remote Code Execution Vulnerabilities
2350| [30009] ABB MicroSCADA wserver.exe - Remote Code Execution
2351| [29964] Trend Micro ServerProtect 5.58 SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
2352| [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability
2353| [29939] X.Org X Window System Xserver 1.3 XRender Extension Divide by Zero Denial of Service Vulnerability
2354| [29932] Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities
2355| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
2356| [29859] Apache Roller OGNL Injection
2357| [29803] Static Http Server 1.0 - Denial of Service (DoS) Exploit
2358| [29787] HP Jetdirect FTP Print Server RERT Command Denial of Service Vulnerability
2359| [29716] Silc Server 1.0.2 New Channel Remote Denial of Service Vulnerability
2360| [29706] DeepOfix SMTP Server 3.3 - Authentication Bypass
2361| [29699] Novell Access Management SSLVPN Server Security Bypass Vulnerability
2362| [29626] phpTrafficA 1.4.1 banref.php lang Parameter Traversal Local File Inclusion
2363| [29625] phpTrafficA 1.4.1 plotStat.php file Parameter Traversal Local File Inclusion
2364| [29597] Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
2365| [29575] Plain Old Webserver 0.0.7/0.0.8 Firefox Extension Directory Traversal Vulnerability
2366| [29503] KarjaSoft Sami HTTP Server 1.0.4/1.0.5/2.0.1 Request Remote Denial of Service Vulnerability
2367| [29439] iPlanet Web Server 4.1 Search Module Cross-Site Scripting Vulnerability
2368| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
2369| [29400] Novell Access Manager 3 Identity Server IssueInstant Parameter Cross-Site Scripting Vulnerability
2370| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
2371| [29297] HP Printer FTP Print Server 2.4.5 List Command Buffer Overflow Vulnerability
2372| [29290] Apache / PHP 5.x Remote Code Execution Exploit
2373| [29230] Citrix Presentation Server Client 9.200 WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
2374| [29045] Selenium Web Server 1.0 XSS
2375| [29039] Kerio MailServer 5.x/6.x Remote LDAP Denial of Service Vulnerability
2376| [29036] Teamtek Universal FTP Server Multiple Commands Remote Denial of Service Vulnerabilities
2377| [28890] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
2378| [28860] FtpXQ Server 3.01 MKD Command Remote Overflow DoS
2379| [28766] Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (2)
2380| [28765] Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (1)
2381| [28725] SAP Internet Transaction Server 6.10/6.20 Cross-Site Scripting Vulnerability
2382| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
2383| [28686] My-BIC 0.6.5 - Mybic_Server.PHP Remote File Include Vulnerability
2384| [28666] Call of Duty Server 4.1.x Callvote Map Command Remote Buffer Overflow Vulnerability
2385| [28640] CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure
2386| [28602] OSU HTTP Server 3.10/3.11 Multiple Information Disclosure Vulnerabilities
2387| [28513] Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service Vulnerability
2388| [28512] paul smith computer services vcap calendar server 1.9 - Directory Traversal vulnerability
2389| [28489] Easy Address Book Web Server 1.2 - Remote Format String Vulnerability
2390| [28463] SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow
2391| [28450] FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
2392| [28419] DieselScripts Smart Traffic Index.PHP Remote File Include Vulnerability
2393| [28374] IPCheck Server Monitor 5.x Directory Traversal Vulnerability
2394| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
2395| [28338] Vino VNC Server 3.7.3 - Persistent Denial of Service
2396| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
2397| [28234] MySQL 4.x/5.x Server Date_Format Denial of Service Vulnerability
2398| [28229] VisNetic Mail Server 8.3.5 - Multiple File Include Vulnerabilities
2399| [28100] BlueDragon Server 6.2.1 .CFM Files Denial of Service Vulnerability
2400| [28026] MySQL Server 4/5 Str_To_Date Remote Denial of Service Vulnerability
2401| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
2402| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
2403| [27887] SAP Web Application Server 6.x/7.0 Input Validation Vulnerability
2404| [27877] Oracle Endeca Server Remote Command Execution
2405| [27799] Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities
2406| [27793] Collaborative Portal Server 3.4 POS Parameter Cross-Site Scripting Vulnerability
2407| [27723] Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability
2408| [27704] Cogent DataHub HTTP Server Buffer Overflow
2409| [27637] Adobe Document Server 6.0 Extensions AlterCast op Parameter XSS
2410| [27636] Adobe Document Server 6.0 Extensions ads-readerext actionID Parameter XSS
2411| [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
2412| [27554] MinaliC Webserver 2.0.0 - Buffer Overflow (Egghunter)
2413| [27523] Sami FTP Server 2.0.1 - MKD Buffer Overflow ASLR Bypass (SEH)
2414| [27499] CONTROLzx HMS 3.3.4 server_management.php plan_id Parameter XSS
2415| [27418] Firebird 1.5 - Local Inet_Server Buffer Overflow Vulnerability
2416| [27401] Open&Compact FTP Server 1.2 (Gabriel's FTP Server) - Auth Bypass & Directory Traversal SAM Retrieval Exploit
2417| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
2418| [27378] Easy File Sharing Web Server 3.2 Full Path Request Arbitrary File Upload
2419| [27377] Easy File Sharing Web Server 3.2 Format String DoS
2420| [27329] Alt-N MDaemon 8.1.1 IMAP Server Remote Format String Vulnerability
2421| [27212] Isode M-Vault Server 11.3 LDAP Memory Corruption Vulnerability
2422| [27196] IBM Tivoli Directory Server 6.0 Unspecified LDAP Memory Corruption Vulnerability
2423| [27186] HiveMail 1.2.2/1.3 index.php $_SERVER['PHP_SELF'] XSS
2424| [27171] Sun ONE Directory Server 5.2 - Remote Denial of Service Vulnerability
2425| [27144] Communigate Pro 5.0.6 Server LDAP Denial of Service Vulnerability
2426| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
2427| [27108] Dual DHCP DNS Server 1.0 DHCP Options Remote Buffer Overflow Vulnerability
2428| [27096] Apache Geronimo 1.0 Error Page XSS
2429| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
2430| [27042] Photo Server 2.0 iOS - Multiple Vulnerabilities
2431| [27011] Sybase EAServer 6.3.1 - Multiple Vulnerabilities
2432| [27007] PCMan FTP Server 2.0.7 - Remote Exploit (msf)
2433| [26986] PaperThin CommonSpot Content Server 4.5 Cross-Site Scripting Vulnerability
2434| [26972] oracle application server discussion forum portlet Multiple Vulnerabilities
2435| [26967] httprint 202.0 HTTP Response Server Field Overflow DoS
2436| [26966] httprint 202.0 HTTP Response Server Field Arbitrary Script Injection
2437| [26914] Extensis Portfolio Netpublish Server 7.0 Server.NP Directory Traversal Vulnerability
2438| [26902] Miraserver 1.0 RC4 article.php cat Parameter SQL Injection
2439| [26901] Miraserver 1.0 RC4 newsitem.php id Parameter SQL Injection
2440| [26900] Miraserver 1.0 RC4 index.php page Parameter SQL Injection
2441| [26836] Limbo CMS 1.0.4 .2 index.php _SERVER[REMOTE_ADDR] Parameter XSS
2442| [26776] Sights 'N Sounds Streaming Media Server 2.0.3 SWS.EXE Buffer Overflow Vulnerability
2443| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
2444| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
2445| [26536] qualcomm worldmail server 3.0 - Directory Traversal vulnerability
2446| [26520] Static HTTP Server 1.0 - SEH Overflow
2447| [26495] PCMan's FTP Server 2.0 - Remote Buffer Overflow Exploit
2448| [26488] SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability
2449| [26487] SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS
2450| [26486] SAP Web Application Server 6.x/7.0 Error Page XSS
2451| [26471] PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit
2452| [26460] Asus VideoSecurity Online 3.5 Web Server Authentication Buffer Overflow Vulnerability
2453| [26450] Baby FTP Server 1.24 - Denial of Service
2454| [26401] TRENDnet TE100-P1U Print Server Firmware 4.11 Authentication Bypass Vulnerability
2455| [26393] phpMyAdmin 2.x server_databases.php XSS
2456| [26376] Xerver 4.17 Server URI Null Character XSS
2457| [26318] TP-Link Print Server TL PS110U - Sensitive Information Enumeration
2458| [26313] Merak Mail Server 8.2.4 r Arbitrary File Deletion Vulnerability
2459| [26255] Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload Vulnerability
2460| [26210] bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities
2461| [26152] Apple Mac OS X 10.4 Weblog Server Cross-Site Scripting Vulnerabilities
2462| [26137] Syslog Server 1.2.3 - Crash PoC
2463| [26133] Sami FTP Server 2.0.1 - RETR Denial of Service
2464| [26100] Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities
2465| [26073] Resin Application Server 4.0.36 Source Code Disclosure Vulnerability
2466| [26071] NetworkActiv Web Server 1.0/2.0/3.0/3.5 Cross-Site Scripting Vulnerability
2467| [26024] sap internet graphics server 6.40 - Directory Traversal vulnerability
2468| [26010] Quick TFTP Server 2.2 - Denial of Service
2469| [26006] Oracle Reports Server 6.0.8/9.0.x Unauthorized Report Execution Vulnerability
2470| [26005] Alt-N MDaemon 8.0 IMAP Server CREATE Remote Buffer Overflow Vulnerability
2471| [26004] Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities
2472| [26003] Oracle Reports Server 6.0.8/9.0.x Arbitrary File Disclosure Vulnerability
2473| [26002] Oracle Reports Server 6.0.8/9.0.x XML File Disclosure Vulnerability
2474| [25988] Oracle9i Application Server 9.0.2 MOD_ORADAV Access Control Vulnerability
2475| [25986] Plesk Apache Zeroday Remote Exploit
2476| [25980] Apache Struts includeParams Remote Code Execution
2477| [25976] DS3 Authentication Server - Multiple Vulnerabilities
2478| [25974] Mac OSX Server DirectoryService Buffer Overflow
2479| [25961] SoftiaCom WMailserver 1.0 - Local Information Disclosure Vulnerability
2480| [25936] PlanetDNS PlanetFileServer Remote Buffer Overflow Vulnerability
2481| [25932] EasyPHPCalendar 6.1.5/6.2.x setupSQL.php serverPath Parameter Remote File Inclusion
2482| [25931] EasyPHPCalendar 6.1.5/6.2.x datePicker.php serverPath Parameter Remote File Inclusion
2483| [25930] EasyPHPCalendar 6.1.5/6.2.x header.inc.php serverPath Parameter Remote File Inclusion
2484| [25929] EasyPHPCalendar 6.1.5/6.2.x popup.php serverPath Parameter Remote File Inclusion
2485| [25928] EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion
2486| [25910] Community Server Forums 'SearchResults.aspx' Cross-Site Scripting Vulnerability
2487| [25851] Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow
2488| [25836] Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
2489| [25787] LiteWeb Server 2.5 Authentication Bypass Vulnerability
2490| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
2491| [25755] serverscheck 5.9/5.10 - Directory Traversal vulnerability
2492| [25708] Clever's Games Terminator 3: War of the Machines 1.16 Server Buffer Overflow Vulnerability
2493| [25699] Gearbox Software Halo Game Server 1.06/1.07 Infinite Loop Denial of Service Vulnerability
2494| [25696] Sambar Server 5.x/6.0/6.1 Server Referer XSS
2495| [25695] Sambar Server 5.x/6.0/6.1 logout RCredirect XSS
2496| [25694] Sambar Server 5.x/6.0/6.1 results.stm indexname XSS
2497| [25680] War Times Remote Game Server Denial of Service Vulnerability
2498| [25646] MyServer 0.8 Cross-Site Scripting Vulnerability
2499| [25631] Orenosv HTTP/FTP Server 0.8.1 CGISSI.EXE Remote Buffer Overflow Vulnerability
2500| [25629] Orenosv HTTP/FTP Server 0.8.1 FTP Commands Remote Buffer Overflow Vulnerability
2501| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
2502| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
2503| [25584] Mtp-Target Server 1.2.2 Memory Corruption Vulnerability
2504| [25573] Video Cam Server 1.0 Administrative Interface Authentication Bypass Vulnerability
2505| [25572] Video Cam Server 1.0 Path Disclosure Vulnerability
2506| [25571] video cam server 1.0 - Directory Traversal vulnerability
2507| [25563] Oracle Application Server 9i Webcache PartialPageErrorPage Cross-Site Scripting Vulnerability
2508| [25562] Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability
2509| [25561] Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
2510| [25559] Oracle Application Server 9.0 HTTP Service Mod_Access Restriction Bypass Vulnerability
2511| [25546] BEA WebLogic Server 8.1 And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
2512| [25420] IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability
2513| [25418] MiniWeb MiniWeb HTTP Server (build 300) - Crash PoC
2514| [25353] IBM Lotus Domino Server 6.5.1 Web Service Remote Denial of Service Vulnerability
2515| [25335] IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability
2516| [25333] SCO OpenServer 5.0.6/5.0.7 NWPrint Command Line Argument Local Buffer Overflow Vulnerability
2517| [25319] FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability
2518| [25269] Oracle Reports Server 10g Multiple Remote Cross-Site Scripting Vulnerabilities
2519| [25219] Spinworks Application Server 3.0 - Remote Denial of Service Vulnerability
2520| [25218] PlatinumFTPServer 1.0.18 Multiple Malformed User Name Connection Denial of Service Vulnerability
2521| [25207] py software active webcam webserver 4.3/5.5 - Multiple Vulnerabilities
2522| [25171] MercurySteam Scrapland Game Server 1.0 - Remote Denial of Service Vulnerabilities
2523| [25163] CIS WebServer 3.5.13 Remote Directory Traversal Vulnerability
2524| [25152] phpMyAdmin 2.6 select_server.lib.php Multiple Parameter XSS
2525| [25144] sd server 4.0.70 - Directory Traversal vulnerability
2526| [25132] Bontago Game Server 1.1 - Remote Nickname Buffer Overrun Vulnerability
2527| [25082] Linksys PSUS4 PrintServer Malformed HTTP POST Request Denial of Service
2528| [25075] Eternal Lines Web Server 1.0 - Remote Denial of Service Vulnerability
2529| [25065] Magic Winmail Server 4.0 (Build 1112) upload.php Traversal Arbitrary File Upload
2530| [25064] Magic Winmail Server 4.0 (Build 1112) download.php Traversal Arbitrary File Access
2531| [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service
2532| [24964] Oracle WebCenter Sites Satellite Server - HTTP Header Injection
2533| [24958] MinaliC Webserver 2.0.0 - Buffer Overflow
2534| [24952] AT-TFTP Server 2.0 - Stack Based Buffer Overflow DoS
2535| [24950] KNet Web Server 1.04b - Stack Corruption BoF
2536| [24943] BigAnt Server 2.97 - DDNF Username Buffer Overflow
2537| [24940] Sysax Multi Server 6.10 - SSH Denial of Service
2538| [24897] KNet Web Server 1.04b - Buffer Overflow SEH
2539| [24890] ActFax 5.01 RAW Server Buffer Overflow
2540| [24875] Sami FTP Server LIST Command Buffer Overflow
2541| [24874] Apache Struts ParametersInterceptor Remote Code Execution
2542| [24838] Active Server Corner ASP Calendar 1.0 Administrative Access Vulnerability
2543| [24805] MySQL MaxDB 7.5 WAHTTP Server Remote Denial of Service Vulnerability
2544| [24801] KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability
2545| [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability
2546| [24793] JanaServer 2 Multiple Remote Denial of Service Vulnerabilities
2547| [24791] Open-Xchange Server 6 - Multiple Vulnerabilities
2548| [24770] Jabber Server 2.0 - Multiple Remote Buffer Overflow Vulnerabilities
2549| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
2550| [24738] AlShare Software NetNote Server 2.2 - Remote Denial of Service Vulnerability
2551| [24730] 04webserver 1.42 Multiple Vulnerabilities
2552| [24710] id software quake ii server 3.2 - Multiple Vulnerabilities
2553| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
2554| [24684] Yak! Chat Client 2.x FTP Server Directory Traversal Vulnerability
2555| [24668] Jera Technology Flash Messaging Server 5.2 - Remote Denial of Service Vulnerability
2556| [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2)
2557| [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1)
2558| [24624] Alt-N MDaemon 6.5.1 SMTP Server Multiple Command Remote Overflow
2559| [24619] EmuLive Server4 Authentication Bypass And Denial of Service Vulnerabilities
2560| [24600] myserver 0.7 - Directory Traversal vulnerability
2561| [24591] PerlDesk Language Variable Server-Side Script Execution Vulnerability
2562| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
2563| [24586] Gearbox Software Halo Combat Evolved 1.x Game Server Remote Denial of Service Vulnerability
2564| [24573] Keene Digital Media Server 1.0.2 Cross-Site Scripting Vulnerabilities
2565| [24567] Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability
2566| [24557] Sami FTP Server 2.0.1 LIST Command Buffer Overflow
2567| [24528] BigAnt Server DUPF Command Arbitrary File Upload
2568| [24527] BigAnt Server 2 SCH And DUPF Buffer Overflow
2569| [24511] SAP Netweaver Message Server Multiple Vulnerabilities
2570| [24467] ActFax 5.01 RAW Server Exploit
2571| [24423] Cerbere Proxy Server 1.2 Long Host Header Field Remote Denial of Service Vulnerability
2572| [24419] Xedus Web Server 1.0 Traversal Arbitrary File Access
2573| [24418] Xedus Web Server 1.0 testgetrequest.x username Parameter XSS
2574| [24417] Xedus Web Server 1.0 test.x username Parameter XSS
2575| [24416] Ipswitch WS_FTP Server 5.0.x CD Command Malformed File Path Remote Denial of Service Vulnerability
2576| [24414] keene digital media server 1.0.2 - Directory Traversal variant vulnerability
2577| [24412] RealVNC Server 4.0 - Remote Denial of Service Vulnerability
2578| [24402] Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass
2579| [24401] axis network camera 2.x and video server 1-3 - Directory Traversal vulnerability
2580| [24400] Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution
2581| [24390] Mantis 0.19 Remote Server-Side Script Execution Vulnerability
2582| [24388] aGSM 2.35 Half-Life Server Info Response Buffer Overflow Vulnerability
2583| [24383] Gallery 1.4.4 - Remote Server-Side Script Execution Vulnerability
2584| [24382] Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection
2585| [24381] Merak Mail Server 7.4.5 address.html Path Disclosure
2586| [24380] Merak Mail Server 7.4.5 HTML Message Body XSS
2587| [24379] Merak Mail Server 7.4.5 attachment.html attachmentpage_text_error Parameter XSS
2588| [24378] Merak Mail Server 7.4.5 settings.html Multiple Parameter XSS
2589| [24377] Merak Mail Server 7.4.5 address.html Multiple Parameter XSS
2590| [24374] Ipswitch IMail Server 7/8 Weak Password Encryption Weakness
2591| [24359] YaPiG 0.92 Remote Server-Side Script Execution Vulnerability
2592| [24345] IBM Tivoli Directory Server 3.2.2/4.1 LDACGI Directory Traversal Vulnerability
2593| [24337] myServer 0.6.2 math_sum.mscgi Multiple Parameter Remote Overflow
2594| [24336] myServer 0.6.2 math_sum.mscgi Multiple Parameter XSS
2595| [24310] ZoneMinder Video Server packageControl Command Execution
2596| [24305] PSCS VPOP3 2.0 Email Server Remote Denial of Service Vulnerability
2597| [24304] Imatix Xitami 2.5 Server Side Includes Cross-Site Scripting Vulnerability
2598| [24286] Gattaca Server 2003 Cross-Site Scripting Vulnerability
2599| [24285] Gattaca Server 2003 Language Variable Path Exposure
2600| [24284] Gattaca Server 2003 Null Byte Path Disclosure
2601| [24283] Gattaca Server 2003 POP3 DoS
2602| [24282] Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS
2603| [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability
2604| [24268] Code-Crafters Ability Mail Server 1.18 errormsg Parameter XSS
2605| [24253] 12Planet Chat Server 2.9 Cross-Site Scripting Vulnerability
2606| [24252] fastream netfile ftp/web server 6.5/6.7 - Directory Traversal vulnerability
2607| [24248] IBM WebSphere Caching Proxy Server 5.0 2 Denial of Service Vulnerability
2608| [24247] Easy Chat Server 1.x Multiple Denial of Service Vulnerabilities
2609| [24243] IBM Lotus Domino Server 6 - Web Access Remote Denial of Service Vulnerability
2610| [24210] HP-UX 7-11 Local X Font Server Buffer Overflow Vulnerability
2611| [24195] WinAgents TFTP Server 3.0 - Remote Buffer Overrun Vulnerability
2612| [24163] Sambar Server 6.1 beta 2 showini.asp Arbitrary File Access
2613| [24162] Sambar Server 6.1 beta 2 showperf.asp title Parameter XSS
2614| [24161] Sambar Server 6.1 beta 2 show.asp show Parameter XSS
2615| [24150] MollenSoft Lightweight FTP Server 3.6 - Remote Buffer Overflow Vulnerability
2616| [24148] Sun Java System Application Server 7.0/8.0 - Remote Installation Path Disclosure Vulnerability
2617| [24147] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (3)
2618| [24146] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (2)
2619| [24145] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (1)
2620| [24144] MiniShare Server 1.3.2 - Remote Denial of Service Vulnerability
2621| [24142] MollenSoft Lightweight FTP Server 3.6 - Remote Denial of Service Vulnerability
2622| [24122] TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
2623| [24111] Serva 2.0.0 - HTTP Server GET Remote Denial of Service Vulnerability
2624| [24110] Serva 2.0.0 - DNS Server QueryName Remote Denial of Service Vulnerability
2625| [24103] MailEnable Mail Server HTTPMail 1.x Remote Heap Overflow Vulnerability
2626| [24097] MyWeb HTTP Server 3.3 GET Request Buffer Overflow Vulnerability
2627| [24080] Titan FTP Server 3.0 LIST Denial of Service Vulnerability
2628| [24066] DiGi WWW Server 1 Remote Denial of Service Vulnerability
2629| [24029] RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 LIST Parameter Buffer Overflow Vulnerability
2630| [24010] Real Networks Helix Universal Server 9.0.x Denial of Service Vulnerability
2631| [23943] Crackalaka IRC Server 1.0.8 - Remote Denial of Service Vulnerability
2632| [23942] 1st Class Mail Server 4.0 1 list.tagz XSS
2633| [23941] 1st Class Mail Server 4.0 1 advanced.tagz XSS
2634| [23940] 1st Class Mail Server 4.0 1 general.tagz XSS
2635| [23939] 1st Class Mail Server 4.0 1 members.tagz XSS
2636| [23938] 1st Class Mail Server 4.0 1 Index XSS
2637| [23937] 1st Class Mail Server 4.0 1 viewmail.tagz XSS
2638| [23914] Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability
2639| [23913] Floosietek FTGate Mail Server 1.2 index.fts folder Parameter XSS
2640| [23904] Roger Wilco Server 1.4.1 Unauthorized Audio Stream Denial of Service Vulnerability
2641| [23902] Roger Wilco Server 1.4.1 UDP Datagram Handling Denial of Service Vulnerability
2642| [23897] LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
2643| [23886] simple webserver 2.3-rc1 - Directory Traversal
2644| [23877] NexGen FTP Server 1.0/2.x Remote Directory Traversal Vulnerability
2645| [23871] Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability
2646| [23842] WFTPD Server GUI 3.21 Remote Denial of Service Vulnerability
2647| [23839] GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability
2648| [23803] Pegasi Web Server 0.2.2 Error Page XSS
2649| [23802] Pegasi Web Server 0.2.2 Arbitrary File Access
2650| [23799] Epic Games Unreal Tournament Server 436.0 Engine Remote Format String Vulnerability
2651| [23794] PWebServer 0.3.x Remote Directory Traversal Vulnerability
2652| [23787] 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow Vulnerability
2653| [23769] argosoft ftp server 1.0/1.2/1.4 - Multiple Vulnerabilities
2654| [23763] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (4)
2655| [23762] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (3)
2656| [23761] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (2)
2657| [23760] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (1)
2658| [23758] gweb http server 0.5/0.6 - Directory Traversal vulnerability
2659| [23756] Seyeon Technology FlexWATCH Server 2.2 Cross-Site Scripting Vulnerability
2660| [23753] Working Resources BadBlue Server 2.40 phptest.php Path Disclosure Vulnerability
2661| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
2662| [23750] RobotFTP Server 1.0/2.0 - Remote Pre-authenticated Command Denial of Service Vulnerability
2663| [23731] TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service Vulnerability
2664| [23715] TransSoft Broker FTP Server 6.1 - Denial of Service Vulnerabilities
2665| [23714] KarjaSoft Sami HTTP Server 1.0.4 GET Request Buffer Overflow Vulnerability
2666| [23713] Vizer Web Server 1.9.1 - Remote Denial of Service Vulnerability
2667| [23709] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (2)
2668| [23708] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (1)
2669| [23701] XLight FTP Server 1.52 Remote Send File Request Denial of Service Vulnerability
2670| [23693] Sami FTP Server 1.1.3 - Library Crafted GET Request Remote DoS
2671| [23692] Sami FTP Server 1.1.3 Invalid Command Argument Local DoS
2672| [23689] Crob FTP Server 3.5.2 - Remote Denial of Service Vulnerability
2673| [23665] Shaun2k2 Palmhttpd Server 3.0 - Remote Denial of Service Vulnerability
2674| [23664] Sambar Server 6.0 Results.STM Post Request Buffer Overflow Vulnerability
2675| [23661] BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (2)
2676| [23660] BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (1)
2677| [23658] Linux VServer Project 1.2x CHRoot Breakout Vulnerability
2678| [23654] XLight FTP Server 1.x Long Directory Request Remote Denial of Service Vulnerability
2679| [23649] Microsoft SQL Server Database Link Crawling Command Execution
2680| [23648] Web Crossing Web Server 4.0/5.0 Component Remote Denial of Service Vulnerability
2681| [23635] Niti Telecom Caravan Business Server 2.00-03D Remote Directory Traversal Vulnerability
2682| [23633] Crob FTP Server 3.5.1 - Denial of Service Vulnerability
2683| [23632] Crob FTP Server 3.5.1 - Remote Information Disclosure Vulnerability
2684| [23610] IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (2)
2685| [23609] IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (1)
2686| [23603] herberlin bremsserver 1.2.4/3.0 - Directory Traversal vulnerability
2687| [23600] Herberlin BremsServer 1.2.4 Cross-Site Scripting Vulnerability
2688| [23597] borland web server for corel paradox 1.0 b3 - Directory Traversal vulnerability
2689| [23596] TinyServer 1.1 Cross-site scripting
2690| [23595] TinyServer 1.1 - Denial of Service
2691| [23594] tinyserver 1.1 - Directory Traversal
2692| [23593] Oracle HTTP Server 8.1.7/9.0.1/9.2 isqlplus Cross-Site Scripting Vulnerability
2693| [23592] RhinoSoft Serv-U FTP Server 3/4 MDTM Command Stack Overflow Vulnerability (2)
2694| [23591] RhinoSoft Serv-U FTP Server 3/4 MDTM Command Stack Overflow Vulnerability (1)
2695| [23590] Reptile Web Server Reptile Web Server 20020105 Denial of Service Vulnerability
2696| [23589] Novell Netware Enterprise Web Server 5.1/6.0 - Multiple XSS Vulnerabilities
2697| [23588] Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet Information Disclosure
2698| [23587] Novell Netware Enterprise Web Server 5.1/6.0 snoop.jsp Information Disclosure
2699| [23586] Novell Netware Enterprise Web Server 5.1/6.0 env.bas Information Disclosure
2700| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
2701| [23574] FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
2702| [23560] anteco visual technologies ownserver 1.0 - Directory Traversal vulnerability
2703| [23557] aiptek netcam webserver 0.93.15 - Directory Traversal vulnerability
2704| [23556] GetWare Web Server Component Content-Length Value Remote Denial of Service Vulnerability
2705| [23555] GoAhead WebServer 2.1.x Directory Management Policy Bypass Vulnerability
2706| [23551] MetaDot Portal Server 5.6.x userchannel.pl op Parameter XSS
2707| [23550] MetaDot Portal Server 5.6.x index.pl Multiple Parameter XSS
2708| [23549] MetaDot Portal Server 5.6.x index.pl Information Disclosure
2709| [23548] MetaDot Portal Server 5.6.x index.pl Multiple Parameter SQL Injection
2710| [23544] vicomsoft rapidcache server 2.0/2.2.6 - Directory Traversal vulnerability
2711| [23543] Vicomsoft RapidCache Server 2.0/2.2.6 Host Argument Denial of Service Vulnerability
2712| [23539] Mabry Software FTPServer/X 1.0 Controls Format String Vulnerability
2713| [23533] Accipiter DirectServer 6.0 - Remote File Disclosure Vulnerability
2714| [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability
2715| [23530] Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service Vulnerability
2716| [23514] Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server Buffer Overflow Vulnerability
2717| [23506] GoodTech Telnet Server 4.0 - Remote Denial of Service Vulnerability
2718| [23505] Apple MacOS X 10.x SecurityServer Daemon Local Denial of Service Vulnerability
2719| [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3)
2720| [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2)
2721| [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1)
2722| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
2723| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
2724| [23472] Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
2725| [23468] Xlight FTP Server 1.25/1.41 PASS Command Remote Buffer Overflow Vulnerability
2726| [23461] dcam webcam server personal web server 8.2.5 - Directory Traversal vulnerability
2727| [23451] PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability
2728| [23450] PY Software Active Webcam 4.3 Webserver Directory Traversal Vulnerability
2729| [23449] Xerox MicroServer Web Server Remote Directory Traversal Vulnerability
2730| [23446] GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability
2731| [23440] elektropost episerver 3/4 - Multiple Vulnerabilities
2732| [23439] MVDSV 0.165 b/0.171 Quake Server Download Buffer Overrun Vulnerability
2733| [23437] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (3)
2734| [23436] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (2)
2735| [23435] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (1)
2736| [23429] Mambo Open Source 4.0.14 Server SQL Injection Vulnerability
2737| [23428] Mambo 4.5 Server user.php Script Unauthorized Access Vulnerability
2738| [23419] Abyss Web Server 1.0/1.1 Authentication Bypass Vulnerability
2739| [23410] IBM Directory Server 4.1 Web Administration Interface Cross-Site Scripting Vulnerability
2740| [23396] SIRCD Server 0.5.2/0.5.3 Operator Privilege Escalation Vulnerability
2741| [23390] EffectOffice Server 2.6 - Remote Service Buffer Overflow Vulnerability
2742| [23388] Valve Software Half-Life Dedicated Server 3.1/4.1 Information Disclosure/DOS Vulnerability
2743| [23387] netserve web server 1.0.7 - Directory Traversal vulnerability
2744| [23370] ncube server manager 1.0 - Directory Traversal vulnerability
2745| [23366] Epic 1.0.1/1.0.x CTCP Nickname Server Message Buffer Overrun Vulnerability
2746| [23365] telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability
2747| [23362] Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit
2748| [23334] IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability
2749| [23318] Ashley Brown iWeb Server Encoded Backslash Directory Traversal Vulnerability
2750| [23317] Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability
2751| [23310] TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability
2752| [23309] Centrinity FirstClass 7.1 HTTP Server Directory Disclosure Vulnerability
2753| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
2754| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
2755| [23271] PSCS VPOP3 2.0 Email Server WebAdmin Cross-Site Scripting Vulnerability
2756| [23267] Atrium Software Mercur Mailserver 3.3/4.0/4.2 IMAP AUTH Remote Buffer Overflow Vulnerability
2757| [23266] Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability
2758| [23263] Opera 7.11/7.20 HREF Malformed Server Name Heap Corruption Vulnerability
2759| [23258] Oracle Database Server 9.0.x Oracle Binary Local Buffer Overflow Vulnerability
2760| [23257] Bajie HTTP Server 0.95 Example Scripts And Servlets Cross-Site Scripting Vulnerability
2761| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
2762| [23243] Free Float FTP Server USER Command Buffer Overflow
2763| [23242] WinSyslog Interactive Syslog Server 4.21/ long Message Remote Denial of Service Vulnerability
2764| [23234] Centrinity FirstClass 5.50/5.77/7.0/7.1 - HTTP Server Long Version Field Denial of Service Vulnerability
2765| [23226] FreeFloat FTP Server Arbitrary File Upload
2766| [23222] File Sharing Software Easy File Sharing Web Server 1.2 Information Disclosure Vulnerability
2767| [23217] Divine Content Server 5.0 Error Page Cross-Site Scripting Vulnerability
2768| [23197] Mah-Jong 1.4 MJ-Player Server Flag Local Buffer Overflow Vulnerability
2769| [23191] Savant Web Server 3.1 Page Redirect Denial of Service Vulnerability
2770| [23178] Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
2771| [23166] Plug And Play Web Server 1.0 002c FTP Service Command Handler Buffer Overflow Vulnerabilities
2772| [23160] Mambo Site Server 4.0.14 contact.php Unauthorized Mail Relay
2773| [23159] Mambo Site Server 4.0.14 emailarticle.php id Parameter SQL Injection
2774| [23158] Mambo Site Server 4.0.14 banners.php bid Parameter SQL Injection
2775| [23157] Plug and Play Web Server 1.0 002c Directory Traversal Vulnerability
2776| [23146] Alt-N MDaemon Server 2.71 SP1 SMTP HELO Argument Buffer Overflow Vulnerability
2777| [23145] Ipswitch Imail Server 5.0 SMTP HELO Argument Buffer Overflow Vulnerability
2778| [23143] SCO OpenServer 5.0.x 'mana' PATH_INFO Privilege Escalation Vulnerability
2779| [23141] SCO OpenServer 5.0.x 'mana' REMOTE_ADDR Authentication Bypass Vulnerability
2780| [23139] myServer 0.4.x cgi-lib.dll Remote Buffer Overflow Vulnerability
2781| [23136] futurewave webx server 1.1 - Directory Traversal vulnerability
2782| [23123] Roger Wilco 1.4.1 - Remote Server Side Buffer Overrun Vulnerability
2783| [23121] Kukol E.V. HTTP & FTP Server Suite 6.2 File Disclosure Vulnerability
2784| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
2785| [23118] FTP Desktop 3.5 FTP 331 Server Response Buffer Overflow Vulnerability
2786| [23116] Mah-Jong 1.4/1.6 Server Remote Denial of Service Vulnerability
2787| [23115] Mah-Jong 1.4 Client/Server Remote sscanf() Buffer Overflow Vulnerability
2788| [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability
2789| [23100] Ipswitch WS_FTP Server 3.4/4.0 FTP Command Buffer Overrun Vulnerabilities
2790| [23092] FloosieTek FTGatePro 1.22 Mail Server Cross-Site Scripting Vulnerability
2791| [23091] FloosieTek FTGatePro 1.22 Mail Server Path Disclosure Vulnerability
2792| [23071] SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Cross Site Scripting Vulnerability
2793| [23070] sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal file disclosure vulnerability
2794| [23069] SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability
2795| [23045] ViRobot Linux Server 2.0 - Local Vulnerabilities
2796| [23042] Cerberus FTPServer 1.71/2.1/2.32 Remote Denial of Service Vulnerability
2797| [23038] eMule 0.2x Client OP_SERVERIDENT Heap Overflow Vulnerability
2798| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
2799| [23002] MDaemon SMTP Server 5.0.5 Null Password Authentication Vulnerability
2800| [22999] Meteor FTP Server 1.2/1.5 USER Memory Corruption Vulnerability
2801| [22994] Sun One 5.1,IPlanet 5.0/5.1 Administration Server Directory Traversal Vulnerability
2802| [22969] Valve Software Half-Life Server 3.1.1.0 - Multiplayer Request Buffer Overflow
2803| [22968] Valve Software Half-Life Server <= 1.1.1.0 , 3.1.1.1c1 and 4.1.1.1a Multiplayer Request Buffer Overflow
2804| [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability
2805| [22949] Novell Netware Enterprise Web Server 5.1/6.0 CGI2Perl.NLM Buffer Overflow Vulnerability
2806| [22945] Savant Webserver 3.1 - Denial of Service Vulnerabilities
2807| [22944] Savant Web Server 3.1 CGITest.HTML Cross Site Scripting Vulnerability
2808| [22926] Witango Server 5.0.1 .061 Remote Cookie Buffer Overflow Vulnerability
2809| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
2810| [22909] NetSuite 1.0/1.2 HTTP Server Directory Traversal Vulnerability
2811| [22900] StarSiege Tribes Server Denial of Service Vulnerability (2)
2812| [22899] StarSiege Tribes Server Denial of Service Vulnerability (1)
2813| [22897] Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability
2814| [22892] Mabry Software HTTPServer/X 1.0 0.047 File Disclosure Vulnerability
2815| [22886] ChangshinSoft EZTrans Server Download.PHP Directory Traversal Vulnerability
2816| [22881] PHP Server Monitor Stored XSS
2817| [22875] MyServer 0.4.2 Malformed URI Denial of Service Vulnerability
2818| [22859] Axis Print Server 6.15/6.20 Web Interface Denial of Service Vulnerability
2819| [22825] Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Vulnerability
2820| [22817] MyServer 0.4.1 - Remote Denial of Service Vulnerability
2821| [22804] Kerio MailServer 5.6.3 Web Mail DO_MAP Module Cross-Site Scripting Vulnerability
2822| [22803] Kerio Mailserver 5.6.3 do_map Module Overflow
2823| [22802] Kerio Mailserver 5.6.3 list Module Overflow
2824| [22801] Kerio Mailserver 5.6.3 add_acl Module Overflow
2825| [22800] Kerio Mailserver 5.6.3 subscribe Module Overflow
2826| [22799] Kerio MailServer 5.6.3 Web Mail ADD_ACL Module Cross-Site Scripting Vulnerability
2827| [22795] MiniHTTPServer WebForums Server 1.x/2.0 - Remote Directory Traversal Vulnerability
2828| [22794] Proxomitron Proxy Server Long Get Request Remote Denial of Service Vulnerability
2829| [22785] MyServer 0.4.1/0.4.2 HTTP Server Directory Traversal Vulnerability
2830| [22775] FreeWnn 1.1.1 JServer Logging Option Data Corruption Vulnerability
2831| [22774] myServer 0.4.1 Signal Handling Denial of Service Vulnerability
2832| [22769] Methodus 3 Web Server File Disclosure Vulnerability
2833| [22758] silentthought simple web server 1.0 - Directory Traversal vulnerability
2834| [22757] ArGoSoft Mail Server 1.8.3 .5 - Multiple GET Requests Denial of Service Vulnerability
2835| [22755] Aiglon Web Server 2.0 Installation Path Information Disclosure Weakness
2836| [22706] Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability
2837| [22701] MyServer 0.5 HTTP GET Argument Buffer Overflow Vulnerability
2838| [22700] MyServer 0.4.3 HTTP GET Argument Buffer Overflow Vulnerability
2839| [22692] Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability
2840| [22691] pablo software solutions baby ftp server 1.2 - Directory Traversal vulnerability
2841| [22668] BaSoMail 1.24 SMTP Server Command Buffer Overflow Vulnerability
2842| [22667] BaSoMail 1.24 POP3 Server Denial of Service Vulnerability
2843| [22666] Softrex Tornado WWW-Server 1.2 - Buffer Overflow Vulnerability
2844| [22665] Sun ONE Application Server 7.0 Error Message Cross-Site Scripting Vulnerability
2845| [22664] Sun ONE Application Server 7.0 Source Disclosure Vulnerability
2846| [22662] iPlanet Messaging Server 5.0/5.1 HTML Attachment Cross Site Scripting Vulnerability
2847| [22635] Magic Winmail Server 2.3 USER POP3 Command Format String Vulnerability
2848| [22629] Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module Integer Overflow Vulnerability
2849| [22615] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (3)
2850| [22614] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (2)
2851| [22613] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (1)
2852| [22611] Netscape Enterprise Server 3.x/4.x PageServices Information Disclosure Vulnerability
2853| [22610] Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability
2854| [22609] Snowblind 1.0/1.1 Web Server File Disclosure Vulnerability
2855| [22608] Snowblind Web Server 1.0/1.1 Malformed HTTP Request Denial of Service Vulnerability
2856| [22582] Youngzsoft CMailServer 4.0 RCPT TO Buffer Overflow Vulnerability
2857| [22581] Youngzsoft CMailServer 4.0 MAIL FROM Buffer Overflow Vulnerability
2858| [22580] Firebird 1.0 GDS_Inet_Server Interbase Environment Variable Buffer Overflow Vulnerability
2859| [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability
2860| [22556] MDG Web Server 4D 3.6 HTTP Command Buffer Overflow Vulnerability
2861| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
2862| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
2863| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
2864| [22549] AVerCaster Pro RS3400 Web Server Directory Traversal
2865| [22527] Xeneo Web Server 2.2.10 Undisclosed Buffer Overflow Vulnerability
2866| [22516] Xeneo Web Server 2.2.9 - Denial of Service Vulnerability
2867| [22506] EZ Server 1.0 File Disclosure Vulnerability
2868| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
2869| [22504] Cerberus FTP Server 2.1 Information Disclosure Weakness
2870| [22503] TW-WebServer 1.0 - Denial of Service Vulnerability (2)
2871| [22502] TW-WebServer 1.0 - Denial of Service Vulnerability (1)
2872| [22497] 12Planet Chat Server 2.5 Error Message Installation Path Disclosure Vulnerability
2873| [22496] Python 2.2/2.3 Documentation Server Error Page Cross-Site Scripting Vulnerability
2874| [22472] Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability
2875| [22466] BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit (ASLR + DEP bypass)
2876| [22465] Sysax FTP Automation Server 5.33 Local Privilege Escalation
2877| [22460] Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability
2878| [22446] EZ Server 1.0 Long Argument Local Denial of Service Vulnerability
2879| [22434] Sambar Server 5.x Information Disclosure Vulnerability
2880| [22382] Mambo Site Server 4.0.10 index.php Cross Site Scripting Vulnerability
2881| [22379] PXE Server 2.0 - Remote Buffer Overrun Vulnerability
2882| [22356] Samba SMB 2.2.x,CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow Vulnerability
2883| [22351] Freefloat FTP Server PUT Command Buffer Overflow
2884| [22312] Apple QuickTime/Darwin Streaming Server 4.1.x parse_xml.cgi File Disclosure Vulnerability
2885| [22311] Axis Communications Video Server 2.x Command.CGI File Creation Vulnerability
2886| [22302] hMailServer 5.3.3 IMAP Remote Crash PoC
2887| [22296] Axis Communications HTTP Server 2.x Messages Information Disclosure Vulnerability
2888| [22281] Mambo Site Server 4.0.12 RC2 Cookie Validation Vulnerability
2889| [22250] iParty Conferencing Server Denial of Service Vulnerability
2890| [22230] Netscape Enterprise Server 4.1 HTTP Method Name Buffer Overflow Vulnerability
2891| [22221] Electrasoft 32Bit FTP 9.49.1 Client Long Server Banner Buffer Overflow Vulnerability
2892| [22220] ByteCatcher FTP Client 1.0.4 Long Server Banner Buffer Overflow Vulnerability
2893| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
2894| [22185] Sambar Server 5.x results.stm Cross Site Scripting Vulnerability
2895| [22178] Sun ONE Unified Development Server 5.0 Recursive Document Type Definition Vulnerability
2896| [22161] Turbo FTP Server 1.30.823 PORT Overflow
2897| [22144] Xynph FTP Server 1.0 Relative Path Directory Traversal Vulnerability
2898| [22142] Half-Life 1.1 Client Server Message Format String Vulnerability
2899| [22136] PlatinumFTPServer 1.0.6 Dot-Dot-Slash Directory Traversal Vulnerability
2900| [22113] PlatinumFTPServer 1.0.6 Arbitrary File Deletion Vulnerability
2901| [22112] PlatinumFTPServer 1.0.6 Information Disclosure Vulnerability
2902| [22087] Mambo Site Server 4.0.11 Path Disclosure Vulnerability
2903| [22086] Mambo Site Server 4.0.11 PHPInfo.PHP Information Disclosure Vulnerability
2904| [22081] Mollensoft Software Enceladus Server Suite 3.9 FTP Command Buffer Overflow
2905| [22078] mollensoft software enceladus server suite 2.6.1/3.9 - Directory Traversal
2906| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
2907| [22064] zeroo http server 1.5 - Directory Traversal vulnerability (2)
2908| [22063] zeroo http server 1.5 - Directory Traversal vulnerability (1)
2909| [22044] Web Server Creator Web Portal 0.1 - Remote File Include Vulnerability
2910| [22041] Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
2911| [22036] XFree86 X11R6 3.3.x Font Server Remote Buffer Overrun Vulnerability
2912| [22023] MailEnable 1.501x Email Server Buffer Overflow Vulnerability
2913| [22021] Lonerunner Zeroo HTTP Server 1.5 - Remote Buffer Overflow Vulnerability
2914| [22018] keyfocus kf web server 1.0.8 - Directory Traversal vulnerability
2915| [22006] Ezhometech EzServer 7.0 - Remote Heap Corruption Vulnerability
2916| [22001] Simple Web Server 0.5.1 File Disclosure Vulnerability
2917| [22000] Zeus Web Server 4.0/4.1 Admin Interface Cross Site Scripting Vulnerability
2918| [21982] Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service Vulnerability
2919| [21981] Monkey HTTP Server 0.4/0.5 Invalid POST Request Denial of Service Vulnerability
2920| [21978] Linksys WAP11 1.3/1.4,D-Link DI-804 4.68/Dl-704 2.56 b5 Embedded HTTP Server DoS Vulnerability
2921| [21973] SmartMail Server 1.0 BETA 10 Oversized Request Denial of Service Vulnerability
2922| [21972] SmartMail Server 2.0 Closed Connection Denial of Service Vulnerability
2923| [21965] Alt-N MDaemon 6.0.x POP Server Buffer Overflow Vulnerability
2924| [21964] solarwinds tftp server standard edition 5.0.55 - Directory Traversal vulnerability
2925| [21963] SolarWinds TFTP Server Standard Edition 5.0.55 Large UDP Packet Vulnerability
2926| [21948] IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability
2927| [21947] IBM Websphere Edge Server 3.6/4.0 Cross Site Scripting Vulnerability
2928| [21944] Cisco CatOS 5.x/6.1/7.3/7.4 CiscoView HTTP Server Buffer Overflow Vulnerability
2929| [21938] TelCondex SimpleWebServer 2.0.6 - Denial of Service Vulnerability
2930| [21935] My Web Server 1.0.1/1.0.2 Long Get Request Denial of Service Vulnerability
2931| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
2932| [21917] BlackIce Server Protection 3.5/BlackICE Defender 2.9 Auto Block DoS Weakness
2933| [21911] Oracle 9i Application Server 9.0.2 Web Cache Administration Tool Denial of Service Vulnerability
2934| [21909] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (3)
2935| [21908] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (2)
2936| [21907] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (1)
2937| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
2938| [21880] Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross Site Scripting Vulnerabilities
2939| [21866] ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Stored XSS
2940| [21857] Monkey HTTP Server 0.1.4 File Disclosure Vulnerability
2941| [21856] OpenVMS 5.3/6.2/7.x UCX POP Server Arbitrary File Modification Vulnerability
2942| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
2943| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
2944| [21834] phpMyAdmin 3.5.2.2 server_sync.php Backdoor
2945| [21794] Savant Webserver 3.1 File Disclosure Vulnerability
2946| [21792] Savant Webserver 3.1 Malformed Content-Length Denial of Service Vulnerability
2947| [21775] SWS Simple Web Server 0.0.3/0.0.4/0.1 New Line Denial of Service Vulnerability
2948| [21758] Caldera X Server 7.1/8.0 External Program Privileged Invocation Weakness
2949| [21751] Blazix 1.2 Special Character Handling Server Side Script Information Disclosure
2950| [21737] Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability
2951| [21735] Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability
2952| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
2953| [21728] Kerio MailServer 5.0/5.1 Web Mail Multiple Cross Site Scripting Vulnerabilities
2954| [21719] Apache 2.0 Path Disclosure Vulnerability
2955| [21710] MyWebServer 1.0.2 Long HTTP Request HTML Injection Vulnerability
2956| [21709] MyWebServer 1.0.2 Search Request Remote Buffer Overflow Vulnerability
2957| [21707] GoAhead WebServer 2.1 - Remote Arbitrary Command Execution Vulnerability
2958| [21698] BlueFace Falcon Web Server 2.0 Error Message Cross-Site Scripting Vulnerability
2959| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
2960| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
2961| [21692] MS IE 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain
2962| [21655] Cisco IOS 11.x TFTP Server Long File Name Buffer Overflow Vulnerability
2963| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
2964| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
2965| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
2966| [21639] VMWare GSX Server 2.0 Authentication Server Buffer Overflow Vulnerability
2967| [21627] Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability
2968| [21626] 3.3/4.0/4.2 MERCUR Mailserver Control-Service Buffer Overflow
2969| [21611] Summit Computer Networks Lil' HTTP Server 2.1/2.2 pbcgi.cgi Cross Site Scripting
2970| [21608] GoAhead WebServer 2.1.x Error Page Cross Site Scripting Vulnerability
2971| [21607] GoAhead WebServer 2.1.x URL Encoded Slash Directory Traversal Vulnerability
2972| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
2973| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
2974| [21603] iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability
2975| [21602] icecast server 1.3.12 - Directory Traversal information disclosure vulnerability
2976| [21597] Key Focus KF Web Server 1.0.2 Directory Contents Disclosure Vulnerability
2977| [21593] Epic Games Unreal Tournament Server 436.0 DoS Amplifier Vulnerability
2978| [21591] ArGoSoft 1.8 Mail Server Directory Traversal Vulnerability
2979| [21586] E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability
2980| [21581] Summit Computer Networks Lil' HTTP Server 2 URLCount.CGI HTML Injection Vulnerability
2981| [21577] HP CIFS/9000 Server A.01.05/A.01.06 Buffer Overflow Vulnerability
2982| [21572] Half-Life Server 1.1/3.1 New Player Flood Denial of Service Vulnerability
2983| [21569] MS SQL Server 2000,MS Jet 4.0 Engine Unicode Buffer Overflow Vulnerability
2984| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
2985| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
2986| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
2987| [21542] AnalogX SimpleServer:WWW 1.16 Web Server Buffer Overflow Vulnerability
2988| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
2989| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
2990| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
2991| [21531] Caldera OpenServer 5.0.x XSCO Color Database File Heap Overflow Vulnerability
2992| [21510] MS IE 5/6,MS ISA Server 2000,MS Proxy Server 2.0 Gopher Client Buffer Overflow
2993| [21508] SafeNet Sentinel Keys Server Crash PoC
2994| [21498] Evolvable Shambala Server 4.5 Web Server Denial of Service Vulnerability
2995| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
2996| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
2997| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
2998| [21489] Caldera OpenServer 5.0.5/5.0.6 SCOAdmin Symbolic Link Vulnerability
2999| [21488] Netscape Enterprise Web Server for Netware 4/5 5.0 Information Disclosure
3000| [21482] MIT PGP Public Key Server 0.9.2/0.9.4 Search String Remote Buffer Overflow
3001| [21468] Matu FTP Server 1.13 Buffer Overflow Vulnerability
3002| [21467] YoungZSoft 3.30/4.0 CMailServer Buffer Overflow Vulnerability (2)
3003| [21466] YoungZSoft 3.30/4.0 CMailServer Buffer Overflow Vulnerability (1)
3004| [21450] id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability
3005| [21445] Critical Path InJoin Directory Server 4.0 File Disclosure Vulnerability
3006| [21444] Critical Path InJoin Directory Server 4.0 Cross-Site Scripting Vulnerability
3007| [21432] BEA Systems WebLogic Server and Express 7.0 Null Character DoS
3008| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
3009| [21411] vqServer 1.9.x CGI Demo Program Script Injection Vulnerability
3010| [21390] Sambar Server 5.1 Script Source Disclosure Vulnerability
3011| [21367] Abyss Web Server 1.0 File Disclosure Vulnerability
3012| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
3013| [21338] XTux Server 2001.0 6.01 Garbage Denial of Service Vulnerability
3014| [21337] Menasoft SPHEREserver 0.99 Denial of Service Vulnerability
3015| [21306] Galacticomm Worldgroup 3.20 Remote Web Server Denial of Service Vulnerability
3016| [21298] Essentia Web Server 2.1 Long URL Buffer Overflow Vulnerability
3017| [21294] Phusion Webserver 1.0 Long URL Buffer Overflow Vulnerability
3018| [21293] Phusion Webserver 1.0 Long URL Denial of Service Vulnerability
3019| [21292] phusion webserver 1.0 - Directory Traversal vulnerability (2)
3020| [21291] phusion webserver 1.0 - Directory Traversal vulnerability (1)
3021| [21273] Ezylog Photovoltaic Management Server Multiple Vulnerabilities
3022| [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability
3023| [21237] Cyberstop Web Server 0.1 Long Request DoS Vulnerability
3024| [21228] Sambar Server 5.1 Sample Script Denial of Service Vulnerability
3025| [21215] FreeWnn 1.1 jserver JS_MKDIR Metacharacter Command Execution Vulnerability
3026| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
3027| [21178] Brian Dorricott MAILTO 1.0.7-9 Unauthorized Mail Server Use Vulnerability
3028| [21170] Volition Red Faction 1.0/1.1 Game Server/Client Denial of Service Vulnerability
3029| [21163] Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial of Service Vulnerability (2)
3030| [21162] Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial of Service Vulnerability (1)
3031| [21145] IBM HTTP Server 1.3.x Source Code Disclosure Vulnerability
3032| [21142] Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability
3033| [21141] Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability
3034| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
3035| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
3036| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
3037| [21110] EFTP Server 2.0.7 .337 Directory and File Existence Vulnerability
3038| [21101] Merit AAA RADIUS Server 3.8 rlmadmin Symbolic Link Vulnerability
3039| [21089] AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (2)
3040| [21088] AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (1)
3041| [21042] id Software Quake 3 Arena Server 1.29 Possible Buffer Overflow Vulnerability
3042| [21039] SimpleServer:WWW 1.0.7/1.0.8/1.13 Hex Encoded URL Directory Traversal Vulnerability
3043| [21027] Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability
3044| [21026] Sambar Server 4.4/5.0 pagecount File Overwrite Vulnerability
3045| [21009] ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability
3046| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
3047| [20946] Cerberus FTP Server 1.x Buffer Overflow DoS Vulnerability
3048| [20934] Internet Software Solutions Air Messenger LAN Server 3.4.2 Path Disclosure Vulnerability
3049| [20933] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (4)
3050| [20932] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (3)
3051| [20931] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (2)
3052| [20930] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (1)
3053| [20922] Rumpus FTP Server 1.3.x/2.0.3 Stack Overflow DoS Vulnerability
3054| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
3055| [20910] TransSoft Broker FTP Server 3.0/4.0/4.7/5.x CWD Buffer Overflow Vulnerability
3056| [20904] Pragma Systems InterAccess TelnetD Server 4.0 - Denial of Service
3057| [20895] WebTrends Enterprise Reporting Server 3.1 c/3.5 Source Code Disclosure
3058| [20879] OpenServer 5.0.5/5.0.6,HP-UX 10/11,Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun
3059| [20876] Simple Web Server 2.2-rc2 ASLR Bypass Exploit
3060| [20851] SCO OpenServer 5.0.x StartX Weak XHost Permissions Vulnerability
3061| [20845] Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev Remote DoS
3062| [20830] T. Hauck Jana Server 1.45/1.46/2.0 MS-DOS Device Name DoS Vulnerability
3063| [20829] T. Hauck Jana Server 1.45/1.46 Hex Encoded Directory Traversal Vulnerability
3064| [20828] SpyNet 6.5 Chat Server Multiple Connection Denial of Service Vulnerability
3065| [20826] Jason Rahaim MP3Mystic 1.0.x Server Directory Traversal Vulnerability
3066| [20825] michael lamont savant http server 2.1 - Directory Traversal vulnerability
3067| [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5)
3068| [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4)
3069| [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)
3070| [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2)
3071| [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1)
3072| [20809] Excite for Web Servers 1.1 Administrative Password Vulnerability
3073| [20797] Perl Web Server 0.x Path Traversal Vulnerability
3074| [20796] Zabbix Server Arbitrary Command Execution
3075| [20793] RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability
3076| [20779] Oracle 8 Server 'TNSLSNR80.EXE' DoS Vulnerability
3077| [20771] Simpleserver WWW 1.0.x AUX Directory Denial of Service Vulnerability
3078| [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service
3079| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
3080| [20758] Vice City Multiplayer Server 0.3z R2 Remote Code Execution
3081| [20747] Oracle Application Server 4.0.8 .2 ndwfn4.so buffer overflow
3082| [20742] SCO Open Server 5.0.6 recon Buffer Overflow Vulnerability
3083| [20739] SCO Open Server 5.0.6 lpusers Buffer Overflow Vulnerability
3084| [20737] SCO Open Server 5.0.6 lpshut Buffer Overflow Vulnerability
3085| [20736] SCO Open Server 5.0.6 lpforms Buffer Overflow Vulnerability
3086| [20735] SCO OpenServer 5.0.6 lpadmin Buffer Overflow Vulnerability
3087| [20726] Gene6 BPFTP Server 2.0 File Existence Disclosure Vulnerability
3088| [20723] Gene6 BPFTP FTP Server 2.0 User Credentials Disclosure Vulnerability
3089| [20719] Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability
3090| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
3091| [20702] Sysax Multi Server 5.64 Create Folder Buffer Overflow
3092| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
3093| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
3094| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
3095| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
3096| [20682] Michael Lamont Savant Web Server 3.0 DoS Vulnerability
3097| [20677] "IOServer ""Root Directory"" Trailing Backslash Multiple Vulnerabilities"
3098| [20676] Sysax Multi-Server 5.64 Create Folder Buffer Overflow
3099| [20657] robin twombly a1 http server 1.0 - Directory Traversal vulnerability
3100| [20656] Robin Twombly A1 HTTP Server 1.0 - Denial of Service Vulnerability
3101| [20655] Orange Software Orange Web Server 2.1 DoS Vulnerability
3102| [20647] Atrium Software Mercur Mail Server 3.3 EXPN Buffer Overflow Vulnerability
3103| [20638] Bajie Webserver 0.78/0.90 Remote Command Execution Vulnerability
3104| [20622] Xmail 0.5/0.6 CTRLServer Remote Arbitrary Commands Vulnerability
3105| [20620] SCO UNIX 5 calserver Remote Buffer Overflow Vulnerability
3106| [20616] soft lite serverworx 3.0 - Directory Traversal vulnerability
3107| [20614] aolserver 3.2 win32 - Directory Traversal vulnerability
3108| [20612] informs picserver 1.0 - Directory Traversal vulnerability
3109| [20609] Heat-On HSWeb Web Server 2.0 Path Disclosure Vulnerability
3110| [20608] guido frassetto sedum http server 2.0 - Directory Traversal vulnerability
3111| [20607] goahead webserver 2.0/2.1 - Directory Traversal vulnerability
3112| [20602] Solaris x86 2.4/2.5 nlps_server Buffer Overflow Vulnerability
3113| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
3114| [20591] Netscape Enterprise Server 3.0/4.0 'Index' Disclosure Vulnerability
3115| [20570] Sambar Server 4.1 beta Admin Access Vulnerability
3116| [20531] IBM HTTP Server 1.3 AfpaCache/WebSphereNet.Data DoS Vulnerability
3117| [20530] Lotus Domino Server 5.0.x Directory Traversal Vulnerability (2)
3118| [20529] Lotus Domino Server 5.0.x Directory Traversal Vulnerability (1)
3119| [20516] BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x Double Dot Buffer Overflow
3120| [20496] Oops Proxy Server 1.4.22 Buffer Overflow Vulnerabilities (2)
3121| [20495] Oops Proxy Server 1.4.22 Buffer Overflow Vulnerabilities (1)
3122| [20482] Novell Netware Web Server 3.x files.pl Vulnerability
3123| [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
3124| [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability
3125| [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability
3126| [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
3127| [20448] Novell NetWare Web Server 2.x convert.bas Vulnerability
3128| [20445] IIS 1.0,Netscape Server 1.0/1.12,OReilly WebSite Professional 1.1 b BAT/.CMD Remote Command Execution
3129| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
3130| [20407] NetcPlus SmartServer3 3.75 Weak Encryption Vulnerability
3131| [20406] RealServer 5.0/6.0/7.0 Memory Contents Disclosure Vulnerability
3132| [20403] Small HTTP server 2.0 1 Non-Existent File DoS Vulnerability
3133| [20396] HP-UX 10.x/11.x Aserver PATH Vulnerability
3134| [20375] Sun Java Web Server 1.1 Beta Viewable .jhtml Source Vulnerability
3135| [20367] xeams email server 4.4 build 5720 - Stored XSS
3136| [20366] winwebmail server 3.8.1.6 - Stored XSS
3137| [20349] emailarchitect enterprise email server 10.0 - Stored XSS
3138| [20348] axigen mail server 8.0.1 - Stored XSS
3139| [20325] Netscape Directory Server 4.12 Directory Server Directory Traversal Vulnerability
3140| [20319] Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion
3141| [20318] Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message RCE
3142| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
3143| [20282] Evolvable Shambala Server 4.5 DoS Vulnerability
3144| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
3145| [20246] TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure
3146| [20245] TalentSoft Web+ Client/Monitor/server 4.6 Source Code Disclosure Vulnerability
3147| [20244] TalentSoft Web+ Client/Monitor/server 4.6 Internal IP Address Disclosure
3148| [20242] Unixware 7.0 SCOhelp HTTP Server Format String Vulnerability
3149| [20229] IBM Websphere Application Server 3.0.2 Server Plugin DoS Vulnerability
3150| [20228] TYPSoft 0.7 x FTP Server remote DoS Vulnerability
3151| [20223] Sambar Server 4.3/4.4 beta 3 Search CGI Vulnerability
3152| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
3153| [20180] RobTex Viking Server 1.0.6 Build 355 Buffer Overflow Vulnerability
3154| [20178] vqSoft vqServer 1.4.49 DoS Vulnerability
3155| [20175] PragmaSys TelnetServer 2000 rexec Buffer Overflow Vulnerability
3156| [20163] WorldView 6.5/Wnn4 4.2 Asian Language Server Remote Buffer Overflow Vulnerability
3157| [20148] MediaHouse Software Statistics Server LiveStats 5.2 - Buffer Overflow Vulnerability
3158| [20136] NAI Net Tools PKI Server 1.0 Format String Vulnerability
3159| [20135] nai net tools pki server 1.0 - Directory Traversal vulnerability
3160| [20134] NAI Net Tools PKI Server 1.0 strong.exe Buffer Overflow Vulnerability
3161| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
3162| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
3163| [20108] CVS Kit CVS Server 1.10 .8 Checkin.prog Binary Execution Vulnerability
3164| [20107] CVS Kit CVS Server 1.10 .8 Instructed File Create Vulnerability
3165| [20104] Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability
3166| [20103] analogx simpleserver:www 1.0.6 - Directory Traversal vulnerability
3167| [20097] IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability
3168| [20095] Sun Java Web Server 1.1.3/2.0 Servlets Vulnerability
3169| [20066] Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Vulnerability
3170| [20054] West Street Software LocalWEB HTTP Server 1.2 - Buffer Overflow
3171| [20052] Centrinity FirstClass 5.77 0 Intranet Server Long Header Denial of Service Vulnerability
3172| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
3173| [20046] Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability
3174| [20028] Simple Web Server Connection Header Buffer Overflow
3175| [20026] OpenLinux 2.3/2.4,RedHat 6.0/6.1,SCO eServer 2.3 - Denial of Service
3176| [20021] RedHat 6.2 Piranha Virtual Server Package Plaintext Password Vulnerability
3177| [20017] Max Feoktistov Small HTTP server 1.212 Buffer Overflow
3178| [20016] Shadow Op Software Dragon Server 1.0/2.0 - Multiple DoS
3179| [20015] AnalogX SimpleServer:WWW 1.0.5 DoS Vulnerability
3180| [20009] atmail email server appliance 6.4 - Stored XSS - csrf - rce
3181| [19996] ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability
3182| [19995] Michael Lamont Savant WebServer 2.1 CGI Source Code Disclosure
3183| [19988] httpdx 1.5.4 - Remote HTTP Server Denial of Service
3184| [19986] Oxide Webserver 2.0.4 - Denial of Service Vulnerability
3185| [19977] Real Networks Real Server 7.0/7.0.1/8.0 Beta View-Source DoS Vulnerability
3186| [19976] Concatus IMate Web Mail Server 2.5 - Buffer Overflow Vulnerability
3187| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
3188| [19950] XFree86 X11R6 3.3.5/3.3.6/4.0 Xserver Denial of Service Vulnerability
3189| [19944] Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow
3190| [19937] Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit
3191| [19920] Computalynx CProxy Server 3.3 SP2 Buffer Overflow DoS Vulnerability
3192| [19897] FrontPage 2000,IIS 4.0/5.0 Server Extensions Path Disclosure Vulnerability
3193| [19895] NetWin DNews 5.3 Server Buffer Overflow Vulnerability
3194| [19884] Atrium Software Cassandra NNTP Server 1.10 Buffer Overflow Vulnerability
3195| [19879] RedHat 6.2 Piranha Virtual Server Package Default Account and Password Vulnerability
3196| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
3197| [19857] ALLMediaServer 0.8 - Buffer Overflow
3198| [19856] GameHouse dldisplay ActiveX control 0,Real Server 7.0 Port 7070 DoS
3199| [19853] FrontPage 97/98 Server Image Mapper Buffer Overflow
3200| [19850] RedHat Linux 6.x X Font Server DoS and Buffer Overflow Vulnerabilities
3201| [19846] MS FrontPage 98 Server Extensions for IIS,MS InterDev 1.0 - Buffer Overflow Vulnerability
3202| [19845] MS FrontPage 98 Server Extensions for IIS,MS InterDev 1.0 Filename Obfuscation
3203| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
3204| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
3205| [19822] SGI IRIX 5.x/6.x Objectserver Vulnerability
3206| [19820] AnalogX SimpleServer:WWW 1.0.3 DoS Vulnerability
3207| [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability
3208| [19814] Netscape Enterprise Server 3.0/3.6/3.51 Directory Indexing Vulnerability
3209| [19807] Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
3210| [19806] Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)
3211| [19805] GameHouse dldisplay ActiveX control 0,Real Server 5.0/7.0 Internal IP Address Disclosure
3212| [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS
3213| [19783] Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 GET Request Vulnerability
3214| [19761] Sambar Server 4.2 beta 7 Batch CGI Vulnerability
3215| [19760] Pragma Systems InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
3216| [19755] Pragma Systems InterAccess TelnetD Server 4.0 Build 4 Buffer Overflow
3217| [19753] ms frontpage personal webserver 1.0/personal web server 4.0 - Directory Traversal
3218| [19752] SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability
3219| [19749] ISC BIND 4.9.7/8.x Traffic Amplification and NS Route Discovery Vulnerability
3220| [19748] True North Software Internet Anywhere Mail Server 3.1.3 RETR DoS
3221| [19747] Zeus Web Server 3.x Null Terminated Strings Vulnerability
3222| [19745] Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability
3223| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
3224| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
3225| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
3226| [19712] Allaire ColdFusion Server 4.0/4.0.1 CFCACHE Vulnerability
3227| [19705] Netscape FastTrack Server 2.0.1 a GET Buffer Overflow Vulnerability
3228| [19703] AnalogX SimpleServer:WWW 1.0.1 GET Buffer Overflow Vulnerability
3229| [19695] Michael Lamont Savant WebServer 2.0 NULL Character DoS Vulnerability
3230| [19689] ZBServer Pro 1.5 - Buffer Overflow Vulnerability (2)
3231| [19688] ZBServer Pro 1.5 - Buffer Overflow Vulnerability (1)
3232| [19687] Real Networks Real Server 5.0 ramgen Denial of Service Vulnerability
3233| [19684] SCO Open Server 5.0.5,IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library Buffer Overflows Vulnerability
3234| [19682] Netscape Enterprise Server ,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities
3235| [19666] GoodTech Telnet Server NT 2.2.1 DoS Vulnerability
3236| [19664] Cat Soft Serv-U 2.5 a Server SITE PASS DoS Vulnerability
3237| [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability
3238| [19635] Sun Solaris 7.0 rpc.ttdbserver Denial of Service Vulnerability
3239| [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow
3240| [19632] Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability
3241| [19625] ALLMediaServer 0.8 SEH Overflow Exploit
3242| [19624] Gene6 G6 FTP Server 2.0 - Buffer Overflow DoS Vulnerability
3243| [19622] Antelope Software W4-Server 2.6 a/Win32 Cgitest.exe Buffer Overflow
3244| [19619] QPC Software QVT Term 4.3/QVT/Net 4.3 Suite FTP Server DoS Vulnerability
3245| [19617] NetcPlus SmartServer3 3.5.1 POP Buffer Overflow Vulnerability
3246| [19613] Poison Ivy 2.3.2 C&C Server Buffer Overflow
3247| [19611] TransSoft Broker FTP Server 3.0 x/4.0 User Name Buffer Overflow Vulnerability
3248| [19584] Sky Communications Skyfull 1.1.4 Mail Server MAIL FROM Buffer Overflow
3249| [19581] Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (2)
3250| [19580] Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (1)
3251| [19571] Netscape Messaging Server 3.6/3.54/3.55 RCPT TO DoS Vulnerability
3252| [19562] "MediaHouse Software Statistics Server 4.28/5.1 ""Server ID"" Buffer Overflow Vulnerability"
3253| [19561] True North Software Internet Anywhere Mail Server 2.3.x Mail Server Multiple Buffer Overflow
3254| [19543] SCO Open Server 5.0.5 cancel Buffer Overflow Vulnerability
3255| [19542] SCO Open Server <= 5.0.5 'userOsa' symlink Vulnerability
3256| [19540] t. hauck jana webserver 1.0/1.45/1.46 - Directory Traversal vulnerability
3257| [19500] SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (2)
3258| [19499] SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (1)
3259| [19494] NetcPlus SmartServer 3.5.1 SMTP Buffer Overflow
3260| [19493] Netscape Enterprise Server 3.51/3.6 SP2 Accept Buffer Overflow Vulnerability
3261| [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability
3262| [19457] Ms Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 DoS
3263| [19446] WebTrends Enterprise Reporting Server 1.5 Negative Content Length DoS Vulnerability
3264| [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability
3265| [19443] Netscape Enterprise Server 3.51/3.6 JHTML View Source Vulnerability
3266| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
3267| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
3268| [19416] Netscape Enterprise Server <= 3.6 SSL Buffer Overflow DoS Vulnerability
3269| [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3)
3270| [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2)
3271| [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1)
3272| [19392] Able2Extract and Able2Extract Server 6.0 - Memory Corruption
3273| [19363] Netscape FastTrack Server 3.0.1 Fasttrack Root Directory Listing Vulnerability
3274| [19362] SCO Open Server <= 5.0.5 XBase Buffer Overflow Vulnerabilities
3275| [19291] EZHomeTech EzServer <= 6.4.017 Stack Buffer Overflow Vulnerability
3276| [19266] Ezhometech Ezserver 6.4 Stack Overflow Exploit
3277| [19244] Apple Mac OS X Server 10.0 Overload Vulnerability
3278| [19231] PHP apache_request_headers Function Buffer Overflow
3279| [19225] Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability
3280| [19220] Allaire ColdFusion Server <= 4.0.1 CFCRYPT.EXE Vulnerability
3281| [19219] bisonware bisonware ftp server 3.5 - Multiple Vulnerabilities
3282| [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability
3283| [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability"
3284| [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability
3285| [19167] Ipswitch IMail 5.0,WS_FTP Server 1.0.1/1.0.2 Server Privilege Escalation Vulnerability
3286| [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability
3287| [19145] NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 Server Operator to Administrator Privilege Escalation: System Key Vulnerability
3288| [19131] XM Easy Personal FTP Server <= 5.30 - Remote Format String Write4 Exploit
3289| [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
3290| [19123] SCO Open Server <= 5.0.4 POP Server Buffer Overflow Vulnerability
3291| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
3292| [19112] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(2)
3293| [19111] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(1)
3294| [19110] Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (2)
3295| [19109] Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (1)
3296| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
3297| [19093] Allaire ColdFusion Server <= 4.0 - Remote File Display, Deletion, Upload and Execution Vulnerability
3298| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
3299| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
3300| [19069] Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow Vulnerability
3301| [19047] Stalker Internet Mail Server 1.6 - Buffer Overflow Vulnerability
3302| [19046] AppleShare IP Mail Server 5.0.3 - Buffer Overflow Vulnerability
3303| [19024] ComSndFTP Server 1.3.7 Beta Remote Format String Overflow
3304| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
3305| [18982] Hexamail Server <= 4.4.5 Persistent XSS Vulnerability
3306| [18973] GIMP script-fu Server Buffer Overflow
3307| [18946] Tftpd32 DNS Server 4.00 Denial of Service
3308| [18945] WinRadius Server 2009 Denial of Service
3309| [18915] FlexNet License Server Manager lmgrd Buffer Overflow
3310| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
3311| [18878] Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities
3312| [18877] FlexNet License Server Manager Stack Overflow In lmgrd
3313| [18858] elearning server 4g Multiple Vulnerabilities
3314| [18857] Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure
3315| [18841] Lynx Message Server Multiple Vulnerabilities
3316| [18766] Oracle GlassFish Server - REST CSRF
3317| [18764] Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS
3318| [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow
3319| [18734] EMC IRM License Server DoS Server 4.6.1.1995
3320| [18718] distinct tftp server <= 3.01 - Directory Traversal vulnerability
3321| [18665] PHP 5.4.0 Built-in Web Server DoS PoC
3322| [18643] Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 - Remote Buffer Overflow Vulnerability
3323| [18630] Android FTPServer 1.9.0 - Remote DoS
3324| [18629] Tiny Server <= 1.1.9 HTTP HEAD DoS
3325| [18628] PeerFTP Server <= 4.01 - Remote Crash PoC
3326| [18626] ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability
3327| [18625] 2X ApplicationServer 10.1 TuxSystem Class ActiveX Control Remote File Overwrite Vulnerability
3328| [18623] LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Arbitrary File Deletion Vulnerability
3329| [18622] LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Code Execution Vulnerability
3330| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
3331| [18615] TypesoftFTP Server 1.1 - Remote DoS (APPE)
3332| [18610] Tiny Server 1.1.5 - Arbitrary File Disclosure Exploit
3333| [18604] NetDecision 4.5.1 HTTP Server Buffer Overflow
3334| [18587] Network Instrument Observer SNMP SetRequest Denial of Service Vulnerability
3335| [18582] Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
3336| [18543] Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability
3337| [18541] Netmechanica NetDecision HTTP Server Denial of Service Vulnerability
3338| [18534] Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
3339| [18524] Tiny HTTP Server <= 1.1.9 - Remote Crash PoC
3340| [18476] Sysax Multi Server <= 5.52 File Rename BoF RCE (Egghunter)
3341| [18469] Typsoft FTP Server 1.10 Multiple Commands DoS
3342| [18453] OfficeSIP Server 3.1 - Denial of Service Vulnerability
3343| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
3344| [18451] Sphinix Mobile Web Server 3.1.2.47 Multiple Persistent XSS Vulnerabilities
3345| [18448] Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
3346| [18442] Apache httpOnly Cookie Disclosure
3347| [18423] HP Diagnostics Server magentservice.exe Overflow
3348| [18420] Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF (MSF Module)
3349| [18401] Savant Web Server 3.1 - Buffer Overflow Exploit (Egghunter)
3350| [18382] Sysax Multi Server 5.50 Create Folder BOF
3351| [18345] TFTP Server 1.4 ST (RRQ) Buffer Overflow Exploit
3352| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
3353| [18240] CoDeSys SCADA 2.3 - Webserver Stack Buffer Overflow
3354| [18235] zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
3355| [18190] Serv-U FTP Server < 4.2 - Buffer Overflow
3356| [18189] Ipswitch TFTP Server Directory Traversal Vulnerability
3357| [18188] Hillstone Software HS TFTP Server Denial of Service Vulnerability
3358| [18179] IBM Lotus Domino Server Controller Authentication Bypass Vulnerability
3359| [18112] optima apiftp server <= 1.5.2.13 - Multiple Vulnerabilities
3360| [18057] NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
3361| [18038] GTA SA-MP server.cfg - Buffer Overflow
3362| [18028] "zFTP Server ""cwd/stat"" Remote Denial-of-Service"
3363| [18017] Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)
3364| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
3365| [17963] atvise webMI2ADS Web Server <= 1.0 - Multiple Vulnerabilities
3366| [17893] GTA SA-MP server.cfg - Local Buffer Overflow Vulnerability
3367| [17886] FreeFloat FTP Server Buffer Overflow Exploit (DEP Bypass)
3368| [17879] MetaServer RT <= 3.2.1.450 - Multiple Vulnerabilities
3369| [17870] KnFTP 1.0.0 Server - Remote Buffer Overflow Exploit, 'USER' command
3370| [17856] KnFTP 1.0.0 Server Multiple Buffer Overflow Exploit (DoS PoC)
3371| [17828] Wordpress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability
3372| [17827] Procyon Core Server HMI <= 1.13 - Coreservice.exe Stack Buffer Overflow
3373| [17819] KnFTP Server Buffer Overflow Exploit
3374| [17817] ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)
3375| [17810] BisonFTP Server Remote Buffer Overflow Exploit (MSF)
3376| [17796] Windows Server 2008 R1 Local Denial of Service
3377| [17742] Mini FTP Server 1.1 Buffer Corruption Remote Denial of Service
3378| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
3379| [17691] Apache Struts < 2.2.0 - Remote Command Execution
3380| [17649] BisonFTP Server <= 3.5 - Remote Buffer Overflow Exploit
3381| [17626] PXE exploit server
3382| [17619] CiscoKits 1.0 TFTP Server Directory Traversal Vulnerability
3383| [17618] CiscoKits 1.0 TFTP Server DoS (write command)
3384| [17615] Sun/Oracle GlassFish Server Authenticated Code Execution
3385| [17601] Omnicom Alpha 4.0e LPD Server DoS
3386| [17588] Actfax FTP Server <= 4.27 - USER Command 0day Stack Buffer Overflow (MSF)
3387| [17581] MyWebServer 1.0.3 - Arbitrary File Download
3388| [17580] MyWebServer 1.0.3 - Denial of Service
3389| [17578] MinaliC Webserver 2.0 - Remote Source Disclosure
3390| [17571] OpenX Ad Server 2.8.7 Cross Site Request Forgery
3391| [17569] Ciscokits 1.0 TFTP Server File Name DoS
3392| [17551] Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability
3393| [17550] FreeFloat FTP Server 1.0 - ACCL Buffer Overflow Exploit
3394| [17549] Lotus Domino SMTP router, EMAIL server and client DoS
3395| [17548] FreeFloat FTP Server REST Buffer Overflow (MSF)
3396| [17546] FreeFloat FTP Server 1.0 - REST, PASV Buffer Overflow Exploit
3397| [17540] Freefloat FTP Server MKD Buffer Overflow (MSF)
3398| [17539] FreeFloat FTP Server 1.00 - MKD Buffer Overflow Exploit
3399| [17535] Java RMI Server Insecure Default Configuration Java Code Execution
3400| [17519] Freefloat FTP Server (LIST command) Buffer Overflow Exploit
3401| [17507] Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
3402| [17498] Freefloat FTP Server Buffer Overflow Vulnerability (MSF)
3403| [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053]
3404| [17455] Smallftpd 1.0.3 FTP Server Denial of Service Vulnerability
3405| [17434] RealWin SCADA Server DATAC Login Buffer Overflow
3406| [17417] DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
3407| [17404] IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
3408| [17393] Oracle HTTP Server XSS Header Injection
3409| [17382] Tele Data Contact Management Server Directory Traversal
3410| [17381] simple web-server 1.2 - Directory Traversal
3411| [17374] 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
3412| [17373] ActFax Server FTP Remote BOF (post auth) Bigger Buffer
3413| [17361] Xitami Web Server 2.5b4 Remote Buffer Overflow (Egghunter)
3414| [17359] Xitami Web Server 2.5b4 Remote Buffer Overflow Exploit
3415| [17354] Easy Ftp Server 1.7.0.2 - Post-Authentication BoF
3416| [17352] 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
3417| [17351] iPhone4 FTP Server 1.0 - Empty CWD-RETR Remote Crash
3418| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
3419| [17300] 7-Technologies IGSS <= 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow
3420| [17276] Oracle GlassFish Server Administration Console Authentication Bypass
3421| [17219] EMC HomeBase Server Directory Traversal Remote Code Execution
3422| [17188] IBM Tivoli Directory Server SASL Bind Request Remote Code Execution
3423| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
3424| [17148] Zend Server Java Bridge Arbitrary Java Code Execution
3425| [17116] Longshine Multiple Print Servers Cross-site Scripting Vulnerability
3426| [17115] ZO Tech Multiple Print Servers Cross-site Scripting Vulnerability
3427| [17063] easy file sharing web server 5.8 - Multiple Vulnerabilities
3428| [17053] wodWebServer.NET 1.3.3 - Directory Traversal
3429| [17034] Progea Movicon 11 TCPUploadServer Remote Exploit
3430| [17033] IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS
3431| [16984] HP OpenView Performance Insight Server Backdoor Account Code Execution
3432| [16970] Kolibri <= 2.0 - HTTP Server HEAD Buffer Overflow
3433| [16939] Hiawatha WebServer 7.4 - Denial of Service Vulnerability
3434| [16930] ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
3435| [16915] Oracle VM Server Virtual Server Agent Command Injection
3436| [16891] QuickTime Streaming Server parse_xml.cgi Remote Execution
3437| [16872] WebSTAR FTP Server USER Overflow
3438| [16863] AppleFileServer LoginExt PathName Overflow
3439| [16858] RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
3440| [16846] UoW IMAP server LSUB Buffer Overflow
3441| [16829] Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow
3442| [16828] Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow
3443| [16827] Trend Micro ServerProtect 5.58 Buffer Overflow
3444| [16823] Network Associates PGP KeyServer 7 LDAP Buffer Overflow
3445| [16819] SoftiaCom WMailserver 1.0 - Buffer Overflow
3446| [16817] GoodTech Telnet Server <= 5.0.6 - Buffer Overflow
3447| [16815] Novell ZENworks 6.5 Desktop/Server Management Overflow
3448| [16802] Webster HTTP Server GET Buffer Overflow
3449| [16798] Apache mod_jk 1.2.20 Buffer Overflow
3450| [16789] Adobe RoboHelp Server 8 Arbitrary File Upload and Execute
3451| [16782] Apache Win32 Chunked Encoding
3452| [16777] Free Download Manager Remote Control Server Buffer Overflow
3453| [16773] Novell eDirectory NDS Server Host Header Overflow
3454| [16772] EFS Easy Chat Server Authentication Request Handling Buffer Overflow
3455| [16771] EasyFTP Server <= 1.7.0.11 list.html path Stack Buffer Overflow
3456| [16770] Savant 3.1 Web Server Overflow
3457| [16766] Sybase EAServer 5.2 - Remote Stack Buffer Overflow
3458| [16757] Novell Messenger Server 2.0 Accept-Language Overflow
3459| [16753] Xitami 2.5c2 Web Server If-Modified-Since Overflow
3460| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
3461| [16745] Computer Associates License Server GETCONFIG Overflow
3462| [16742] Easy File Sharing FTP Server 2.0 PASS Overflow
3463| [16740] Microsoft IIS FTP Server NLST Response Overflow
3464| [16737] EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow
3465| [16734] EasyFTP Server <= 1.7.0.11 LIST Command Stack Buffer Overflow
3466| [16733] FileCopa FTP Server pre 18 Jul Version
3467| [16719] WS-FTP Server 5.03 MKD Overflow
3468| [16718] Xlink FTP Server Buffer Overflow
3469| [16717] Ipswitch WS_FTP Server 5.05 XMD5 Overflow
3470| [16712] BolinTech Dream FTP Server 1.02 Format String
3471| [16711] EasyFTP Server <= 1.7.0.11 MKD Command Stack Buffer Overflow
3472| [16703] GlobalSCAPE Secure FTP Server Input Overflow
3473| [16702] KarjaSoft Sami FTP Server 2.02 - USER Overflow
3474| [16697] IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow
3475| [16690] Qbik WinGate WWW Proxy Server URL Processing Overflow
3476| [16641] SasCam Webcam Server 2.6.5 Get() method - Buffer Overflow
3477| [16491] WinVNC Web Server <= 3.3.3r7 - GET Overflow
3478| [16445] Bopup Communications Server Buffer Overflow
3479| [16431] BigAnt Server 2.50 SP1 Buffer Overflow
3480| [16430] BigAnt Server 2.2 - Buffer Overflow
3481| [16426] BigAnt Server 2.52 USV Buffer Overflow
3482| [16419] Mercury/32 <= 4.01b - PH Server Module Buffer Overflow
3483| [16416] CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
3484| [16415] CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
3485| [16411] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
3486| [16409] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
3487| [16400] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
3488| [16398] Microsoft SQL Server Hello Overflow
3489| [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
3490| [16395] Microsoft SQL Server Payload Execution
3491| [16394] Microsoft SQL Server Payload Execution via SQL injection
3492| [16393] Microsoft SQL Server Resolution Overflow
3493| [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption
3494| [16389] Omni-NFS Server Buffer Overflow
3495| [16385] DATAC RealWin SCADA Server Buffer Overflow
3496| [16384] DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
3497| [16383] DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow
3498| [16382] DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
3499| [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
3500| [16367] Microsoft Server Service NetpwPathCanonicalize Overflow
3501| [16362] Microsoft Server Service Relative Path Stack Corruption
3502| [16350] Allied Telesyn TFTP Server 1.9 Long Filename Overflow
3503| [16344] FutureSoft TFTP Server 2000 Transfer-Mode Overflow
3504| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
3505| [16314] Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
3506| [16287] Wyse Rapport Hagent Fake Hserver Command Execution
3507| [16286] RealServer Describe Buffer Overflow
3508| [16274] JBoss Application Server Remote Exploit
3509| [16260] Quick 'n Easy FTP Server 3.2 - Denial of Service
3510| [16259] home ftp server 1.12 - Directory Traversal
3511| [16235] Wordpress Plugin Forum Server 1.6.5 - SQL Injection Vulnerability
3512| [16230] Victory FTP Server 5.0 - Denial of Service Exploit
3513| [16177] ActFax Server FTP Remote BOF (post auth)
3514| [16176] ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit
3515| [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow
3516| [16150] XM Easy Personal FTP Server 5.8.0 (TYPE) Denial of Service
3517| [16095] Terminal Server Client .rdp Denial of Service
3518| [16075] Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download
3519| [16054] sap crystal report server 2008 - Directory Traversal
3520| [16040] Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC
3521| [16036] Golden FTP Server 4.70 - PASS Command Buffer Overflow Exploit
3522| [15868] QuickPHP Web Server Arbitrary (src .php) File Download
3523| [15862] quickphp web server 1.9.1 - Directory Traversal
3524| [15860] TYPSoft FTP Server (v 1.10) RETR CMD Denial of Service
3525| [15821] HttpBlitz Web Server Denial of Service Exploit
3526| [15764] ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation Vulnerability
3527| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
3528| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
3529| [15689] Freefloat FTP Server Buffer Overflow Vulnerability 0day
3530| [15617] VMware 2 Web Server - Directory Traversal
3531| [15450] filecopa ftp server 6.01 - Directory Traversal
3532| [15445] femitter ftp server 1.04 - Directory Traversal vulnerability
3533| [15442] Zeeways Adserver Multiple Vulnerabilities
3534| [15438] AT-TFTP Server 1.8 - Remote Directory Traversal Vulnerability
3535| [15437] Quick Tftp Server Pro 2.1 - Remote Directory Traversal Vulnerability
3536| [15427] WinTFTP Server Pro 3.1 - (0day) Remote Directory Traversal Vulnerability
3537| [15422] Sami HTTP Server 2.0.1 GET Request Denial of Service Exploit
3538| [15373] mongoose web server 2.11 - Directory Traversal vulnerability
3539| [15357] Home FTP Server 1.11.1.149 RETR DELE RMD - Remote Directory Traversal Exploit
3540| [15349] Home FTP Server 1.11.1.149 - Post-Auth Directory Traversal
3541| [15336] MinaliC Webserver 1.0 - Remote Source Disclosure/File Download
3542| [15334] MinaliC Webserver 1.0 - Denial of Service Vulnerability
3543| [15333] MinaliC Webserver 1.0 - Directory Traversal Vulnerability
3544| [15319] Apache 2.2 (Windows) Local Denial of Service
3545| [15307] HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS
3546| [15290] Oracle Sun Java System Web Server - HTTP Response Splitting
3547| [15244] Oracle Virtual Server Agent Command Injection
3548| [15238] Disk Pulse Server 2.2.34 - Remote Buffer Overflow Exploit
3549| [15231] Sync Breeze Server 2.2.30 - Remote Buffer Overflow Exploit
3550| [15008] MOAUB #15 - Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption
3551| [14990] AA SMTP Server 1.1 - Crash PoC
3552| [14976] YOPS Web Server Remote Command Execution
3553| [14840] Mereo 1.9.2 - Remote HTTP Server Denial of Service Vulnerability
3554| [14779] deepin tftp server 1.25 - Directory Traversal vulnerability
3555| [14634] SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit
3556| [14623] Easy FTP Server 1.7.0.11 - Multiple Commands Remote Buffer Overflow Exploit (Post Auth)
3557| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
3558| [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054)
3559| [14496] UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post Auth)
3560| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
3561| [14451] Easy FTP Server 1.7.0.11 - LIST Command Remote BoF Exploit (Post Auth) - (meta)
3562| [14409] AIX5l with FTP-Server Remote Root Hash Disclosure Exploit
3563| [14402] Easy FTP Server 1.7.0.11 - CWD Command Remote Buffer Overflow Exploit (Post Auth)
3564| [14400] Easy FTP Server 1.7.0.11 - LIST Command Remote Buffer Overflow Exploit (Post Auth)
3565| [14399] Easy FTP Server 1.7.0.11 - MKD Command Remote Buffer Overflow Exploit (Post Auth)
3566| [14380] Power/Personal FTP Server RETR Denial of Service
3567| [14287] Sun Java Web Server 7.0 u7 - Exploit with DEP bypass
3568| [14283] ClickGallery Server SQL Injection Vulnerability
3569| [14279] Inout Ad server Ultimate Shell Upload Vulnerabilty
3570| [14266] IrcDelphi Daemon Server Denial of Service
3571| [14254] EvoCam Web Server OSX ROP Remote Exploit (Snow Leopard)
3572| [14236] Sun Java Web Server 7.0 u7 Admin Interface DoS
3573| [14195] SasCam WebCam Server 2.6.5 - ActiveX SEH Overwrite
3574| [14194] Sun Java Web Server 7.0 u7 Remote Exploit
3575| [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
3576| [14012] Weborf HTTP Server Denial of Service Vulnerability
3577| [13958] Sysax Multi Server (SFTP module) Multiple Commands DoS Vulnerabilities
3578| [13932] Open&Compact Ftp Server <= 1.2 Full System Access
3579| [13888] SasCam 2.6.5 - Remote HTTP Server Crash
3580| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
3581| [13735] OS X EvoCam Web Server Buffer Overflow Exploit 3.6.6 and 3.6.7
3582| [13308] linux/x86 shellcode that forks a HTTP Server on port tcp/8800 166 bytes
3583| [12853] Quick 'n Easy FTP Server Lite 3.1
3584| [12815] GoAheaad Webserver Source Code Disclosure Vulnerability
3585| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
3586| [12774] HomeFTP Server r1.10.3 (build 144) Denial of Service Exploit
3587| [12754] Easy Address book Webserver 1.2 CSRF
3588| [12741] Open&Compact Ftp Server 1.2 Universal Pre-Auth Denial of Service
3589| [12740] POC - SEH control (0day) of Webby webserver
3590| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
3591| [12698] "Open&Compact Ftp Server 1.2 ""PORT"" command Remote DoS"
3592| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
3593| [12640] Abyss Web Server X1 - CSRF
3594| [12604] TYPSoft FTP Server 1.10 - RETR Command DoS
3595| [12603] SmallFTPD FTP Server 1.0.3 - DELE Command DoS
3596| [12587] wftpd server 3.30 Multiple Vulnerabilities(0day)
3597| [12582] zervit Web Server 0.4 - Directory Traversals
3598| [12581] zervit Web Server 0.4 - Source Disclosure/Download
3599| [12554] MiniManager For Mangos/Trinity Server DoS Vulnerability
3600| [12531] GeoHttpServer Remote DoS Vulnerability
3601| [12520] OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass
3602| [12480] Acritum Femitter Server 1.03 - Multiple Vulnerabilities
3603| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
3604| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
3605| [12331] MultiThreaded HTTP Server 1.1 - Directory Traversal
3606| [12330] Apache OFBiz - Multiple XSS
3607| [12312] EasyFTP Server <= 1.7.0.2 CWD Buffer Overflow (Metasploit)
3608| [12309] Mongoose Web Server 2.8 - Multiple Directory Traversal Exploits
3609| [12308] MultiThreaded HTTP Server 1.1 - Source Disclosure
3610| [12304] MultiThreaded HTTP Server 1.1 - Directory Traversal
3611| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
3612| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
3613| [12201] MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer PoC
3614| [12131] Tembria Server Monitor 5.6.0 - Denial of Service
3615| [12119] WINDOWS FTP SERVER by DWG (Auth Bypass)
3616| [12114] miniature java web server <= 1.71 - Multiple Vulnerabilities
3617| [12044] Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication BoF Exploit
3618| [12033] Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting
3619| [11973] CompleteFTP Server Directory Traversal
3620| [11878] Cisco TFTP Server 1.1 DoS
3621| [11877] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack BOF
3622| [11857] MX Simulator Server Remote Buffer Overflow PoC
3623| [11856] uhttp Server Path Traversal Vulnerability
3624| [11855] Jinais IRC Server 0.1.8 - NULL Pointer PoC
3625| [11820] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack BOF
3626| [11810] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Crash SEH (PoC)
3627| [11809] eDisplay Personal FTP server 1.0.0 Pre-Authentication DoS (PoC)
3628| [11765] ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal Vulnerability
3629| [11736] Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC
3630| [11668] Easy FTP Server 1.7.0.2 - CWD Remote BoF (MSF Module)
3631| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
3632| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
3633| [11569] Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities
3634| [11556] iPhone FTP Server By Zhang Boyang Remote DoS Exploit
3635| [11546] iPhone - FTP Server (WiFi FTP) by SavySoda DoS/PoC
3636| [11539] Easy FTP Server 1.7.0.2 - CWD Remote BoF
3637| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
3638| [11500] Easy~Ftp Server 1.7.0.2 - (HTTP) Remote BoF Exploit
3639| [11470] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (PoC)
3640| [11469] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (SEH) (PoC)
3641| [11468] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF
3642| [11403] Cisco Collaboration Server 5 XSS, Source Code Disclosure
3643| [11328] UplusFtp Server 1.7.0.12 - Remote Buffer Overflow
3644| [11273] iOS Serversman 3.1.5 - HTTP Remote DoS Exploit
3645| [11254] P2GChinchilla HTTP Server 1.1.1 - Denial of Service Exploit
3646| [11222] Joomla Component com_gameserver SQL Injection Vulnerability
3647| [11215] SHOUTcast Server <= 1.9.8/win32 - CSRF Vulnerability
3648| [11210] EFS Easy Chat server Universal BOF-SEH (Meta)
3649| [11179] Exploit EFS Software Easy Chat Server 2.2
3650| [11131] TurboFTP Server 1.00.712 Remote DoS
3651| [10973] BigAnt Server 2.52 - Remote Buffer Overflow Exploit 2
3652| [10821] WingFTP Server 3.2.4 - CSRF Vulnerability
3653| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
3654| [10772] AspBB - Active Server Page Bulletin Board DB Download Vulnerability
3655| [10765] BigAnt Server 2.52 SEH (0day)
3656| [10542] TFTP SERVER Buffer Overflow remote exploit
3657| [10434] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
3658| [10432] zabbix server Multiple Vulnerabilities
3659| [10349] CoreHTTP web server off-by-one buffer overflow vulnerability
3660| [10331] iWeb HTTP Server Directory Transversal Vulnerability
3661| [10303] Core FTP Server 1.0 Build 319 Denial of Service
3662| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
3663| [10258] Golden FTP Server 4.30 File Deletion Vulnerability
3664| [10257] XM Easy Professional FTP Server 5.8.0 - Denial of Service
3665| [10221] XM Easy Personal FTP Server 5.8.0 - Remote DoS Vulnerability
3666| [10171] Baby Web Server 2.7.2 Vulnerbility found Denial of Service(0day)
3667| [10162] Home FTP Server 'MKD' Command Directory Traversal Vulnerability
3668| [10104] XM Easy Personal FTP Server 'APPE' and 'DELE' Command DoS
3669| [10056] Ada Image Server <= 0.6.7 imgsrv.exe Buffer Overflow
3670| [10047] Femitter HTTP Server 1.03 Remote Source Disclosure
3671| [10031] Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
3672| [10012] html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
3673| [10005] Windows 7 / Server 2008R2 Remote Kernel Crash
3674| [10004] Dopewars 1.5.12 Server Denial of Service
3675| [9999] Cerberus FTP server 3.0.6 Pre-Auth DoS
3676| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
3677| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
3678| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
3679| [9978] TwonkyMedia Server <= 4.4.17 & <= 5.0.65 - XSS
3680| [9937] RealServer 7-9 Describe Buffer Overflow
3681| [9934] Wyse Rapport Hagent Fake Hserver Command Execution
3682| [9931] AppleFileServer 10.3.3 LoginEXT PathName Overflow (OS X)
3683| [9928] WebSTAR FTP Server <= 5.3.2 USER Overflow (OS X)
3684| [9907] The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability
3685| [9897] Mongoose Web Server 2.8.0 Source Disclosure
3686| [9879] EMC RepliStor Server 6.3.1.3 DoS
3687| [9874] Cherokee web server 0.5.4 DoS
3688| [9852] Home FTP Server 1.10.1.139 'SITE INDEX' Command Remote Denial of Service
3689| [9813] Mereo Web Server 1.8 - Remote Source Code Disclosure
3690| [9811] Core FTP Server 1.0 build 304 DoS
3691| [9804] XM Easy Personal FTP Server <= 5.8.0 DoS
3692| [9734] BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
3693| [9718] Xerver HTTP Server 4.32 - XSS / Directory Traversal Vulnerability
3694| [9717] Xerver HTTP Server <= 4.32 - Remote Denial of Service
3695| [9695] BigAnt Server 2.50 SP1 (ZIP File) Local Buffer Overflow PoC
3696| [9694] NaviCOPA Web Server 3.01 Remote Source Code Disclosure Vulnerability
3697| [9690] BigAnt Server 2.50 GET Request Remote BOF Exploit (SEH) Universal
3698| [9673] BigAnt Server 2.50 GET Request Remote BOF Exploit (SEH) 0day
3699| [9667] Cerberus FTP Server 3.0.3 - Remote Denial of Service Exploit
3700| [9664] FtpXQ FTP Server 3.0 - Remote Denial of Service Exploit (auth)
3701| [9662] IPSwitch IMAP Server <= 9.20 Remote Buffer Overflow Exploit
3702| [9660] Techlogica HTTP Server 1.03 Arbitrary File Disclosure Exploit
3703| [9657] httpdx Web Server 1.4 (Host Header) Remote Format String DoS Exploit
3704| [9652] Oracle Secure Backup Server 10.3.0.1.0 Auth Bypass/RCI Exploit
3705| [9650] Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2
3706| [9649] Xerver HTTP Server 4.32 Arbitrary Source Code Disclosure Vuln
3707| [9644] Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit
3708| [9643] kolibri+ webserver 2 - Directory Traversal vulnerability
3709| [9638] Kolibri+ Webserver 2 Remote Source Code Disclosure Vulnerability
3710| [9621] Kolibri+ Webserver 2 (Get Request) Denial of Service Vulnerability
3711| [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service
3712| [9571] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability
3713| [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4)
3714| [9547] SolarWinds TFTP Server <= 9.2.0.111 - Remote DoS Exploit
3715| [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)
3716| [9500] NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit
3717| [9478] HTTP SERVER (httpsv) 1.6.2 (GET 404) Remote Denial of Service Exploit
3718| [9468] ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote BOF Exploit
3719| [9271] Inout Adserver (id) Remote SQL injection Vulnerability
3720| [9175] Sguil/PADS Remote Server Crash Vulnerability
3721| [9096] Sun One WebServer 6.1 JSP Source Viewing Vulnerability
3722| [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln
3723| [9031] Bopup Communications Server (3.2.26.5460) Remote BOF Exploit (SEH)
3724| [9020] AlumniServer 1.0.1 (resetpwemail) Blind SQL Injection Exploit
3725| [9019] AlumniServer 1.0.1 (Auth Bypass) SQL Injection Vulnerability
3726| [9002] Bopup Communications Server 3.2.26.5460 Remote SYSTEM Exploit
3727| [8991] Multiple HTTP Server Low Bandwidth Denial of Service #2
3728| [8976] Multiple HTTP Server Low Bandwidth Denial of Service (slowloris.pl)
3729| [8916] Free Download Manager 2.5/3.0 (Control Server) Remote BOF Exploit
3730| [8897] httpdx <= 0.8 FTP Server Delete/Get/Create Directories/Files Exploit
3731| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
3732| [8732] httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH)
3733| [8721] Zervit Webserver 0.04 (GET Request) Remote Buffer Overflow PoC
3734| [8716] httpdx <= 0.5b FTP Server (USER) Remote BOF Exploit (SEH)
3735| [8666] zervit webserver 0.4 - Directory Traversal / memory corruption PoC
3736| [8650] TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit
3737| [8606] Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service PoC
3738| [8564] Baby Web Server 2.7.2.0 Arbitrary File Disclosure Exploit
3739| [8561] Quick 'n Easy Web Server 3.3.5 Arbitrary File Disclosure Exploit
3740| [8554] Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit
3741| [8542] Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC
3742| [8525] Dream FTP Server 1.02 (users.dat) Arbitrary File Disclosure Exploit
3743| [8524] Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption
3744| [8522] Zervit HTTP Server <= 0.3 (sockets++ crash) Remote Denial of Service
3745| [8518] Femitter FTP Server 1.03 Arbitrary File Disclosure Exploit
3746| [8511] Xitami Web Server <= 5.0 - Remote Denial of Service Exploit
3747| [8500] Zervit Webserver 0.3 - Remote Denial of Service Exploit
3748| [8463] Zervit Webserver 0.02 Remote Directory Traversal Vulnerability
3749| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
3750| [8447] Zervit Webserver 0.02 Remote Buffer Overflow PoC
3751| [8428] MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)
3752| [8392] Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability
3753| [8368] peterConnects Web Server Traversal Arbitrary File Access Vulnerability
3754| [8333] Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
3755| [8310] Sami HTTP Server 2.x (HEAD) Remote Denial of Service Exploit
3756| [8294] XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit
3757| [8283] Femitter FTP Server 1.x Multiple Vulnerabilities (post auth)
3758| [8273] Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth)
3759| [8256] Sysax Multi Server 4.3 - Remote Arbitrary Delete Files Exploit
3760| [8247] Hannon Hill Cascade Server Command Execution Vulnerability (post auth)
3761| [8245] SW-HTTPD Server 0.x Remote Denial of Service Exploit
3762| [8200] GuildFTPd FTP Server 0.999.14 Remote Delete Files Exploit
3763| [8190] IBM Director <= 5.20.3su2 CIM Server Remote DoS Vulnerability
3764| [8155] Easy File Sharing Web Server 4.8 File Disclosure Vulnerability
3765| [8154] EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
3766| [8149] EFS Easy Chat Server - (CSRF) Change Admin Pass Vulnerability
3767| [8142] EFS Easy Chat Server Authentication Request BOF Exploit (SEH)
3768| [8087] i-dreams GB Server (admin.dat) File Disclosure Vulnerability
3769| [8041] GeoVision Digital Video Surveillance System (geohttpserver) DT Vuln
3770| [7966] navicopa webserver 3.0.1 (bof/sd) Multiple Vulnerabilities
3771| [7852] FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC
3772| [7845] AXIS 70U Network Document Server Privilege Escalation/XSS
3773| [7756] Nofeel FTP Server 3.6 (CWD) Remote Memory Consumption Exploit
3774| [7617] SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit
3775| [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit
3776| [7452] ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit
3777| [7355] NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln
3778| [7352] Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulns
3779| [7348] merlix educate servert (bypass/dd) Multiple Vulnerabilities
3780| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
3781| [7148] Ultrastats 0.2.144/0.3.11 (index.php serverid) SQL Injection Vulnerability
3782| [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)
3783| [7104] MS Windows Server Service Code Execution Exploit (MS08-067)
3784| [7075] Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities
3785| [7012] hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities
3786| [6926] FTP Now 2.6 Server Response Remote Crash PoC
3787| [6877] Pro Traffic One (poll_results.php id) Remote SQL Injection Vulnerability
3788| [6874] Harlandscripts Pro Traffic One (mypage.php) SQL Injection Vulnerability
3789| [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)
3790| [6838] PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (meta)
3791| [6824] MS Windows Server Service Code Execution PoC (MS08-067)
3792| [6753] Titan FTP server 6.26 build 630 Remote Denial of Service Exploit
3793| [6752] Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC
3794| [6741] XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service Exploit
3795| [6719] NoticeWare E-mail Server 5.1.2.2 (POP3) Pre-Auth DoS Exploit
3796| [6581] WinFTP Server 2.3.0 (NLST) Denial of Service Exploit
3797| [6559] Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities
3798| [6481] Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
3799| [6458] The Personal FTP Server 6.0f RETR Denial of Service Exploit
3800| [6387] CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta)
3801| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
3802| [6155] Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)
3803| [6151] velocity web-server 1.0 - Directory Traversal file download vulnerability
3804| [6118] IntelliTamper 2.07 (server header) Remote Code Execution Exploit
3805| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
3806| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
3807| [6077] WinRemotePC Full+Lite 2008 r.2server Denial of Service Exploit
3808| [6012] CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit
3809| [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit
3810| [5451] BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
3811| [5438] XM Easy Personal FTP Server 5.4.0 (XCWD) Denial of Service Exploit
3812| [5427] Borland InterBase 2007 - ibserver.exe Buffer Overflow PoC
3813| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
3814| [5354] Xitami Web Server 2.5c2 - LRWP Processing Format String PoC
3815| [5341] Noticeware Email Server 4.6.1.0 - Denial of Service Exploit
3816| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
3817| [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day)
3818| [5270] Home FTP Server 1.4.5 - Remote Denial of Service Exploit
3819| [5248] MDaemon IMAP server 9.6.4 (FETCH) Remote Buffer Overflow Exploit
3820| [5228] acronis pxe server 2.0.0.1076 - Directory Traversal / null pointer vulns
3821| [5210] Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) DoS Exploit
3822| [5184] MyServer 0.8.11 (204 No Content) error Remote Denial of Service Exploit
3823| [5152] X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
3824| [5151] Apple iPhoto 4.0.3 DPAP Server Denial of Service Exploit
3825| [5150] Thecus N5200Pro NAS Server Control Panel RFI Vulnerability
3826| [5106] Citrix Presentation Server Client WFICA.OCX ActiveX - Heap BOF Exploit
3827| [5044] IpSwitch WS_FTP Server with SSH 6.1.0.0 - Remote Buffer Overflow PoC
3828| [5036] Titan FTP Server 6.03 (USER/PASS) Remote Heap Overflow PoC
3829| [4878] McAfee E-Business Server Remote pre-auth Code Execution / DoS PoC
3830| [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution
3831| [4856] Half-Life CSTRIKE Server 1.6 - Denial of Service Exploit (no-steam)
3832| [4744] rooter VDSL Device (Goahead WEBSERVER) Disclosure Vulnerability
3833| [4734] Anon Proxy Server 0.1000 Remote Command Execution Vulnerability
3834| [4699] firefly media server (mt-daapd) 2.4.1 / svn 1699 - Multiple Vulnerabilities
3835| [4600] Firefly Media Server <= 0.2.4 - Remote Denial of Service Exploit
3836| [4574] IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command Exploit
3837| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
3838| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
3839| [4541] Half-Life Server 3.1.1.0 - Remote Buffer Overflow Exploit
3840| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
3841| [4514] Eggdrop Server Module Message Handling Remote BoF Exploit
3842| [4450] Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day)
3843| [4438] IPSwitch IMail Server 8.0x Remote Heap Overflow Exploit
3844| [4430] Streamline PHP Media Server 1.0-beta4 RFI Vulnerability
3845| [4403] JetCast Server 2.0.0.4308 Remote Denial of Service Exploit
3846| [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit
3847| [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF
3848| [4367] Trend Micro ServerProtect eng50.dll - Remote Stack Overflow Exploit
3849| [4362] Web Oddity Web Server 0.09b Directory Transversal Exploit
3850| [4344] Hexamail Server 3.0.0.001 (pop3) pre-auth Remote Overflow PoC
3851| [4328] Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF
3852| [4315] SIDVault LDAP Server Preauth Remote Buffer Overflow Exploit
3853| [4289] Easy Chat Server 2.2 - Remote Denial of Service Exploit
3854| [4234] mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Code Execution
3855| [4228] IPSwitch IMail Server 2006 9.10 SUBSCRIBE Remote Overflow Exploit
3856| [4223] IPSwitch IMail Server 2006 SEARCH Remote Stack Overflow Exploit
3857| [4219] Confixx Pro <= 3.3.1 - (saveserver.php) Remote File Inclusion Vulnerability
3858| [4216] Xserver 0.1 Alpha Post Request Remote Buffer Overflow Exploit
3859| [4207] Lotus Domino IMAP4 Server 6.5.4 - Remote Buffer Overflow Exploit
3860| [4187] Traffic Stats (referralUrl.php offset) Remote SQL Injection Vulnerbility
3861| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
3862| [4100] phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability
3863| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
3864| [4075] YourFreeScreamer 1.0 (serverPath) Remote File Inclusion Vulnerability
3865| [4046] MiniWeb Http Server 0.8.x Remote Denial of Service Exploit
3866| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
3867| [3815] Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield)
3868| [3715] Sami HTTP Server 2.0.1 POST Request Denial of Service Exploit
3869| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
3870| [3675] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit (2)
3871| [3674] Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit
3872| [3649] Ipswitch WS_FTP 5.05 Server Manager Local Site Buffer Overflow Exploit
3873| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
3874| [3622] WinMail Server 4.4 build 1124 (WebMail) Remote Add Super User Exploit
3875| [3616] IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit
3876| [3602] IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit
3877| [3589] NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)
3878| [3579] Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (Win2K SP4)
3879| [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit
3880| [3541] FutureSoft TFTP Server 2000 Remote SEH Overwrite Exploit
3881| [3531] Helix Server 11.0.1 - Remote Heap Overflow Exploit (win2k SP4)
3882| [3461] TFTP Server 1.3 - Remote Buffer Overflow Denial of Service Exploit
3883| [3444] MS Internet Explorer (FTP Server Response) DoS Exploit (MS07-016)
3884| [3432] TFTPDWIN Server 0.4.2 (UDP) Denial of Service Exploit
3885| [3418] Mercury/32 Mail Server <= 4.01b (check) Buffer Overflow Exploit PoC
3886| [3385] XM Easy Personal FTP Server 5.30 (ABOR) Format String DoS Exploit
3887| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
3888| [3329] Axigen eMail Server 2.0.0b2 (pop3) Remote Format String Exploit
3889| [3291] SAP Web Application Server 6.40 Arbitrary File Disclosure Exploit
3890| [3248] CA BrightStor ARCserve 11.5.2.0 (catirpc.dll) RPC Server DoS Exploit
3891| [3244] CA BrightStor ARCserve (lgserver.exe) Remote Stack Overflow Exploit
3892| [3209] Xt-Stats 2.4.0.b3 (server_base_dir) - Remote File Include (RFI) Vulnerability
3893| [3204] Citrix Metaframe Presentation Server Print Provider Buffer Overflow PoC
3894| [3182] Sami HTTP Server 2.0.1 (HTTP 404 - Object not found) DoS Exploit
3895| [3140] Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow Exploit
3896| [3138] Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
3897| [3127] Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow PoC
3898| [3126] WFTPD Pro Server <= 3.25 SITE ADMN Remote Denial of Service Exploit
3899| [3113] Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability
3900| [3107] FileCOPA FTP Server <= 1.01 (LIST) Remote BoF Exploit (meta)
3901| [3093] AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities
3902| [3092] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit meta
3903| [3063] Formbankserver 1.9 (Name) Directory Transversal Vulnerability
3904| [3056] Formbankserver 1.9 (Name) Remote Denial of Service Exploit
3905| [3038] Durian Web Application Server 3.02 Denial of Service Exploit
3906| [3037] Durian Web Application Server 3.02 Remote Buffer Overflow Exploit
3907| [3034] AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit
3908| [2985] acFTP FTP Server 1.5 (REST/PBSZ) Remote Denial of Service Exploit
3909| [2978] XM Easy Personal FTP Server 5.2.1 (USER) Format String DoS Exploit
3910| [2974] Http explorer Web Server 1.02 Directory Transversal Vulnerability
3911| [2972] DREAM FTP Server 1.0.2 (PORT) Remote Denial of Service Exploit
3912| [2961] Hewlett-Packard FTP Print Server <= 2.4.5 - Buffer Overflow (PoC)
3913| [2952] WinFtp Server 2.0.2 (PASV) Remote Denial of Service Exploit
3914| [2942] Star FTP Server 1.10 (RETR) Remote Denial of Service Exploit
3915| [2934] Sambar FTP Server 6.4 (SIZE) Remote Denial of Service Exploit
3916| [2926] Crob FTP Server 3.6.1 build 263 (LIST/NLST) Denial of Service Exploit
3917| [2916] Golden FTP server 1.92 (USER/PASS) Heap Overflow PoC
3918| [2914] Filezilla FTP Server <= 0.9.21 (LIST/NLST) Denial of Service Exploit
3919| [2901] Filezilla FTP Server 0.9.20b/0.9.21 (STOR) Denial of Service Exploit
3920| [2878] ContentServ 4.x - (admin/FileServer.php) File Disclosure Vulnerability
3921| [2734] WFTPD Pro Server 3.23.1.1 (APPE) Remote Buffer Overflow PoC
3922| [2729] Omni-NFS Server 5.2 (nfsd.exe) Remote Stack Overflow Exploit (meta)
3923| [2716] Essentia Web Server 2.15 (GET Request) Remote DoS Exploit
3924| [2715] XM Easy Personal FTP Server <= 5.2.1 - Remote Denial of Service Exploit
3925| [2699] EFS Easy Address Book Web Server <= 1.2 - Remote File Stream Exploit
3926| [2690] Easy File Sharing Web Server 4 Remote Information Stealer Exploit
3927| [2671] Novell eDirectory 8.8 NDS Server Remote Stack Overflow Exploit
3928| [2651] MiniHttpServer Web Forum & File Sharing Server 4.0 Add User Exploit
3929| [2650] RevilloC MailServer 1.x (RCPT TO) Remote Denial of Service Exploit
3930| [2601] Ipswitch IMail Server 2006 / 8.x (RCPT) Remote Stack Overflow Exploit
3931| [2445] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit
3932| [2405] AllMyGuests <= 0.4.1 (cfg_serverpath) Remote File Include Vulnerability
3933| [2367] Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability
3934| [2345] Mercur Mailserver 5.0 SP3 (IMAP) Remote Buffer Overflow Exploit (2)
3935| [2318] Web Server Creator 0.1 - (l) Remote Include Vulnerability
3936| [2258] MDaemon POP3 Server < 9.06 (USER) Remote Heap Overflow Exploit
3937| [2245] MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC
3938| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
3939| [2234] Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (PoC)
3940| [2079] eIQnetworks ESA (Syslog Server) Remote Buffer Overflow Exploit
3941| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
3942| [2047] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit
3943| [1976] Quake 3 Engine Client CG_ServerCommand() Remote Overflow Exploit
3944| [1949] XM Easy Personal FTP Server 5.0.1 (Port) Remote Overflow PoC
3945| [1924] Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure
3946| [1860] Bytehoard 2.1 (server.php) Remote File Include Vulnerability
3947| [1820] netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit
3948| [1767] ActualAnalyzer Server <= 8.23 (rf) Remote File Include Vulnerability
3949| [1757] acFTP FTP Server <= 1.4 (USER) Remote Denial of Service Exploit
3950| [1754] FileCOPA FTP Server <= 1.01 (USER) Remote Pre-Auth DoS
3951| [1749] acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC
3952| [1748] XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC
3953| [1743] Golden FTP Server Pro 2.70 (APPE) Remote Buffer Overflow PoC
3954| [1739] Darwin Streaming Server <= 4.1.2 (parse_xml.cgi) Code Execution Exploit
3955| [1721] BL4 SMTP Server < 0.1.5 - Remote Buffer Overflow PoC
3956| [1681] Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
3957| [1680] Symantec Sygate Management Server (login) SQL Injection Exploit
3958| [1679] Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit
3959| [1652] ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection Exploit
3960| [1593] Mercur Mailserver 5.0 SP3 (IMAP) Denial of Service Exploit
3961| [1592] Mercur Mailserver 5.0 SP3 (IMAP) Remote Buffer Overflow Exploit
3962| [1582] crossfire-server <= 1.9.0 SetUp() Remote Buffer Overflow Exploit
3963| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
3964| [1565] RevilloC MailServer 1.21 (USER) Remote Buffer Overflow Exploit PoC
3965| [1558] LieroX <= 0.62b Remote Server/Client Denial of Service Exploit
3966| [1552] XM Easy Personal FTP Server 1.0 (Port) Remote Overflow PoC
3967| [1531] ArGoSoft FTP Server <= 1.4.3.5 - Remote Buffer Overflow PoC
3968| [1483] Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit
3969| [1463] SoftiaCom WMailserver 1.0 SMTP Remote Buffer Overflow Exploit (meta)
3970| [1462] Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (cpp)
3971| [1455] Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit
3972| [1452] Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (meta)
3973| [1448] Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow PoC
3974| [1422] Cerberus FTP Server <= 2.32 Denial of Service Exploit
3975| [1402] SCO Openserver 5.0.7 (termsh) Local Privilege Escalation Exploit
3976| [1381] Golden FTP Server <= 1.92 (APPE) Remote Overflow Exploit (meta)
3977| [1375] Mercury Mail Transport System 4.01b Remote Exploit (PH SERVER)
3978| [1373] Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit
3979| [1371] Macromedia Flash Media Server 2 Remote Denial of Service Exploit
3980| [1336] FileZilla Server Terminal 0.9.4d Buffer Overflow PoC
3981| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
3982| [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC)
3983| [1282] Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service Exploit
3984| [1259] HP-UX FTP Server Preauthentication Directory Listing Exploit (meta)
3985| [1252] MuOnline Loopholes Web Server (pkok.asp) SQL Injection Exploit
3986| [1251] TYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability
3987| [1235] MultiTheftAuto 0.5 patch 1 Server Crash and MOTD Deletion Exploit
3988| [1220] Fastream NETFile Web Server <= 7.1.2 (HEAD) DoS Exploit
3989| [1196] CUPS Server <= 1.1 (Get Request) Denial of Service Exploit
3990| [1193] Free SMTP Server <= 2.2 Spam Filter Vulnerability
3991| [1184] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
3992| [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit
3993| [1166] Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) BoF Exploit
3994| [1165] Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) BoF Exploit
3995| [1163] IA eMailServer Corporate Edition Version <= 5.2.2 - DoS Exploit
3996| [1162] GoodTech SMTP Server <= 5.14 Denial of Service Exploit
3997| [1160] Golden FTP Server Pro <= 2.52 (USER) Remote Buffer Overflow Exploit
3998| [1159] Mercury/32 Mail Server <= 4.01a (check) Buffer Overflow Exploit
3999| [1158] WS_FTP Server <= 5.03 (RNFR) Buffer Overflow Exploit
4000| [1150] ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
4001| [1129] Quick 'n EasY <= 3.0 FTP Server Remote Denial of Service Exploit
4002| [1127] ProRat Server <= 1.9 (Fix-2) Buffer Overflow Crash Exploit
4003| [1126] BusinessMail Server <= 4.60.00 Remote Denial of Service Exploit
4004| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
4005| [1121] FTPshell Server <= 3.38 Remote Denial of Service Exploit
4006| [1108] Small HTTP Server <= 3.05.28 Arbitrary Data Execution Exploit
4007| [1107] Remote Control Server 1.6.2 - Denial of Service Exploit
4008| [1101] wMailServer 1.0 - Remote Denial of Service Exploit
4009| [1099] Baby Web Server <= 2.6.2 Command Validation Exploit
4010| [1094] AnalogX SimpleServer:WWW <= 1.05 Denial of Service Exploit
4011| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
4012| [1047] ViRobot Advanced Server 2.0 (addschup) Remote Cookie Exploit
4013| [1035] IPSwitch IMAP Server LOGON Remote Stack Overflow
4014| [1028] Crob FTP Server <= 3.6.1 - Remote Stack Overflow Exploit
4015| [1027] FutureSoft TFTP Server 2000 Remote Denial of Service Exploit
4016| [981] dSMTP Mail Server 3.1b Linux Remote Root Format String Exploit
4017| [978] Ashley's Web Server Denial of Service Exploit
4018| [975] GlobalScape Secure FTP Server 3.0 - Buffer Overflow Exploit
4019| [971] BulletProof FTP Server 2.4.0.31 Local Privilege Escalation Exploit
4020| [969] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (3rd)
4021| [968] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (2nd)
4022| [967] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit
4023| [949] PMsoftware Simple Web Server 1.0 - Remote Stack Overflow Exploit
4024| [947] MS Exchange Server Remote Code Execution Exploit (MS05-021)
4025| [945] PMSoftware Simple Web Server (GET Request) Remote BoF Exploit
4026| [932] Oracle Database Server <= 10.1.0.2 - Buffer Overflow Exploit
4027| [908] ArGoSoft FTP Server <= 1.4.2.8 - Denial of Service Exploit
4028| [899] SPECTral Personal SMTP Server <= 0.4.2 - Denial of Service Exploit
4029| [893] Ocean FTP Server 1.00 Denial of Service Exploit
4030| [891] MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit
4031| [883] GoodTech Telnet Server < 5.0.7 - Remote BoF Exploit (updated)
4032| [882] GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash Exploit
4033| [880] Freeciv Server <= 2.0.0beta8 Denial of Service Exploit
4034| [859] CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
4035| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
4036| [849] Scrapland <= 1.0 Server Termination Denial of Service Exploit
4037| [847] BadBlue 2.55 Web Server Remote Buffer Overflow
4038| [841] "Soldier of Fortune 2 <= 1.03 ""cl_guid"" - Server Crash"
4039| [828] Knox Arkeia Server Backup 5.3.x Remote Root Exploit
4040| [826] Medal of Honor Spearhead Server Remote Buffer Overflow (Linux)
4041| [825] 3Com Ftp Server 2.0 - Remote Overflow Exploit
4042| [819] Savant Web Server 3.1 - Remote BoF (French Win OS support)
4043| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
4044| [810] Armagetron Advanced <= 0.2.7.0 Server Crash Exploit
4045| [799] Mac OS X AppleFileServer Remote Denial of Service Exploit
4046| [794] 3CServer 1.1 FTP Server Remote Exploit
4047| [787] Savant Web Server 3.1 - Remote Buffer OverflowExploit (win2003)
4048| [781] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
4049| [780] Xpand Rally <= 1.0.0.0 (Server/Clients) Crash Exploit
4050| [767] Golden FTP Server <= 2.02b Remote Buffer Overflow Exploit
4051| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
4052| [693] Ability Server <= 2.34 Remote APPE Buffer Overflow Exploit
4053| [667] Jana Server <= 2.4.4 (http/pna) Denial of Service Exploit
4054| [664] WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
4055| [658] MailEnable Mail Server IMAP <= 1.52 Remote Buffer Overflow Exploit
4056| [653] Soldier of Fortune II <= 1.3 Server/Client Denial of Service Exploit
4057| [644] DMS POP3 Server 1.5.3 build 37 - Buffer Overflow Exploit
4058| [628] NetNote Server <= 2.2 build 230 - Crafted String DoS Exploit
4059| [625] WinFTP Server 1.6 - Denial of Service Exploit
4060| [618] Ability Server 2.34 FTP STOR Buffer Overflow Exploit (Unix Exploit)
4061| [611] chesapeake tftp server 1.0 - Directory Traversal and DoS PoC exploit
4062| [602] SCO Openserver 5.0.7 (MMDF deliver) Local Root Exploit
4063| [594] BaSoMail Server 1.24 POP3/SMTP Remote Denial of Service Exploit
4064| [593] Quick 'n EasY VER 2.4 Ftp Server remote D.o.S
4065| [592] Ability Server <= 2.34 (APPE) Remote Buffer Overflow Exploit
4066| [588] Ability Server 2.34 FTP STOR Buffer Overflow
4067| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
4068| [583] SLX Server 6.1 Arbitrary File Creation Exploit (PoC)
4069| [551] MyServer 0.7.1 (POST) Denial of Service Exploit
4070| [471] Emulive Server4 7560 Remote Denial of Service Exploit
4071| [468] Pigeon Server <= 3.02.0143 Denial of Service Exploit
4072| [466] htpasswd Apache 1.3.31 - Local Exploit
4073| [439] BlackJumboDog FTP Server 3.6.1 - Remote Buffer Overflow Exploit
4074| [429] Ground Control <= 1.0.0.7 (Server/Client) Denial of Service Exploit
4075| [428] CesarFTP Server Long Command Denial of Service Exploit
4076| [427] WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit
4077| [426] TiTan FTP Server Long Command Heap Overflow PoC Exploit
4078| [423] Easy File Sharing Webserver 1.25 Denial of Service Exploit
4079| [419] BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit
4080| [401] IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility
4081| [391] Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit
4082| [382] Melange Chat Server 1.10 Remote Buffer Overflow Exploit
4083| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
4084| [362] Xitami Web Server Denial of Service Exploit
4085| [361] Flash FTP Server Directory Traversal
4086| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
4087| [358] Lexmark Multiple HTTP Servers Denial of Service Vulnerability
4088| [356] OverByte ICS FTP Server Remote Denial of Service Exploit
4089| [288] Progress Database Server 8.3b (prodb) Local Root Exploit
4090| [263] Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit
4091| [261] SCO OpenServer 5.0.5 Env Local Stack Overflow Exploit
4092| [228] Oops! 1.4.6 (one russi4n proxy-server) Heap Buffer Overflow Exploit
4093| [165] WS_FTP Server <= 4.0.2 ALLO Remote Buffer Overflow Exploit
4094| [161] Red Faction <= 1.20 Server Reply Remote Buffer Overflow Exploit
4095| [159] WFTPD Server <= 3.21 Remote Buffer Overflow Exploit
4096| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
4097| [127] Opera 7.22 - File Creation and Execution Exploit (Webserver)
4098| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
4099| [121] MS Frontpage Server Extensions fp30reg.dll Exploit (MS03-051)
4100| [116] NIPrint LPD-LPR Print Server <= 4.10 Remote Exploit
4101| [96] 4D WebSTAR FTP Server Suite Remote Buffer Overflow Exploit
4102| [94] MyServer 0.4.3 DoS
4103| [90] eMule/xMule/LMule OP_SERVERMESSAGE Format String Exploit
4104| [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux)
4105| [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit
4106| [79] DameWare Mini Remote Control Server SYSTEM Exploit
4107| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
4108| [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031)
4109| [46] Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit
4110| [42] Winmail Mail Server 2.3 - Remote Format String Exploit
4111| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
4112| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
4113| [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms)
4114| [17] Xeneo Web Server 2.2.9.0 - Denial of Service Exploit
4115| [13] Chindi Server 1.0 - Denial of Service Exploit
4116| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
4117|
4118| OpenVAS (Nessus) - http://www.openvas.org:
4119| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
4120| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4121| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4122| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
4123| [835253] HP-UX Update for Apache Web Server HPSBUX02645
4124| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
4125| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
4126| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
4127| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
4128| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
4129| [802704] Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability
4130| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4131| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4132| [103122] Apache Web Server ETag Header Information Disclosure Weakness
4133| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4134| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4135| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4136| [71291] FreeBSD Ports: trafficserver
4137| [10678] Apache /server-info accessible
4138| [10677] Apache /server-status accessible
4139|
4140| SecurityTracker - https://www.securitytracker.com:
4141| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
4142| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
4143| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
4144| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
4145| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
4146| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
4147| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
4148| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
4149| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
4150| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
4151| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
4152| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
4153| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
4154| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
4155| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
4156| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
4157| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
4158| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
4159| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
4160| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
4161| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
4162| [1006755] Inktomi Traffic Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains
4163| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
4164| [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic
4165| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
4166| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
4167| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
4168| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
4169| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
4170| [1005472] IBM Web Traffic Express Caching Proxy Server Allows Cross-Site Scripting Attacks
4171| [1005471] IBM Web Traffic Express Caching Proxy Server Can Be Crashed By Remote Users
4172| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
4173| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
4174| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
4175| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
4176| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
4177| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
4178| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
4179| [1004691] Inktomi Traffic Edge Caching Server Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges
4180| [1004690] Inktomi Traffic Server Network Cache Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges
4181| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
4182| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
4183| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
4184| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
4185| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
4186| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
4187| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
4188| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
4189| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
4190| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
4191| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
4192| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
4193| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
4194| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
4195| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
4196| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
4197| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
4198| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
4199| [1001492] A1-Stats Web Server Traffic Monitoring Statistics Package Lets Remote Users View Files Anywhere on the Server and Overwrite the Contents of Some Existing Files
4200| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
4201| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
4202|
4203| OSVDB - http://www.osvdb.org:
4204| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
4205| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
4206| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
4207| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
4208| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
4209| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
4210| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
4211| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
4212| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
4213| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
4214| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
4215| [91082] IBM WebSphere Application Server (WAS) Plug-in WebSphere App Traffic IHS DoS
4216| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
4217| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
4218| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
4219| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
4220| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
4221| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
4222| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
4223| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
4224| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
4225| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
4226| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
4227| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
4228| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
4229| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
4230| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
4231| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
4232| [79879] NetDecision Traffic Grapher Server Web Request Parsing Traversal Arbitrary File Access
4233| [79652] NetDecision Traffic Grapher Server Web Request GET Header Parsing NetDecision Script File Source Code Disclosure
4234| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
4235| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
4236| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
4237| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
4238| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
4239| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
4240| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
4241| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
4242| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
4243| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
4244| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
4245| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
4246| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
4247| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
4248| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
4249| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
4250| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
4251| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
4252| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
4253| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
4254| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
4255| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
4256| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
4257| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
4258| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
4259| [63895] Apache HTTP Server mod_headers Unspecified Issue
4260| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
4261| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
4262| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
4263| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
4264| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
4265| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
4266| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
4267| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
4268| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
4269| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
4270| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
4271| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
4272| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
4273| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
4274| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
4275| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
4276| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
4277| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
4278| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
4279| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
4280| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
4281| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
4282| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
4283| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
4284| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
4285| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
4286| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
4287| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
4288| [52598] IBM WebSphere Application Server (WAS) Unspecified SSL Traffic Routing Weakness
4289| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
4290| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
4291| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
4292| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
4293| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
4294| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
4295| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
4296| [45688] Cisco Cisco Service Control Engine (SCE) SSH Server Management Interface Traffic Remote DoS
4297| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
4298| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
4299| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
4300| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
4301| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
4302| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
4303| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
4304| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
4305| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
4306| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
4307| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
4308| [40522] Alcatel-Lucent OmniPCX Enterprise Communications Server IP Fixation Remote VoIP Traffic Disclosure
4309| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
4310| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
4311| [40262] Apache HTTP Server mod_status refresh XSS
4312| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
4313| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
4314| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
4315| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
4316| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
4317| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
4318| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
4319| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
4320| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
4321| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
4322| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
4323| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
4324| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
4325| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
4326| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
4327| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
4328| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
4329| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
4330| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
4331| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
4332| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
4333| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
4334| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
4335| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
4336| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
4337| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
4338| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
4339| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
4340| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
4341| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
4342| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
4343| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
4344| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
4345| [20285] Apache HTTP Server Log File Control Character Injection
4346| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
4347| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
4348| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
4349| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
4350| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
4351| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
4352| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
4353| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
4354| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
4355| [18233] Apache HTTP Server htdigest user Variable Overfow
4356| [17738] Apache HTTP Server HTTP Request Smuggling
4357| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
4358| [16586] Apache HTTP Server Win32 GET Overflow DoS
4359| [16014] IBM Web Traffic Express Caching Proxy Server HTTP GET Request XSS
4360| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
4361| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
4362| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
4363| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
4364| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
4365| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
4366| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
4367| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
4368| [12848] Apache HTTP Server htdigest realm Variable Overflow
4369| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
4370| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
4371| [12557] Apache HTTP Server prefork MPM accept Error DoS
4372| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
4373| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
4374| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
4375| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
4376| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
4377| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
4378| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
4379| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
4380| [10068] Apache HTTP Server htpasswd Local Overflow
4381| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
4382| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
4383| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
4384| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
4385| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
4386| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
4387| [9717] Apache HTTP Server mod_cookies Cookie Overflow
4388| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
4389| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
4390| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
4391| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
4392| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
4393| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
4394| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
4395| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
4396| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
4397| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
4398| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
4399| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
4400| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
4401| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
4402| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
4403| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
4404| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
4405| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
4406| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
4407| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
4408| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
4409| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
4410| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
4411| [9225] IBM Web Traffic Express Caching Proxy Server Location: Header XSS
4412| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
4413| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
4414| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
4415| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
4416| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
4417| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
4418| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
4419| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
4420| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
4421| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
4422| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
4423| [7611] Apache HTTP Server mod_alias Local Overflow
4424| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
4425| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
4426| [6795] Inktomi Traffic-Server MiTM XSS
4427| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
4428| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
4429| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
4430| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
4431| [5030] Inktomi Traffic Server traffic_manager Overflow
4432| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
4433| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
4434| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
4435| [4553] Apache HTTP Server ApacheBench Overflow DoS
4436| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
4437| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
4438| [4383] Apache HTTP Server Socket Race Condition DoS
4439| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
4440| [4231] Apache Cocoon Error Page Server Path Disclosure
4441| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
4442| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
4443| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
4444| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
4445| [3322] mod_php for Apache HTTP Server Process Hijack
4446| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
4447| [2733] Apache HTTP Server mod_rewrite Local Overflow
4448| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
4449| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
4450| [2107] Apache HTTP Server mod_ssl Host: Header XSS
4451| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
4452| [1833] Apache HTTP Server Multiple Slash GET Request DoS
4453| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
4454| [862] Apache HTTP Server SSI Error Page XSS
4455| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
4456| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
4457| [838] Apache HTTP Server Chunked Encoding Remote Overflow
4458| [787] Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy
4459| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
4460| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
4461| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
4462| [637] Apache HTTP Server UserDir Directive Username Enumeration
4463| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
4464| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
4465| [562] Apache HTTP Server mod_info /server-info Information Disclosure
4466| [561] Apache Web Servers mod_status /server-status Information Disclosure
4467| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
4468| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
4469| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
4470| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
4471| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
4472| [222] Apache HTTP Server test-cgi Arbitrary File Access
4473| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
4474| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
4475|_
4476139/tcp closed netbios-ssn
4477443/tcp open ssl/http-proxy Apache Traffic Server
4478|_http-server-header: ATS
4479| vulscan: VulDB - https://vuldb.com:
4480| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4481| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4482| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4483| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4484| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4485| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4486| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4487| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4488| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4489| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4490| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4491| [99930] Apache Traffic Server up to 6.2.0 denial of service
4492| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4493| [73593] Apache Traffic Server up to 5.1.0 denial of service
4494| [70701] Apache Traffic Server up to 3.3.5 denial of service
4495| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4496| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4497| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
4498| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
4499| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
4500| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
4501| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4502| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
4503| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
4504| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
4505| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
4506| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
4507| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
4508| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
4509| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
4510| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
4511| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
4512| [136204] Munica Web Server 1.14 Communication HTTP Traffic unknown vulnerability
4513| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
4514| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
4515| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
4516| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
4517| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
4518| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
4519| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
4520| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
4521| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
4522| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
4523| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
4524| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
4525| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
4526| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
4527| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
4528| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
4529| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
4530| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
4531| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4532| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4533| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4534| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4535| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4536| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4537| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4538| [117115] Apache Tika up to 1.17 tika-server command injection
4539| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4540| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4541| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4542| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4543| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4544| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4545| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4546| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4547| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4548| [112857] F5 BIG-IP Virtual Server up to 11.6.2/12.1.3/13.0.0 Traffic Management Microkernel denial of service
4549| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4550| [110985] F5 BIG-IP Virtual Server up to 12.0.x/12.1.2/13.0.0 Traffic Management Microkernel denial of service
4551| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4552| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4553| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4554| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4555| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4556| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4557| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4558| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4559| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4560| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4561| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4562| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4563| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4564| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4565| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4566| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4567| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4568| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4569| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4570| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4571| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4572| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4573| [94540] Apache Tika 1.9 tika-server File information disclosure
4574| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4575| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4576| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4577| [87765] Apache James Server 2.3.2 Command privilege escalation
4578| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4579| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4580| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4581| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4582| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4583| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4584| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4585| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4586| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4587| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4588| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4589| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4590| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4591| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4592| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4593| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4594| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4595| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4596| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4597| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4598| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4599| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4600| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4601| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4602| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4603| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4604| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4605| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4606| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4607| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4608| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4609| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4610| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4611| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4612| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4613| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4614| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4615| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4616| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4617| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4618| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4619| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4620| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4621| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4622| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4623| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4624| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
4625| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
4626| [51757] Apache HTTP Server 2.0.44 cross site scripting
4627| [51756] Apache HTTP Server 2.0.44 spoofing
4628| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
4629| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
4630| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
4631| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
4632| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
4633| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
4634| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
4635| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
4636| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
4637| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
4638| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
4639| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
4640| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
4641| [40221] Apache HTTP Server 2.2.6 information disclosure
4642| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
4643| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
4644| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
4645| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
4646| [34252] Apache HTTP Server denial of service
4647| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
4648|
4649| MITRE CVE - https://cve.mitre.org:
4650| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
4651| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
4652| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
4653| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
4654| [CVE-2013-2961] The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allows remote attackers to perform unspecified redirection of HTTP requests, and bypass the proxy-server configuration, via crafted HTTP traffic.
4655| [CVE-2013-2870] Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request.
4656| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
4657| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
4658| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
4659| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
4660| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
4661| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
4662| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
4663| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
4664| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
4665| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
4666| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
4667| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
4668| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
4669| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
4670| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
4671| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
4672| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4673| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4674| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4675| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
4676| [CVE-2012-5770] The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack.
4677| [CVE-2012-4698] Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS through 1.14.5, ROX II OS through 2.3.0, and RuggedMax OS through 4.2.1.4621.22 use hardcoded private keys for SSL and SSH communication, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic by leveraging the availability of these keys within ROS files at all customer installations.
4678| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
4679| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
4680| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
4681| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
4682| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
4683| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
4684| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4685| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
4686| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
4687| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
4688| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
4689| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
4690| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
4691| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
4692| [CVE-2012-1821] The Network Threat Protection module in the Manager component in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.700x on Windows Server 2003 allows remote attackers to cause a denial of service (web-server outage, or daemon crash or hang) via a flood of packets that triggers automated blocking of network traffic.
4693| [CVE-2012-1466] The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information.
4694| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
4695| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
4696| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
4697| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
4698| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
4699| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
4700| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
4701| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
4702| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
4703| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
4704| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
4705| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
4706| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4707| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
4708| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
4709| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
4710| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
4711| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
4712| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
4713| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
4714| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
4715| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
4716| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
4717| [CVE-2011-1919] Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
4718| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
4719| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
4720| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
4721| [CVE-2011-1499] acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
4722| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4723| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
4724| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
4725| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
4726| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
4727| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
4728| [CVE-2011-0190] Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.
4729| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
4730| [CVE-2010-5144] The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
4731| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
4732| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
4733| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
4734| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
4735| [CVE-2010-2811] Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization (RHEV) 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service (daemon outage) via crafted SSL traffic.
4736| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
4737| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
4738| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
4739| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
4740| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
4741| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
4742| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
4743| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
4744| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
4745| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
4746| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
4747| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
4748| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
4749| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
4750| [CVE-2010-0039] The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
4751| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
4752| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
4753| [CVE-2009-5101] Pentaho BI Server 1.7.0.1062 and earlier includes the session ID (JSESSIONID) in the URL, which allows attackers to obtain it from session history, referer headers, or sniffing of web traffic.
4754| [CVE-2009-5038] Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during a specific time period after an initial reload, which allows remote attackers to cause a denial of service (device reload) via an attempted connection to a certain IRC server, related to a "corrupted magic value," aka Bug ID CSCso05336.
4755| [CVE-2009-4455] The default configuration of Cisco ASA 5500 Series Adaptive Security Appliance (Cisco ASA) 7.0, 7.1, 7.2, 8.0, 8.1, and 8.2 allows portal traffic to access arbitrary backend servers, which might allow remote authenticated users to bypass intended access restrictions and access unauthorized web sites via a crafted URL obfuscated with ROT13 and a certain encoding. NOTE: this issue was originally reported as a vulnerability related to lack of restrictions to URLs listed in the Cisco WebVPN bookmark component, but the vendor states that "The bookmark feature is not a security feature."
4756| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
4757| [CVE-2009-4295] Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic.
4758| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
4759| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
4760| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
4761| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
4762| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
4763| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
4764| [CVE-2009-3000] The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."
4765| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
4766| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
4767| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
4768| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
4769| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
4770| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
4771| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
4772| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
4773| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
4774| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
4775| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
4776| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
4777| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
4778| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
4779| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
4780| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
4781| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
4782| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
4783| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
4784| [CVE-2008-5411] IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
4785| [CVE-2008-4404] The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
4786| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
4787| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
4788| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
4789| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
4790| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
4791| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
4792| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
4793| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
4794| [CVE-2008-1027] Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
4795| [CVE-2008-0536] Unspecified vulnerability in the SSH server in (1) Cisco Service Control Engine (SCE) 3.0.x before 3.0.7 and 3.1.x before 3.1.0, and (2) Icon Labs Iconfidant SSH before 2.3.8, allows remote attackers to cause a denial of service (management interface outage) via SSH traffic that occurs during management operations and triggers "illegal I/O operations," aka Bug ID CSCsh49563.
4796| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
4797| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4798| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
4799| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
4800| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
4801| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
4802| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
4803| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
4804| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
4805| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
4806| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4807| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4808| [CVE-2007-6360] Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.
4809| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
4810| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
4811| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
4812| [CVE-2007-5419] The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
4813| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
4814| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4815| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
4816| [CVE-2007-4473] Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control (OPC) interface, probably related to free operations on arbitrary memory addresses through certain Remove functions, and read and write operations on arbitrary memory addresses through certain Set, Read, and Write functions.
4817| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
4818| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
4819| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
4820| [CVE-2007-3165] Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.
4821| [CVE-2007-2897] Microsoft Internet Information Services (IIS) 6.0 allows remote attackers to cause a denial of service (server instability or device hang), and possibly obtain sensitive information (device communication traffic)
4822| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
4823| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
4824| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
4825| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
4826| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
4827| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4828| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
4829| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
4830| [CVE-2007-1692] The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.
4831| [CVE-2007-1644] The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-the-middle (MITM) attacks on web traffic, conduct pharming attacks by poisoning DNS records, and cause a denial of service (erroneous name resolution).
4832| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
4833| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4834| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
4835| [CVE-2007-0966] Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the HTTPS server is enabled, allows remote attackers to cause a denial of service (device reboot) via certain HTTPS traffic.
4836| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
4837| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
4838| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
4839| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
4840| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4841| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4842| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
4843| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
4844| [CVE-2006-6947] The FTP server in the NEC MultiWriter 1700C allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017.
4845| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4846| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
4847| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4848| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4849| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
4850| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
4851| [CVE-2006-5746] The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates.
4852| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
4853| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
4854| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
4855| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
4856| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
4857| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
4858| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
4859| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
4860| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
4861| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
4862| [CVE-2006-2703] The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack.
4863| [CVE-2006-2462] BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
4864| [CVE-2006-2461] BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic.
4865| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
4866| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
4867| [CVE-2006-0997] The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
4868| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
4869| [CVE-2006-0987] The default configuration of ISC BIND, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
4870| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
4871| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
4872| [CVE-2005-4813] Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.
4873| [CVE-2005-4766] BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.
4874| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
4875| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
4876| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
4877| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
4878| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
4879| [CVE-2004-2762] The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1.
4880| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
4881| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
4882| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
4883| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
4884| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
4885| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
4886| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
4887| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
4888| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4889| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
4890| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
4891| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
4892| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
4893| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
4894| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
4895| [CVE-2003-0292] Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
4896| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
4897| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
4898| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
4899| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
4900| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
4901| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
4902| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
4903| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
4904| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
4905| [CVE-2002-1169] IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
4906| [CVE-2002-1168] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
4907| [CVE-2002-1167] Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
4908| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
4909| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
4910| [CVE-2002-1013] Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
4911| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
4912| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
4913| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
4914| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
4915| [CVE-2002-0452] Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
4916| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
4917| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
4918| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
4919| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
4920| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
4921| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
4922| [CVE-2001-1244] Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of data, which generates more packets with less TCP-level data that amplify network traffic and consume more server CPU to process.
4923| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
4924| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
4925| [CVE-2001-1056] IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
4926| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
4927| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
4928| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
4929| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
4930| [CVE-2000-0406] Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
4931| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
4932| [CVE-1999-1379] DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
4933| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
4934| [CVE-1999-1066] Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request.
4935| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
4936| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
4937|
4938| SecurityFocus - https://www.securityfocus.com/bid/:
4939| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
4940| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4941| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4942| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4943| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4944| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4945| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4946| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4947| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4948| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4949| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4950| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4951| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4952| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4953| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4954| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4955| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4956| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4957| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4958| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4959| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4960| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4961| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4962| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4963| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4964| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4965| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4966| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4967| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4968| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4969| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4970| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4971| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4972| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4973| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4974| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4975| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4976| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4977| [79638] Traffic Server CVE-2014-10022 Denial-Of-Service Vulnerability
4978| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4979| [76933] Apache James Server Unspecified Command Execution Vulnerability
4980| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4981| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4982| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4983| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4984| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4985| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4986| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4987| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4988| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4989| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4990| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4991| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4992| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4993| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4994| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4995| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4996| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4997| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4998| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4999| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
5000| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
5001| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
5002| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
5003| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
5004| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
5005| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
5006| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
5007| [52196] NetDecision Traffic Grapher Server Source Code Disclosure Vulnerability
5008| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5009| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5010| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
5011| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
5012| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
5013| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5014| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
5015| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5016| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
5017| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
5018| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
5019| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
5020| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5021| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
5022| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
5023| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
5024| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
5025| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
5026| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
5027| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
5028| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5029| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
5030| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
5031| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
5032| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
5033| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
5034| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
5035| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
5036| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
5037| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
5038| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5039| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
5040| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
5041| [8226] Apache HTTP Server Multiple Vulnerabilities
5042| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
5043| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
5044| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
5045| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
5046| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
5047| [7596] Inktomi Traffic Server Cross-Site Scripting Vulnerability
5048| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
5049| [7255] Apache Web Server File Descriptor Leakage Vulnerability
5050| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5051| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
5052| [6939] Apache Web Server ETag Header Information Disclosure Weakness
5053| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
5054| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
5055| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
5056| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
5057| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
5058| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
5059| [5098] Inktomi Traffic Server Traffic_Manager Path Argument Buffer Overflow Vulnerability
5060| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
5061| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
5062| [3169] Apache Server Address Disclosure Vulnerability
5063| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
5064| [2216] Apache Web Server DoS Vulnerability
5065| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
5066| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
5067| [983] Nameserver Traffic Amplification and NS Route Discovery Vulnerability
5068|
5069| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5070| [74313] Apache Traffic Server header buffer overflow
5071| [61721] Apache Traffic Server cache poisoning
5072| [85871] Apache HTTP Server mod_session_dbd unspecified
5073| [85574] Apache HTTP Server mod_dav denial of service
5074| [84111] Apache HTTP Server command execution
5075| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5076| [82360] Apache HTTP Server manager interface cross-site scripting
5077| [82359] Apache HTTP Server hostnames cross-site scripting
5078| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5079| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5080| [77046] Oracle Solaris Apache HTTP Server information disclosure
5081| [75983] MapServer for Windows Apache file include
5082| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5083| [74181] Apache HTTP Server mod_fcgid module denial of service
5084| [73531] NetDecision Traffic Grapher Server .nd file source code disclosure
5085| [72758] Apache HTTP Server httpOnly information disclosure
5086| [72757] Apache HTTP Server MPM denial of service
5087| [72377] Apache HTTP Server scoreboard security bypass
5088| [72345] Apache HTTP Server HTTP request denial of service
5089| [71617] Apache HTTP Server mod_proxy module information disclosure
5090| [71445] Apache HTTP Server mod_proxy security bypass
5091| [71181] Apache HTTP Server ap_pregsub() denial of service
5092| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5093| [70336] Apache HTTP Server mod_proxy information disclosure
5094| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5095| [69396] Apache HTTP Server ByteRange filter denial of service
5096| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5097| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5098| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5099| [58046] Apache HTTP Server mod_auth_shadow security bypass
5100| [56653] Apache HTTP Server DNS spoofing
5101| [56652] Apache HTTP Server DNS cross-site scripting
5102| [56625] Apache HTTP Server request header information disclosure
5103| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5104| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5105| [53666] Apache HTTP Server Solaris pollset support denial of service
5106| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5107| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5108| [51273] Apache HTTP Server Incomplete Request denial of service
5109| [50884] Apache HTTP Server XML ENTITY denial of service
5110| [50808] Apache HTTP Server AllowOverride privilege escalation
5111| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5112| [47086] Apache HTTP Server OS fingerprinting unspecified
5113| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5114| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5115| [42987] Apache HTTP Server mod_proxy module denial of service
5116| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5117| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5118| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5119| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5120| [39608] Apache HTTP Server balancer manager cross-site request forgery
5121| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5122| [39472] Apache HTTP Server mod_status cross-site scripting
5123| [39158] Apache HTTP Server Windows SMB shares information disclosure
5124| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5125| [38800] Apache HTTP Server 413 error page cross-site scripting
5126| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5127| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5128| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5129| [36586] Apache HTTP Server UTF-7 cross-site scripting
5130| [36354] Apache HTTP Server mod_proxy module denial of service
5131| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5132| [35384] Apache HTTP Server mod_cache module denial of service
5133| [35097] Apache HTTP Server mod_status module cross-site scripting
5134| [35095] Apache HTTP Server Prefork MPM module denial of service
5135| [34984] Apache HTTP Server recall_headers information disclosure
5136| [34966] Apache HTTP Server MPM content spoofing
5137| [34965] Apache HTTP Server MPM information disclosure
5138| [34963] Apache HTTP Server MPM multiple denial of service
5139| [33584] Apache HTTP Server suEXEC privilege escalation
5140| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5141| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5142| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5143| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5144| [28357] Apache HTTP Server mod_alias script source information disclosure
5145| [26786] Apache James SMTP server denial of service
5146| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5147| [22006] Apache HTTP Server byte-range filter denial of service
5148| [21195] Apache HTTP Server header HTTP request smuggling
5149| [20383] Apache HTTP Server htdigest buffer overflow
5150| [18993] Apache HTTP server check_forensic symlink attack
5151| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5152| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5153| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5154| [17961] Apache Web server ServerTokens has not been set
5155| [17930] Apache HTTP Server HTTP GET request denial of service
5156| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5157| [17473] Apache HTTP Server Satisfy directive allows access to resources
5158| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5159| [17382] Apache HTTP Server IPv6 apr_util denial of service
5160| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5161| [17273] Apache HTTP Server speculative mode denial of service
5162| [17200] Apache HTTP Server mod_ssl denial of service
5163| [16890] Apache HTTP Server server-info request has been detected
5164| [16889] Apache HTTP Server server-status request has been detected
5165| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5166| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5167| [16230] Apache HTTP Server PHP denial of service
5168| [15958] Apache HTTP Server authentication modules memory corruption
5169| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5170| [15540] Apache HTTP Server socket starvation denial of service
5171| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5172| [15422] Apache HTTP Server mod_access information disclosure
5173| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5174| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5175| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5176| [14125] Apache HTTP Server mod_userdir module information disclosure
5177| [14075] Apache HTTP Server mod_php file descriptor leak
5178| [13703] Apache HTTP Server account
5179| [13689] Apache HTTP Server configuration allows symlinks
5180| [13688] Apache HTTP Server configuration allows SSI
5181| [13687] Apache HTTP Server Server: header value
5182| [13685] Apache HTTP Server ServerTokens value
5183| [13684] Apache HTTP Server ServerSignature value
5184| [13672] Apache HTTP Server config allows directory autoindexing
5185| [13671] Apache HTTP Server default content
5186| [13670] Apache HTTP Server config file directive references outside content root
5187| [13668] Apache HTTP Server httpd not running in chroot environment
5188| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5189| [13664] Apache HTTP Server config file contains ScriptAlias entry
5190| [13663] Apache HTTP Server CGI support modules loaded
5191| [13661] Apache HTTP Server config file contains AddHandler entry
5192| [13660] Apache HTTP Server 500 error page not CGI script
5193| [13659] Apache HTTP Server 413 error page not CGI script
5194| [13658] Apache HTTP Server 403 error page not CGI script
5195| [13657] Apache HTTP Server 401 error page not CGI script
5196| [13552] Apache HTTP Server mod_cgid module information disclosure
5197| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5198| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5199| [12662] Apache HTTP Server rotatelogs denial of service
5200| [12553] Apache HTTP Server redirects and subrequests denial of service
5201| [12552] Apache HTTP Server FTP proxy server denial of service
5202| [12551] Apache HTTP Server prefork MPM denial of service
5203| [12550] Apache HTTP Server weaker than expected encryption
5204| [12549] Apache HTTP Server type-map file denial of service
5205| [12091] Apache HTTP Server apr_password_validate denial of service
5206| [12090] Apache HTTP Server apr_psprintf code execution
5207| [12021] Inktomi Traffic Server cross-site scripting
5208| [11804] Apache HTTP Server mod_access_referer denial of service
5209| [11750] Apache HTTP Server could leak sensitive file descriptors
5210| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5211| [11695] Apache HTTP Server LF (Line Feed) denial of service
5212| [11694] Apache HTTP Server filestat.c denial of service
5213| [11438] Apache HTTP Server MIME message boundaries information disclosure
5214| [11412] Apache HTTP Server error log terminal escape sequence injection
5215| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5216| [11126] Apache HTTP Server illegal character file disclosure
5217| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5218| [11124] Apache HTTP Server DOS device name denial of service
5219| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5220| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5221| [10499] Apache HTTP Server WebDAV HTTP POST view source
5222| [10457] Apache HTTP Server mod_ssl "
5223| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5224| [10414] Apache HTTP Server htdigest multiple buffer overflows
5225| [10413] Apache HTTP Server htdigest temporary file race condition
5226| [10412] Apache HTTP Server htpasswd temporary file race condition
5227| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5228| [10280] Apache HTTP Server shared memory scorecard overwrite
5229| [10241] Apache HTTP Server Host: header cross-site scripting
5230| [10208] Apache HTTP Server mod_dav denial of service
5231| [10200] Apache HTTP Server stderr denial of service
5232| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5233| [9875] Apache HTTP Server .var file request could disclose installation path
5234| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5235| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5236| [9465] Inktomi Traffic Server software -path traffic_manager buffer overflow
5237| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5238| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5239| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5240| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5241| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5242| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5243| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5244| [8400] Apache HTTP Server mod_frontpage buffer overflows
5245| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5246| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5247| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5248| [7836] Apache HTTP Server log directory denial of service
5249| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5250| [7363] Apache Web Server hidden HTTP requests
5251| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5252| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5253| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5254| [6527] Apache Web Server for Windows and OS2 denial of service
5255| [5659] Apache Web server discloses files when used with php script
5256| [5197] Apache Web server reveals CGI script source code
5257| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5258| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5259| [697] Apache HTTP server beck exploit
5260|
5261| Exploit-DB - https://www.exploit-db.com:
5262| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5263| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5264| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5265| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5266| [22601] Inktomi Traffic Server 4.0/5.x Cross-Site Scripting Vulnerability
5267| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5268| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5269| [21580] Inktomi Traffic Server 4/5 Traffic_Manager Path Argument Buffer Overflow
5270| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5271| [20558] Apache 1.2 Web Server DoS Vulnerability
5272| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5273| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5274| [18542] Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability
5275| [18221] Apache HTTP Server Denial of Service
5276| [9] Apache HTTP Server 2.x Memory Leak Exploit
5277| [31139] Larson Network Print Server 9.4.2 build 105 (LstNPS) Logging Function USEP Command Remote Format String
5278| [31138] Larson Network Print Server 9.4.2 build 105 (LstNPS) NPSpcSVR.exe License Command Remote Overflow
5279| [31132] Group Logic ExtremeZ-IP File and Print Servers 5.1.2 x15 Multiple Vulnerabilities
5280| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5281| [31117] WS_FTP Server 6 /WSFTPSVR/FTPLogServer/LogViewer.asp Authentication Bypass
5282| [31105] Titan FTP Server 6.05 build 550 DELE Command Remote Buffer Overflow Vulnerability
5283| [31100] Anon Proxy Server 0.100/0.102 Remote Authentication Buffer Overflow Vulnerability
5284| [31056] HFS HTTP File Server 1.5/2.x Multiple Security Vulnerabilities
5285| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5286| [31039] BitDefender Products Update Server HTTP Daemon Directory Traversal Vulnerability
5287| [31014] haneWIN DNS Server 1.5.3 - Denial of Service
5288| [31001] IceWarp Mail Server 9.1.1 'admin/index.html' Cross-Site Scripting Vulnerability
5289| [30991] Pragma TelnetServer 7.0.4.589 NULL-Pointer Dereference Denial of Service Vulnerability
5290| [30990] Foxit WAC Server 2.0 Build 3503 Denial of Service Vulnerability
5291| [30971] Georgia SoftWorks Secure Shell Server 7.1.3 Multiple Remote Code Execution Vulnerabilities
5292| [30885] QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities
5293| [30856] Easy File Sharing Web Server 1.3x Directory Traversal and Multiple Information Disclosure Vulnerabilities
5294| [30850] HFS HTTP File Server 2.2/2.3 Arbitrary File Upload Vulnerability
5295| [30809] Sentinel Protection Server 7.x/Keys Server 1.0.3 Directory Traversal Vulnerability
5296| [30776] LIVE555 Media Server 2007.11.1 ParseRTSPRequestString Remote Denial Of Service Vulnerability
5297| [30768] IBM WebSphere Application Server 5.1.1 WebContainer HTTP Request Header Security Weakness
5298| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
5299| [30733] phpMyAdmin <= 2.11.1 Server_Status.PHP Cross-Site Scripting Vulnerability
5300| [30708] Aleris Web Publishing Server 3.0 Page.ASP SQL Injection Vulnerability
5301| [30644] Dawn of Time 1.69 MUD Server Multiple Format String Vulnerabilities
5302| [30587] Axis Communications 207W Network Camera Web Interface admin/restartMessage.shtml server Parameter CSRF
5303| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5304| [30542] EnterpriseDB Advanced Server 8.2 Uninitialized Pointer Vulnerability
5305| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5306| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5307| [30472] Zimbra Collaboration Server - LFI
5308| [30373] Ability Mail Server 2013 (3.1.1) - Stored XSS (Web UI)
5309| [30299] ActiveWeb Contentserver 5.6.2929 CMS Client Side Filtering Bypass Vulnerability
5310| [30298] contentserver 5.6.2929 errors/transaction.asp msg Parameter XSS
5311| [30297] contentserver 5.6.2929 errors/rights.asp msg Parameter XSS
5312| [30296] ActiveWeb Contentserver 5.6.2929 Picture_Real_Edit.ASP SQL Injection Vulnerability
5313| [30279] SAP Internet Graphics Server <= 7.0 PARAMS Cross Site Scripting Vulnerability
5314| [30278] SAP DB 7.x Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities
5315| [30265] SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability
5316| [30264] Fujitsu ServerView <= 4.50.8 DBASCIIAccess Remote Command Execution Vulnerability
5317| [30259] Claroline <= 1.8.3 $_SERVER['PHP_SELF'] Parameter Multiple Cross-Site Scripting Vulnerabilities
5318| [30256] Oracle Rapid Install Web Server Secondary Login Page Cross Site Scripting Vulnerability
5319| [30252] Conti FTP Server 1.0 Large String Denial of Service Vulnerability
5320| [30233] LiteWEB Web Server 2.7 Invalid Page Remote Denial of Service Vulnerability
5321| [30231] Key Focus Web Server 3.1 Index.WKF Cross-Site Scripting Vulnerability
5322| [30224] Ingress Database Server 2.6 - Multiple Remote Vulnerabilities
5323| [30222] MyServer 0.9.8 Post.MSCGI Cross-Site Scripting Vulnerability
5324| [30219] MyServer 0.8.9 Filename Parse Error Information Disclosure Vulnerability
5325| [30218] BugHunter HTTP Server 1.6.2 Parse Error Information Disclosure Vulnerability
5326| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5327| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5328| [30186] Firebird SQL Fbserver 2.0 - Remote Buffer Overflow Vulnerability
5329| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5330| [30051] PsychoStats <= 2.3 - Server.PHP Path Disclosure Vulnerability
5331| [30026] TFTP Server TFTPDWin 0.4.2 Unspecified Directory Traversal Vulnerability
5332| [30025] TeamSpeak Server 2.0.23 Multiple Scripts Multiple Cross-Site Scripting Vulnerabilities
5333| [30019] CA Multiple Products Console Server and InoCore.dll Remote Code Execution Vulnerabilities
5334| [30009] ABB MicroSCADA wserver.exe - Remote Code Execution
5335| [29964] Trend Micro ServerProtect 5.58 SpntSvc.EXE Remote Stack Based Buffer Overflow Vulnerability
5336| [29951] Microsoft SharePoint Server 3.0 Cross-Site Scripting Vulnerability
5337| [29939] X.Org X Window System Xserver 1.3 XRender Extension Divide by Zero Denial of Service Vulnerability
5338| [29932] Red Hat Directory Server 7.1 - Multiple Cross Site Scripting Vulnerabilities
5339| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5340| [29859] Apache Roller OGNL Injection
5341| [29803] Static Http Server 1.0 - Denial of Service (DoS) Exploit
5342| [29787] HP Jetdirect FTP Print Server RERT Command Denial of Service Vulnerability
5343| [29716] Silc Server 1.0.2 New Channel Remote Denial of Service Vulnerability
5344| [29706] DeepOfix SMTP Server 3.3 - Authentication Bypass
5345| [29699] Novell Access Management SSLVPN Server Security Bypass Vulnerability
5346| [29626] phpTrafficA 1.4.1 banref.php lang Parameter Traversal Local File Inclusion
5347| [29625] phpTrafficA 1.4.1 plotStat.php file Parameter Traversal Local File Inclusion
5348| [29597] Community Server SearchResults.ASPX Cross-Site Scripting Vulnerability
5349| [29575] Plain Old Webserver 0.0.7/0.0.8 Firefox Extension Directory Traversal Vulnerability
5350| [29503] KarjaSoft Sami HTTP Server 1.0.4/1.0.5/2.0.1 Request Remote Denial of Service Vulnerability
5351| [29439] iPlanet Web Server 4.1 Search Module Cross-Site Scripting Vulnerability
5352| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5353| [29400] Novell Access Manager 3 Identity Server IssueInstant Parameter Cross-Site Scripting Vulnerability
5354| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5355| [29297] HP Printer FTP Print Server 2.4.5 List Command Buffer Overflow Vulnerability
5356| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5357| [29230] Citrix Presentation Server Client 9.200 WFICA.OCX ActiveX Component Heap Buffer Overflow Vulnerability
5358| [29045] Selenium Web Server 1.0 XSS
5359| [29039] Kerio MailServer 5.x/6.x Remote LDAP Denial of Service Vulnerability
5360| [29036] Teamtek Universal FTP Server Multiple Commands Remote Denial of Service Vulnerabilities
5361| [28890] iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability
5362| [28860] FtpXQ Server 3.01 MKD Command Remote Overflow DoS
5363| [28766] Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (2)
5364| [28765] Computer Associates Products Message Engine RPC Server Multiple Buffer Overflow Vulnerabilities (1)
5365| [28725] SAP Internet Transaction Server 6.10/6.20 Cross-Site Scripting Vulnerability
5366| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5367| [28686] My-BIC 0.6.5 - Mybic_Server.PHP Remote File Include Vulnerability
5368| [28666] Call of Duty Server 4.1.x Callvote Map Command Remote Buffer Overflow Vulnerability
5369| [28640] CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure
5370| [28602] OSU HTTP Server 3.10/3.11 Multiple Information Disclosure Vulnerabilities
5371| [28513] Paul Smith Computer Services VCAP Calendar Server 1.9 - Remote Denial of Service Vulnerability
5372| [28512] paul smith computer services vcap calendar server 1.9 - Directory Traversal vulnerability
5373| [28489] Easy Address Book Web Server 1.2 - Remote Format String Vulnerability
5374| [28463] SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow
5375| [28450] FiberHome Modem Router HG-110 - Authentication Bypass To Remote Change DNS Servers
5376| [28419] DieselScripts Smart Traffic Index.PHP Remote File Include Vulnerability
5377| [28374] IPCheck Server Monitor 5.x Directory Traversal Vulnerability
5378| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5379| [28338] Vino VNC Server 3.7.3 - Persistent Denial of Service
5380| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5381| [28234] MySQL 4.x/5.x Server Date_Format Denial of Service Vulnerability
5382| [28229] VisNetic Mail Server 8.3.5 - Multiple File Include Vulnerabilities
5383| [28100] BlueDragon Server 6.2.1 .CFM Files Denial of Service Vulnerability
5384| [28026] MySQL Server 4/5 Str_To_Date Remote Denial of Service Vulnerability
5385| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
5386| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5387| [27887] SAP Web Application Server 6.x/7.0 Input Validation Vulnerability
5388| [27877] Oracle Endeca Server Remote Command Execution
5389| [27799] Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities
5390| [27793] Collaborative Portal Server 3.4 POS Parameter Cross-Site Scripting Vulnerability
5391| [27723] Yukihiro Matsumoto Ruby 1.x XMLRPC Server Denial of Service Vulnerability
5392| [27704] Cogent DataHub HTTP Server Buffer Overflow
5393| [27637] Adobe Document Server 6.0 Extensions AlterCast op Parameter XSS
5394| [27636] Adobe Document Server 6.0 Extensions ads-readerext actionID Parameter XSS
5395| [27620] Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
5396| [27554] MinaliC Webserver 2.0.0 - Buffer Overflow (Egghunter)
5397| [27523] Sami FTP Server 2.0.1 - MKD Buffer Overflow ASLR Bypass (SEH)
5398| [27499] CONTROLzx HMS 3.3.4 server_management.php plan_id Parameter XSS
5399| [27418] Firebird 1.5 - Local Inet_Server Buffer Overflow Vulnerability
5400| [27401] Open&Compact FTP Server 1.2 (Gabriel's FTP Server) - Auth Bypass & Directory Traversal SAM Retrieval Exploit
5401| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5402| [27378] Easy File Sharing Web Server 3.2 Full Path Request Arbitrary File Upload
5403| [27377] Easy File Sharing Web Server 3.2 Format String DoS
5404| [27329] Alt-N MDaemon 8.1.1 IMAP Server Remote Format String Vulnerability
5405| [27212] Isode M-Vault Server 11.3 LDAP Memory Corruption Vulnerability
5406| [27196] IBM Tivoli Directory Server 6.0 Unspecified LDAP Memory Corruption Vulnerability
5407| [27186] HiveMail 1.2.2/1.3 index.php $_SERVER['PHP_SELF'] XSS
5408| [27171] Sun ONE Directory Server 5.2 - Remote Denial of Service Vulnerability
5409| [27144] Communigate Pro 5.0.6 Server LDAP Denial of Service Vulnerability
5410| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5411| [27108] Dual DHCP DNS Server 1.0 DHCP Options Remote Buffer Overflow Vulnerability
5412| [27096] Apache Geronimo 1.0 Error Page XSS
5413| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5414| [27042] Photo Server 2.0 iOS - Multiple Vulnerabilities
5415| [27011] Sybase EAServer 6.3.1 - Multiple Vulnerabilities
5416| [27007] PCMan FTP Server 2.0.7 - Remote Exploit (msf)
5417| [26986] PaperThin CommonSpot Content Server 4.5 Cross-Site Scripting Vulnerability
5418| [26972] oracle application server discussion forum portlet Multiple Vulnerabilities
5419| [26967] httprint 202.0 HTTP Response Server Field Overflow DoS
5420| [26966] httprint 202.0 HTTP Response Server Field Arbitrary Script Injection
5421| [26914] Extensis Portfolio Netpublish Server 7.0 Server.NP Directory Traversal Vulnerability
5422| [26902] Miraserver 1.0 RC4 article.php cat Parameter SQL Injection
5423| [26901] Miraserver 1.0 RC4 newsitem.php id Parameter SQL Injection
5424| [26900] Miraserver 1.0 RC4 index.php page Parameter SQL Injection
5425| [26836] Limbo CMS 1.0.4 .2 index.php _SERVER[REMOTE_ADDR] Parameter XSS
5426| [26776] Sights 'N Sounds Streaming Media Server 2.0.3 SWS.EXE Buffer Overflow Vulnerability
5427| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5428| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5429| [26536] qualcomm worldmail server 3.0 - Directory Traversal vulnerability
5430| [26520] Static HTTP Server 1.0 - SEH Overflow
5431| [26495] PCMan's FTP Server 2.0 - Remote Buffer Overflow Exploit
5432| [26488] SAP Web Application Server 6.x/7.0 URI Redirection Vulnerability
5433| [26487] SAP Web Application Server 6.x/7.0 frameset.htm sap-syscmd Parameter XSS
5434| [26486] SAP Web Application Server 6.x/7.0 Error Page XSS
5435| [26471] PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit
5436| [26460] Asus VideoSecurity Online 3.5 Web Server Authentication Buffer Overflow Vulnerability
5437| [26450] Baby FTP Server 1.24 - Denial of Service
5438| [26401] TRENDnet TE100-P1U Print Server Firmware 4.11 Authentication Bypass Vulnerability
5439| [26393] phpMyAdmin 2.x server_databases.php XSS
5440| [26376] Xerver 4.17 Server URI Null Character XSS
5441| [26318] TP-Link Print Server TL PS110U - Sensitive Information Enumeration
5442| [26313] Merak Mail Server 8.2.4 r Arbitrary File Deletion Vulnerability
5443| [26255] Mail-it Now! Upload2Server 1.5 - Arbitrary File Upload Vulnerability
5444| [26210] bfcommand & control server 1.22/2.0/2.14 manager Multiple Vulnerabilities
5445| [26152] Apple Mac OS X 10.4 Weblog Server Cross-Site Scripting Vulnerabilities
5446| [26137] Syslog Server 1.2.3 - Crash PoC
5447| [26133] Sami FTP Server 2.0.1 - RETR Denial of Service
5448| [26100] Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities
5449| [26073] Resin Application Server 4.0.36 Source Code Disclosure Vulnerability
5450| [26071] NetworkActiv Web Server 1.0/2.0/3.0/3.5 Cross-Site Scripting Vulnerability
5451| [26024] sap internet graphics server 6.40 - Directory Traversal vulnerability
5452| [26010] Quick TFTP Server 2.2 - Denial of Service
5453| [26006] Oracle Reports Server 6.0.8/9.0.x Unauthorized Report Execution Vulnerability
5454| [26005] Alt-N MDaemon 8.0 IMAP Server CREATE Remote Buffer Overflow Vulnerability
5455| [26004] Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities
5456| [26003] Oracle Reports Server 6.0.8/9.0.x Arbitrary File Disclosure Vulnerability
5457| [26002] Oracle Reports Server 6.0.8/9.0.x XML File Disclosure Vulnerability
5458| [25988] Oracle9i Application Server 9.0.2 MOD_ORADAV Access Control Vulnerability
5459| [25986] Plesk Apache Zeroday Remote Exploit
5460| [25980] Apache Struts includeParams Remote Code Execution
5461| [25976] DS3 Authentication Server - Multiple Vulnerabilities
5462| [25974] Mac OSX Server DirectoryService Buffer Overflow
5463| [25961] SoftiaCom WMailserver 1.0 - Local Information Disclosure Vulnerability
5464| [25936] PlanetDNS PlanetFileServer Remote Buffer Overflow Vulnerability
5465| [25932] EasyPHPCalendar 6.1.5/6.2.x setupSQL.php serverPath Parameter Remote File Inclusion
5466| [25931] EasyPHPCalendar 6.1.5/6.2.x datePicker.php serverPath Parameter Remote File Inclusion
5467| [25930] EasyPHPCalendar 6.1.5/6.2.x header.inc.php serverPath Parameter Remote File Inclusion
5468| [25929] EasyPHPCalendar 6.1.5/6.2.x popup.php serverPath Parameter Remote File Inclusion
5469| [25928] EasyPHPCalendar 6.1.5/6.2.x calendar.php serverPath Parameter Remote File Inclusion
5470| [25910] Community Server Forums 'SearchResults.aspx' Cross-Site Scripting Vulnerability
5471| [25851] Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow
5472| [25836] Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
5473| [25787] LiteWeb Server 2.5 Authentication Bypass Vulnerability
5474| [25775] Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
5475| [25755] serverscheck 5.9/5.10 - Directory Traversal vulnerability
5476| [25708] Clever's Games Terminator 3: War of the Machines 1.16 Server Buffer Overflow Vulnerability
5477| [25699] Gearbox Software Halo Game Server 1.06/1.07 Infinite Loop Denial of Service Vulnerability
5478| [25696] Sambar Server 5.x/6.0/6.1 Server Referer XSS
5479| [25695] Sambar Server 5.x/6.0/6.1 logout RCredirect XSS
5480| [25694] Sambar Server 5.x/6.0/6.1 results.stm indexname XSS
5481| [25680] War Times Remote Game Server Denial of Service Vulnerability
5482| [25646] MyServer 0.8 Cross-Site Scripting Vulnerability
5483| [25631] Orenosv HTTP/FTP Server 0.8.1 CGISSI.EXE Remote Buffer Overflow Vulnerability
5484| [25629] Orenosv HTTP/FTP Server 0.8.1 FTP Commands Remote Buffer Overflow Vulnerability
5485| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5486| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5487| [25584] Mtp-Target Server 1.2.2 Memory Corruption Vulnerability
5488| [25573] Video Cam Server 1.0 Administrative Interface Authentication Bypass Vulnerability
5489| [25572] Video Cam Server 1.0 Path Disclosure Vulnerability
5490| [25571] video cam server 1.0 - Directory Traversal vulnerability
5491| [25563] Oracle Application Server 9i Webcache PartialPageErrorPage Cross-Site Scripting Vulnerability
5492| [25562] Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability
5493| [25561] Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
5494| [25559] Oracle Application Server 9.0 HTTP Service Mod_Access Restriction Bypass Vulnerability
5495| [25546] BEA WebLogic Server 8.1 And WebLogic Express Administration Console Cross-Site Scripting Vulnerability
5496| [25420] IBM WebSphere 5.0/5.1/6.0 Application Server Web Server Root JSP Source Code Disclosure Vulnerability
5497| [25418] MiniWeb MiniWeb HTTP Server (build 300) - Crash PoC
5498| [25353] IBM Lotus Domino Server 6.5.1 Web Service Remote Denial of Service Vulnerability
5499| [25335] IBM iSeries AS400 LDAP Server Remote Information Disclosure Vulnerability
5500| [25333] SCO OpenServer 5.0.6/5.0.7 NWPrint Command Line Argument Local Buffer Overflow Vulnerability
5501| [25319] FastStone 4in1 Browser 1.2 Web Server Remote Directory Traversal Vulnerability
5502| [25269] Oracle Reports Server 10g Multiple Remote Cross-Site Scripting Vulnerabilities
5503| [25219] Spinworks Application Server 3.0 - Remote Denial of Service Vulnerability
5504| [25218] PlatinumFTPServer 1.0.18 Multiple Malformed User Name Connection Denial of Service Vulnerability
5505| [25207] py software active webcam webserver 4.3/5.5 - Multiple Vulnerabilities
5506| [25171] MercurySteam Scrapland Game Server 1.0 - Remote Denial of Service Vulnerabilities
5507| [25163] CIS WebServer 3.5.13 Remote Directory Traversal Vulnerability
5508| [25152] phpMyAdmin 2.6 select_server.lib.php Multiple Parameter XSS
5509| [25144] sd server 4.0.70 - Directory Traversal vulnerability
5510| [25132] Bontago Game Server 1.1 - Remote Nickname Buffer Overrun Vulnerability
5511| [25082] Linksys PSUS4 PrintServer Malformed HTTP POST Request Denial of Service
5512| [25075] Eternal Lines Web Server 1.0 - Remote Denial of Service Vulnerability
5513| [25065] Magic Winmail Server 4.0 (Build 1112) upload.php Traversal Arbitrary File Upload
5514| [25064] Magic Winmail Server 4.0 (Build 1112) download.php Traversal Arbitrary File Access
5515| [24968] Mikrotik Syslog Server for Windows 1.15 - Denial of Service
5516| [24964] Oracle WebCenter Sites Satellite Server - HTTP Header Injection
5517| [24958] MinaliC Webserver 2.0.0 - Buffer Overflow
5518| [24952] AT-TFTP Server 2.0 - Stack Based Buffer Overflow DoS
5519| [24950] KNet Web Server 1.04b - Stack Corruption BoF
5520| [24943] BigAnt Server 2.97 - DDNF Username Buffer Overflow
5521| [24940] Sysax Multi Server 6.10 - SSH Denial of Service
5522| [24897] KNet Web Server 1.04b - Buffer Overflow SEH
5523| [24890] ActFax 5.01 RAW Server Buffer Overflow
5524| [24875] Sami FTP Server LIST Command Buffer Overflow
5525| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5526| [24838] Active Server Corner ASP Calendar 1.0 Administrative Access Vulnerability
5527| [24805] MySQL MaxDB 7.5 WAHTTP Server Remote Denial of Service Vulnerability
5528| [24801] KDE FTP KIOSlave URI Arbitrary FTP Server Command Execution Vulnerability
5529| [24800] Microsoft Internet Explorer 5.0.1 FTP URI Arbitrary FTP Server Command Execution Vulnerability
5530| [24793] JanaServer 2 Multiple Remote Denial of Service Vulnerabilities
5531| [24791] Open-Xchange Server 6 - Multiple Vulnerabilities
5532| [24770] Jabber Server 2.0 - Multiple Remote Buffer Overflow Vulnerabilities
5533| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5534| [24738] AlShare Software NetNote Server 2.2 - Remote Denial of Service Vulnerability
5535| [24730] 04webserver 1.42 Multiple Vulnerabilities
5536| [24710] id software quake ii server 3.2 - Multiple Vulnerabilities
5537| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5538| [24684] Yak! Chat Client 2.x FTP Server Directory Traversal Vulnerability
5539| [24668] Jera Technology Flash Messaging Server 5.2 - Remote Denial of Service Vulnerability
5540| [24640] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (2)
5541| [24639] Microsoft SQL Server 7.0 - Remote Denial of Service Vulnerability (1)
5542| [24624] Alt-N MDaemon 6.5.1 SMTP Server Multiple Command Remote Overflow
5543| [24619] EmuLive Server4 Authentication Bypass And Denial of Service Vulnerabilities
5544| [24600] myserver 0.7 - Directory Traversal vulnerability
5545| [24591] PerlDesk Language Variable Server-Side Script Execution Vulnerability
5546| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5547| [24586] Gearbox Software Halo Combat Evolved 1.x Game Server Remote Denial of Service Vulnerability
5548| [24573] Keene Digital Media Server 1.0.2 Cross-Site Scripting Vulnerabilities
5549| [24567] Oracle Database Server 8.1.7/9.0.x ctxsys.driload Access Validation Vulnerability
5550| [24557] Sami FTP Server 2.0.1 LIST Command Buffer Overflow
5551| [24528] BigAnt Server DUPF Command Arbitrary File Upload
5552| [24527] BigAnt Server 2 SCH And DUPF Buffer Overflow
5553| [24511] SAP Netweaver Message Server Multiple Vulnerabilities
5554| [24467] ActFax 5.01 RAW Server Exploit
5555| [24423] Cerbere Proxy Server 1.2 Long Host Header Field Remote Denial of Service Vulnerability
5556| [24419] Xedus Web Server 1.0 Traversal Arbitrary File Access
5557| [24418] Xedus Web Server 1.0 testgetrequest.x username Parameter XSS
5558| [24417] Xedus Web Server 1.0 test.x username Parameter XSS
5559| [24416] Ipswitch WS_FTP Server 5.0.x CD Command Malformed File Path Remote Denial of Service Vulnerability
5560| [24414] keene digital media server 1.0.2 - Directory Traversal variant vulnerability
5561| [24412] RealVNC Server 4.0 - Remote Denial of Service Vulnerability
5562| [24402] Axis Network Camera 2.x And Video Server 1-3 HTTP Authentication Bypass
5563| [24401] axis network camera 2.x and video server 1-3 - Directory Traversal vulnerability
5564| [24400] Axis Network Camera 2.x And Video Server 1-3 virtualinput.cgi Arbitrary Command Execution
5565| [24390] Mantis 0.19 Remote Server-Side Script Execution Vulnerability
5566| [24388] aGSM 2.35 Half-Life Server Info Response Buffer Overflow Vulnerability
5567| [24383] Gallery 1.4.4 - Remote Server-Side Script Execution Vulnerability
5568| [24382] Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection
5569| [24381] Merak Mail Server 7.4.5 address.html Path Disclosure
5570| [24380] Merak Mail Server 7.4.5 HTML Message Body XSS
5571| [24379] Merak Mail Server 7.4.5 attachment.html attachmentpage_text_error Parameter XSS
5572| [24378] Merak Mail Server 7.4.5 settings.html Multiple Parameter XSS
5573| [24377] Merak Mail Server 7.4.5 address.html Multiple Parameter XSS
5574| [24374] Ipswitch IMail Server 7/8 Weak Password Encryption Weakness
5575| [24359] YaPiG 0.92 Remote Server-Side Script Execution Vulnerability
5576| [24345] IBM Tivoli Directory Server 3.2.2/4.1 LDACGI Directory Traversal Vulnerability
5577| [24337] myServer 0.6.2 math_sum.mscgi Multiple Parameter Remote Overflow
5578| [24336] myServer 0.6.2 math_sum.mscgi Multiple Parameter XSS
5579| [24310] ZoneMinder Video Server packageControl Command Execution
5580| [24305] PSCS VPOP3 2.0 Email Server Remote Denial of Service Vulnerability
5581| [24304] Imatix Xitami 2.5 Server Side Includes Cross-Site Scripting Vulnerability
5582| [24286] Gattaca Server 2003 Cross-Site Scripting Vulnerability
5583| [24285] Gattaca Server 2003 Language Variable Path Exposure
5584| [24284] Gattaca Server 2003 Null Byte Path Disclosure
5585| [24283] Gattaca Server 2003 POP3 DoS
5586| [24282] Gattaca Server 2003 web.tmpl Language Variable CPU Consumption DoS
5587| [24281] Microsoft Systems Management Server 1.2/2.0 - Remote Denial of Service Vulnerability
5588| [24268] Code-Crafters Ability Mail Server 1.18 errormsg Parameter XSS
5589| [24253] 12Planet Chat Server 2.9 Cross-Site Scripting Vulnerability
5590| [24252] fastream netfile ftp/web server 6.5/6.7 - Directory Traversal vulnerability
5591| [24248] IBM WebSphere Caching Proxy Server 5.0 2 Denial of Service Vulnerability
5592| [24247] Easy Chat Server 1.x Multiple Denial of Service Vulnerabilities
5593| [24243] IBM Lotus Domino Server 6 - Web Access Remote Denial of Service Vulnerability
5594| [24210] HP-UX 7-11 Local X Font Server Buffer Overflow Vulnerability
5595| [24195] WinAgents TFTP Server 3.0 - Remote Buffer Overrun Vulnerability
5596| [24163] Sambar Server 6.1 beta 2 showini.asp Arbitrary File Access
5597| [24162] Sambar Server 6.1 beta 2 showperf.asp title Parameter XSS
5598| [24161] Sambar Server 6.1 beta 2 show.asp show Parameter XSS
5599| [24150] MollenSoft Lightweight FTP Server 3.6 - Remote Buffer Overflow Vulnerability
5600| [24148] Sun Java System Application Server 7.0/8.0 - Remote Installation Path Disclosure Vulnerability
5601| [24147] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (3)
5602| [24146] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (2)
5603| [24145] Orenosv HTTP/FTP Server 0.5.9 HTTP GET Denial of Service Vulnerability (1)
5604| [24144] MiniShare Server 1.3.2 - Remote Denial of Service Vulnerability
5605| [24142] MollenSoft Lightweight FTP Server 3.6 - Remote Denial of Service Vulnerability
5606| [24122] TurboTrafficTrader C 1.0 - Multiple Cross-Site Scripting and HTML Injection Vulnerabilities
5607| [24111] Serva 2.0.0 - HTTP Server GET Remote Denial of Service Vulnerability
5608| [24110] Serva 2.0.0 - DNS Server QueryName Remote Denial of Service Vulnerability
5609| [24103] MailEnable Mail Server HTTPMail 1.x Remote Heap Overflow Vulnerability
5610| [24097] MyWeb HTTP Server 3.3 GET Request Buffer Overflow Vulnerability
5611| [24080] Titan FTP Server 3.0 LIST Denial of Service Vulnerability
5612| [24066] DiGi WWW Server 1 Remote Denial of Service Vulnerability
5613| [24029] RhinoSoft Serv-U FTP Server 3.x/4.x/5.0 LIST Parameter Buffer Overflow Vulnerability
5614| [24010] Real Networks Helix Universal Server 9.0.x Denial of Service Vulnerability
5615| [23943] Crackalaka IRC Server 1.0.8 - Remote Denial of Service Vulnerability
5616| [23942] 1st Class Mail Server 4.0 1 list.tagz XSS
5617| [23941] 1st Class Mail Server 4.0 1 advanced.tagz XSS
5618| [23940] 1st Class Mail Server 4.0 1 general.tagz XSS
5619| [23939] 1st Class Mail Server 4.0 1 members.tagz XSS
5620| [23938] 1st Class Mail Server 4.0 1 Index XSS
5621| [23937] 1st Class Mail Server 4.0 1 viewmail.tagz XSS
5622| [23914] Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability
5623| [23913] Floosietek FTGate Mail Server 1.2 index.fts folder Parameter XSS
5624| [23904] Roger Wilco Server 1.4.1 Unauthorized Audio Stream Denial of Service Vulnerability
5625| [23902] Roger Wilco Server 1.4.1 UDP Datagram Handling Denial of Service Vulnerability
5626| [23897] LinBit Technologies LINBOX Officeserver Remote Authentication Bypass Vulnerability
5627| [23886] simple webserver 2.3-rc1 - Directory Traversal
5628| [23877] NexGen FTP Server 1.0/2.x Remote Directory Traversal Vulnerability
5629| [23871] Centrinity FirstClass HTTP Server 5/7 TargetName Parameter Cross-Site Scripting Vulnerability
5630| [23842] WFTPD Server GUI 3.21 Remote Denial of Service Vulnerability
5631| [23839] GlobalSCAPE Secure FTP Server 2.0 Build 03.11.2004.2 SITE Command Remote Buffer Overflow Vulnerability
5632| [23803] Pegasi Web Server 0.2.2 Error Page XSS
5633| [23802] Pegasi Web Server 0.2.2 Arbitrary File Access
5634| [23799] Epic Games Unreal Tournament Server 436.0 Engine Remote Format String Vulnerability
5635| [23794] PWebServer 0.3.x Remote Directory Traversal Vulnerability
5636| [23787] 1st Class Internet Solutions 1st Class Mail Server 4.0 - Remote Buffer Overflow Vulnerability
5637| [23769] argosoft ftp server 1.0/1.2/1.4 - Multiple Vulnerabilities
5638| [23763] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (4)
5639| [23762] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (3)
5640| [23761] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (2)
5641| [23760] RhinoSoft Serv-U FTP Server 3/4/5 MDTM Command Time Argument Buffer Overflow Vulnerability (1)
5642| [23758] gweb http server 0.5/0.6 - Directory Traversal vulnerability
5643| [23756] Seyeon Technology FlexWATCH Server 2.2 Cross-Site Scripting Vulnerability
5644| [23753] Working Resources BadBlue Server 2.40 phptest.php Path Disclosure Vulnerability
5645| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5646| [23750] RobotFTP Server 1.0/2.0 - Remote Pre-authenticated Command Denial of Service Vulnerability
5647| [23731] TYPSoft FTP Server 1.1 - Remote CPU Consumption Denial of Service Vulnerability
5648| [23715] TransSoft Broker FTP Server 6.1 - Denial of Service Vulnerabilities
5649| [23714] KarjaSoft Sami HTTP Server 1.0.4 GET Request Buffer Overflow Vulnerability
5650| [23713] Vizer Web Server 1.9.1 - Remote Denial of Service Vulnerability
5651| [23709] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (2)
5652| [23708] RobotFTP Server 1.0/2.0 Username Buffer Overflow Vulnerability (1)
5653| [23701] XLight FTP Server 1.52 Remote Send File Request Denial of Service Vulnerability
5654| [23693] Sami FTP Server 1.1.3 - Library Crafted GET Request Remote DoS
5655| [23692] Sami FTP Server 1.1.3 Invalid Command Argument Local DoS
5656| [23689] Crob FTP Server 3.5.2 - Remote Denial of Service Vulnerability
5657| [23665] Shaun2k2 Palmhttpd Server 3.0 - Remote Denial of Service Vulnerability
5658| [23664] Sambar Server 6.0 Results.STM Post Request Buffer Overflow Vulnerability
5659| [23661] BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (2)
5660| [23660] BolinTech Dream FTP Server 1.0 User Name Format String Vulnerability (1)
5661| [23658] Linux VServer Project 1.2x CHRoot Breakout Vulnerability
5662| [23654] XLight FTP Server 1.x Long Directory Request Remote Denial of Service Vulnerability
5663| [23649] Microsoft SQL Server Database Link Crawling Command Execution
5664| [23648] Web Crossing Web Server 4.0/5.0 Component Remote Denial of Service Vulnerability
5665| [23635] Niti Telecom Caravan Business Server 2.00-03D Remote Directory Traversal Vulnerability
5666| [23633] Crob FTP Server 3.5.1 - Denial of Service Vulnerability
5667| [23632] Crob FTP Server 3.5.1 - Remote Information Disclosure Vulnerability
5668| [23610] IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (2)
5669| [23609] IBM Informix Dynamic Server 9.40/Informix Extended Parallel Server 8.40 Multiple Vulnerabilities (1)
5670| [23603] herberlin bremsserver 1.2.4/3.0 - Directory Traversal vulnerability
5671| [23600] Herberlin BremsServer 1.2.4 Cross-Site Scripting Vulnerability
5672| [23597] borland web server for corel paradox 1.0 b3 - Directory Traversal vulnerability
5673| [23596] TinyServer 1.1 Cross-site scripting
5674| [23595] TinyServer 1.1 - Denial of Service
5675| [23594] tinyserver 1.1 - Directory Traversal
5676| [23593] Oracle HTTP Server 8.1.7/9.0.1/9.2 isqlplus Cross-Site Scripting Vulnerability
5677| [23592] RhinoSoft Serv-U FTP Server 3/4 MDTM Command Stack Overflow Vulnerability (2)
5678| [23591] RhinoSoft Serv-U FTP Server 3/4 MDTM Command Stack Overflow Vulnerability (1)
5679| [23590] Reptile Web Server Reptile Web Server 20020105 Denial of Service Vulnerability
5680| [23589] Novell Netware Enterprise Web Server 5.1/6.0 - Multiple XSS Vulnerabilities
5681| [23588] Novell Netware Enterprise Web Server 5.1/6.0 SnoopServlet Information Disclosure
5682| [23587] Novell Netware Enterprise Web Server 5.1/6.0 snoop.jsp Information Disclosure
5683| [23586] Novell Netware Enterprise Web Server 5.1/6.0 env.bas Information Disclosure
5684| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5685| [23574] FireFly Mediaserver 1.0.0.1359 NULL Pointer Dereference
5686| [23560] anteco visual technologies ownserver 1.0 - Directory Traversal vulnerability
5687| [23557] aiptek netcam webserver 0.93.15 - Directory Traversal vulnerability
5688| [23556] GetWare Web Server Component Content-Length Value Remote Denial of Service Vulnerability
5689| [23555] GoAhead WebServer 2.1.x Directory Management Policy Bypass Vulnerability
5690| [23551] MetaDot Portal Server 5.6.x userchannel.pl op Parameter XSS
5691| [23550] MetaDot Portal Server 5.6.x index.pl Multiple Parameter XSS
5692| [23549] MetaDot Portal Server 5.6.x index.pl Information Disclosure
5693| [23548] MetaDot Portal Server 5.6.x index.pl Multiple Parameter SQL Injection
5694| [23544] vicomsoft rapidcache server 2.0/2.2.6 - Directory Traversal vulnerability
5695| [23543] Vicomsoft RapidCache Server 2.0/2.2.6 Host Argument Denial of Service Vulnerability
5696| [23539] Mabry Software FTPServer/X 1.0 Controls Format String Vulnerability
5697| [23533] Accipiter DirectServer 6.0 - Remote File Disclosure Vulnerability
5698| [23531] HD Soft Windows FTP Server 1.5/1.6 Username Format String Vulnerability
5699| [23530] Kroum Grigorov KpyM Telnet Server 1.0 - Remote Denial of Service Vulnerability
5700| [23514] Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Web Server Buffer Overflow Vulnerability
5701| [23506] GoodTech Telnet Server 4.0 - Remote Denial of Service Vulnerability
5702| [23505] Apple MacOS X 10.x SecurityServer Daemon Local Denial of Service Vulnerability
5703| [23493] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (3)
5704| [23492] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (2)
5705| [23491] Jordan Windows Telnet Server 1.0/1.2 Username Stack Based Buffer Overrun Vulnerability (1)
5706| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5707| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5708| [23472] Crystal Reports CrystalPrintControl ActiveX ServerResourceVersion Property Overflow
5709| [23468] Xlight FTP Server 1.25/1.41 PASS Command Remote Buffer Overflow Vulnerability
5710| [23461] dcam webcam server personal web server 8.2.5 - Directory Traversal vulnerability
5711| [23451] PY Software Active Webcam 4.3 Webserver Cross-Site Scripting Vulnerability
5712| [23450] PY Software Active Webcam 4.3 Webserver Directory Traversal Vulnerability
5713| [23449] Xerox MicroServer Web Server Remote Directory Traversal Vulnerability
5714| [23446] GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability
5715| [23440] elektropost episerver 3/4 - Multiple Vulnerabilities
5716| [23439] MVDSV 0.165 b/0.171 Quake Server Download Buffer Overrun Vulnerability
5717| [23437] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (3)
5718| [23436] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (2)
5719| [23435] DameWare Mini Remote Control Server 3.7x Pre-Authentication Buffer Overflow Vulnerability (1)
5720| [23429] Mambo Open Source 4.0.14 Server SQL Injection Vulnerability
5721| [23428] Mambo 4.5 Server user.php Script Unauthorized Access Vulnerability
5722| [23419] Abyss Web Server 1.0/1.1 Authentication Bypass Vulnerability
5723| [23410] IBM Directory Server 4.1 Web Administration Interface Cross-Site Scripting Vulnerability
5724| [23396] SIRCD Server 0.5.2/0.5.3 Operator Privilege Escalation Vulnerability
5725| [23390] EffectOffice Server 2.6 - Remote Service Buffer Overflow Vulnerability
5726| [23388] Valve Software Half-Life Dedicated Server 3.1/4.1 Information Disclosure/DOS Vulnerability
5727| [23387] netserve web server 1.0.7 - Directory Traversal vulnerability
5728| [23370] ncube server manager 1.0 - Directory Traversal vulnerability
5729| [23366] Epic 1.0.1/1.0.x CTCP Nickname Server Message Buffer Overrun Vulnerability
5730| [23365] telcondex simplewebserver 2.13.31027 build 3289 - Directory Traversal vulnerability
5731| [23362] Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit
5732| [23334] IA WebMail Server 3.0/3.1 Long GET Request Buffer Overrun Vulnerability
5733| [23318] Ashley Brown iWeb Server Encoded Backslash Directory Traversal Vulnerability
5734| [23317] Seyeon FlexWATCH Network Video Server 2.2 Unauthorized Administrative Access Vulnerability
5735| [23310] TelCondex SimpleWebserver 2.12.30210 build 3285 HTTP Referer Remote Buffer Overflow Vulnerability
5736| [23309] Centrinity FirstClass 7.1 HTTP Server Directory Disclosure Vulnerability
5737| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5738| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5739| [23271] PSCS VPOP3 2.0 Email Server WebAdmin Cross-Site Scripting Vulnerability
5740| [23267] Atrium Software Mercur Mailserver 3.3/4.0/4.2 IMAP AUTH Remote Buffer Overflow Vulnerability
5741| [23266] Dansie Shopping Cart Server Error Message Installation Path Disclosure Vulnerability
5742| [23263] Opera 7.11/7.20 HREF Malformed Server Name Heap Corruption Vulnerability
5743| [23258] Oracle Database Server 9.0.x Oracle Binary Local Buffer Overflow Vulnerability
5744| [23257] Bajie HTTP Server 0.95 Example Scripts And Servlets Cross-Site Scripting Vulnerability
5745| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5746| [23243] Free Float FTP Server USER Command Buffer Overflow
5747| [23242] WinSyslog Interactive Syslog Server 4.21/ long Message Remote Denial of Service Vulnerability
5748| [23234] Centrinity FirstClass 5.50/5.77/7.0/7.1 - HTTP Server Long Version Field Denial of Service Vulnerability
5749| [23226] FreeFloat FTP Server Arbitrary File Upload
5750| [23222] File Sharing Software Easy File Sharing Web Server 1.2 Information Disclosure Vulnerability
5751| [23217] Divine Content Server 5.0 Error Page Cross-Site Scripting Vulnerability
5752| [23197] Mah-Jong 1.4 MJ-Player Server Flag Local Buffer Overflow Vulnerability
5753| [23191] Savant Web Server 3.1 Page Redirect Denial of Service Vulnerability
5754| [23178] Adobe IndesignServer 5.5 SOAP Server Arbitrary Script Execution
5755| [23166] Plug And Play Web Server 1.0 002c FTP Service Command Handler Buffer Overflow Vulnerabilities
5756| [23160] Mambo Site Server 4.0.14 contact.php Unauthorized Mail Relay
5757| [23159] Mambo Site Server 4.0.14 emailarticle.php id Parameter SQL Injection
5758| [23158] Mambo Site Server 4.0.14 banners.php bid Parameter SQL Injection
5759| [23157] Plug and Play Web Server 1.0 002c Directory Traversal Vulnerability
5760| [23146] Alt-N MDaemon Server 2.71 SP1 SMTP HELO Argument Buffer Overflow Vulnerability
5761| [23145] Ipswitch Imail Server 5.0 SMTP HELO Argument Buffer Overflow Vulnerability
5762| [23143] SCO OpenServer 5.0.x 'mana' PATH_INFO Privilege Escalation Vulnerability
5763| [23141] SCO OpenServer 5.0.x 'mana' REMOTE_ADDR Authentication Bypass Vulnerability
5764| [23139] myServer 0.4.x cgi-lib.dll Remote Buffer Overflow Vulnerability
5765| [23136] futurewave webx server 1.1 - Directory Traversal vulnerability
5766| [23123] Roger Wilco 1.4.1 - Remote Server Side Buffer Overrun Vulnerability
5767| [23121] Kukol E.V. HTTP & FTP Server Suite 6.2 File Disclosure Vulnerability
5768| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5769| [23118] FTP Desktop 3.5 FTP 331 Server Response Buffer Overflow Vulnerability
5770| [23116] Mah-Jong 1.4/1.6 Server Remote Denial of Service Vulnerability
5771| [23115] Mah-Jong 1.4 Client/Server Remote sscanf() Buffer Overflow Vulnerability
5772| [23113] Microsoft Exchange Server 4.0/5.0 SMTP HELO Argument Buffer Overflow Vulnerability
5773| [23100] Ipswitch WS_FTP Server 3.4/4.0 FTP Command Buffer Overrun Vulnerabilities
5774| [23092] FloosieTek FTGatePro 1.22 Mail Server Cross-Site Scripting Vulnerability
5775| [23091] FloosieTek FTGatePro 1.22 Mail Server Path Disclosure Vulnerability
5776| [23071] SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Cross Site Scripting Vulnerability
5777| [23070] sap internet transaction server 4620.2.0.323011 build 46b.323011 - Directory Traversal file disclosure vulnerability
5778| [23069] SAP Internet Transaction Server 4620.2.0.323011 Build 46B.323011 Information Disclosure Vulnerability
5779| [23045] ViRobot Linux Server 2.0 - Local Vulnerabilities
5780| [23042] Cerberus FTPServer 1.71/2.1/2.32 Remote Denial of Service Vulnerability
5781| [23038] eMule 0.2x Client OP_SERVERIDENT Heap Overflow Vulnerability
5782| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
5783| [23002] MDaemon SMTP Server 5.0.5 Null Password Authentication Vulnerability
5784| [22999] Meteor FTP Server 1.2/1.5 USER Memory Corruption Vulnerability
5785| [22994] Sun One 5.1,IPlanet 5.0/5.1 Administration Server Directory Traversal Vulnerability
5786| [22969] Valve Software Half-Life Server 3.1.1.0 - Multiplayer Request Buffer Overflow
5787| [22968] Valve Software Half-Life Server <= 1.1.1.0 , 3.1.1.1c1 and 4.1.1.1a Multiplayer Request Buffer Overflow
5788| [22957] Microsoft SQL Server 7.0/2000,MSDE Named Pipe Denial of Service Vulnerability
5789| [22949] Novell Netware Enterprise Web Server 5.1/6.0 CGI2Perl.NLM Buffer Overflow Vulnerability
5790| [22945] Savant Webserver 3.1 - Denial of Service Vulnerabilities
5791| [22944] Savant Web Server 3.1 CGITest.HTML Cross Site Scripting Vulnerability
5792| [22926] Witango Server 5.0.1 .061 Remote Cookie Buffer Overflow Vulnerability
5793| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
5794| [22909] NetSuite 1.0/1.2 HTTP Server Directory Traversal Vulnerability
5795| [22900] StarSiege Tribes Server Denial of Service Vulnerability (2)
5796| [22899] StarSiege Tribes Server Denial of Service Vulnerability (1)
5797| [22897] Twilight WebServer 1.3.3 .0 GET Request Buffer Overflow Vulnerability
5798| [22892] Mabry Software HTTPServer/X 1.0 0.047 File Disclosure Vulnerability
5799| [22886] ChangshinSoft EZTrans Server Download.PHP Directory Traversal Vulnerability
5800| [22881] PHP Server Monitor Stored XSS
5801| [22875] MyServer 0.4.2 Malformed URI Denial of Service Vulnerability
5802| [22859] Axis Print Server 6.15/6.20 Web Interface Denial of Service Vulnerability
5803| [22825] Armida Databased Web Server 1.0 - Remote GET Request Denial of Service Vulnerability
5804| [22817] MyServer 0.4.1 - Remote Denial of Service Vulnerability
5805| [22804] Kerio MailServer 5.6.3 Web Mail DO_MAP Module Cross-Site Scripting Vulnerability
5806| [22803] Kerio Mailserver 5.6.3 do_map Module Overflow
5807| [22802] Kerio Mailserver 5.6.3 list Module Overflow
5808| [22801] Kerio Mailserver 5.6.3 add_acl Module Overflow
5809| [22800] Kerio Mailserver 5.6.3 subscribe Module Overflow
5810| [22799] Kerio MailServer 5.6.3 Web Mail ADD_ACL Module Cross-Site Scripting Vulnerability
5811| [22795] MiniHTTPServer WebForums Server 1.x/2.0 - Remote Directory Traversal Vulnerability
5812| [22794] Proxomitron Proxy Server Long Get Request Remote Denial of Service Vulnerability
5813| [22785] MyServer 0.4.1/0.4.2 HTTP Server Directory Traversal Vulnerability
5814| [22775] FreeWnn 1.1.1 JServer Logging Option Data Corruption Vulnerability
5815| [22774] myServer 0.4.1 Signal Handling Denial of Service Vulnerability
5816| [22769] Methodus 3 Web Server File Disclosure Vulnerability
5817| [22758] silentthought simple web server 1.0 - Directory Traversal vulnerability
5818| [22757] ArGoSoft Mail Server 1.8.3 .5 - Multiple GET Requests Denial of Service Vulnerability
5819| [22755] Aiglon Web Server 2.0 Installation Path Information Disclosure Weakness
5820| [22706] Crob FTP Server 2.50.4 - Remote Username Format String Vulnerability
5821| [22701] MyServer 0.5 HTTP GET Argument Buffer Overflow Vulnerability
5822| [22700] MyServer 0.4.3 HTTP GET Argument Buffer Overflow Vulnerability
5823| [22692] Zeus Web Server 4.x Admin Interface VS_Diag.CGI Cross Site Scripting Vulnerability
5824| [22691] pablo software solutions baby ftp server 1.2 - Directory Traversal vulnerability
5825| [22668] BaSoMail 1.24 SMTP Server Command Buffer Overflow Vulnerability
5826| [22667] BaSoMail 1.24 POP3 Server Denial of Service Vulnerability
5827| [22666] Softrex Tornado WWW-Server 1.2 - Buffer Overflow Vulnerability
5828| [22665] Sun ONE Application Server 7.0 Error Message Cross-Site Scripting Vulnerability
5829| [22664] Sun ONE Application Server 7.0 Source Disclosure Vulnerability
5830| [22662] iPlanet Messaging Server 5.0/5.1 HTML Attachment Cross Site Scripting Vulnerability
5831| [22635] Magic Winmail Server 2.3 USER POP3 Command Format String Vulnerability
5832| [22629] Apple QuickTime/Darwin Streaming Server 4.1.3 QTSSReflector Module Integer Overflow Vulnerability
5833| [22615] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (3)
5834| [22614] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (2)
5835| [22613] Maelstrom Server 3.0.x Argument Buffer Overflow Vulnerability (1)
5836| [22611] Netscape Enterprise Server 3.x/4.x PageServices Information Disclosure Vulnerability
5837| [22610] Snowblind Web Server 1.0/1.1 HTTP GET Request Buffer Overflow Vulnerability
5838| [22609] Snowblind 1.0/1.1 Web Server File Disclosure Vulnerability
5839| [22608] Snowblind Web Server 1.0/1.1 Malformed HTTP Request Denial of Service Vulnerability
5840| [22582] Youngzsoft CMailServer 4.0 RCPT TO Buffer Overflow Vulnerability
5841| [22581] Youngzsoft CMailServer 4.0 MAIL FROM Buffer Overflow Vulnerability
5842| [22580] Firebird 1.0 GDS_Inet_Server Interbase Environment Variable Buffer Overflow Vulnerability
5843| [22576] Microsoft SQL Server 7.0/2000 JET Database Engine 4.0 Buffer Overrun Vulnerability
5844| [22556] MDG Web Server 4D 3.6 HTTP Command Buffer Overflow Vulnerability
5845| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
5846| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
5847| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
5848| [22549] AVerCaster Pro RS3400 Web Server Directory Traversal
5849| [22527] Xeneo Web Server 2.2.10 Undisclosed Buffer Overflow Vulnerability
5850| [22516] Xeneo Web Server 2.2.9 - Denial of Service Vulnerability
5851| [22506] EZ Server 1.0 File Disclosure Vulnerability
5852| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5853| [22504] Cerberus FTP Server 2.1 Information Disclosure Weakness
5854| [22503] TW-WebServer 1.0 - Denial of Service Vulnerability (2)
5855| [22502] TW-WebServer 1.0 - Denial of Service Vulnerability (1)
5856| [22497] 12Planet Chat Server 2.5 Error Message Installation Path Disclosure Vulnerability
5857| [22496] Python 2.2/2.3 Documentation Server Error Page Cross-Site Scripting Vulnerability
5858| [22472] Vignette StoryServer 4.1 Sensitive Stack Memory Information Disclosure Vulnerability
5859| [22466] BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit (ASLR + DEP bypass)
5860| [22465] Sysax FTP Automation Server 5.33 Local Privilege Escalation
5861| [22460] Abyss Web Server 1.1.2 Incomplete HTTP Request Denial of Service Vulnerability
5862| [22446] EZ Server 1.0 Long Argument Local Denial of Service Vulnerability
5863| [22434] Sambar Server 5.x Information Disclosure Vulnerability
5864| [22382] Mambo Site Server 4.0.10 index.php Cross Site Scripting Vulnerability
5865| [22379] PXE Server 2.0 - Remote Buffer Overrun Vulnerability
5866| [22356] Samba SMB 2.2.x,CIFS/9000 Server A.01.x Packet Assembling Buffer Overflow Vulnerability
5867| [22351] Freefloat FTP Server PUT Command Buffer Overflow
5868| [22312] Apple QuickTime/Darwin Streaming Server 4.1.x parse_xml.cgi File Disclosure Vulnerability
5869| [22311] Axis Communications Video Server 2.x Command.CGI File Creation Vulnerability
5870| [22302] hMailServer 5.3.3 IMAP Remote Crash PoC
5871| [22296] Axis Communications HTTP Server 2.x Messages Information Disclosure Vulnerability
5872| [22281] Mambo Site Server 4.0.12 RC2 Cookie Validation Vulnerability
5873| [22250] iParty Conferencing Server Denial of Service Vulnerability
5874| [22230] Netscape Enterprise Server 4.1 HTTP Method Name Buffer Overflow Vulnerability
5875| [22221] Electrasoft 32Bit FTP 9.49.1 Client Long Server Banner Buffer Overflow Vulnerability
5876| [22220] ByteCatcher FTP Client 1.0.4 Long Server Banner Buffer Overflow Vulnerability
5877| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5878| [22185] Sambar Server 5.x results.stm Cross Site Scripting Vulnerability
5879| [22178] Sun ONE Unified Development Server 5.0 Recursive Document Type Definition Vulnerability
5880| [22161] Turbo FTP Server 1.30.823 PORT Overflow
5881| [22144] Xynph FTP Server 1.0 Relative Path Directory Traversal Vulnerability
5882| [22142] Half-Life 1.1 Client Server Message Format String Vulnerability
5883| [22136] PlatinumFTPServer 1.0.6 Dot-Dot-Slash Directory Traversal Vulnerability
5884| [22113] PlatinumFTPServer 1.0.6 Arbitrary File Deletion Vulnerability
5885| [22112] PlatinumFTPServer 1.0.6 Information Disclosure Vulnerability
5886| [22087] Mambo Site Server 4.0.11 Path Disclosure Vulnerability
5887| [22086] Mambo Site Server 4.0.11 PHPInfo.PHP Information Disclosure Vulnerability
5888| [22081] Mollensoft Software Enceladus Server Suite 3.9 FTP Command Buffer Overflow
5889| [22078] mollensoft software enceladus server suite 2.6.1/3.9 - Directory Traversal
5890| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5891| [22064] zeroo http server 1.5 - Directory Traversal vulnerability (2)
5892| [22063] zeroo http server 1.5 - Directory Traversal vulnerability (1)
5893| [22044] Web Server Creator Web Portal 0.1 - Remote File Include Vulnerability
5894| [22041] Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities
5895| [22036] XFree86 X11R6 3.3.x Font Server Remote Buffer Overrun Vulnerability
5896| [22023] MailEnable 1.501x Email Server Buffer Overflow Vulnerability
5897| [22021] Lonerunner Zeroo HTTP Server 1.5 - Remote Buffer Overflow Vulnerability
5898| [22018] keyfocus kf web server 1.0.8 - Directory Traversal vulnerability
5899| [22006] Ezhometech EzServer 7.0 - Remote Heap Corruption Vulnerability
5900| [22001] Simple Web Server 0.5.1 File Disclosure Vulnerability
5901| [22000] Zeus Web Server 4.0/4.1 Admin Interface Cross Site Scripting Vulnerability
5902| [21982] Northern Solutions Xeneo Web Server 2.1/2.2 - Denial of Service Vulnerability
5903| [21981] Monkey HTTP Server 0.4/0.5 Invalid POST Request Denial of Service Vulnerability
5904| [21978] Linksys WAP11 1.3/1.4,D-Link DI-804 4.68/Dl-704 2.56 b5 Embedded HTTP Server DoS Vulnerability
5905| [21973] SmartMail Server 1.0 BETA 10 Oversized Request Denial of Service Vulnerability
5906| [21972] SmartMail Server 2.0 Closed Connection Denial of Service Vulnerability
5907| [21965] Alt-N MDaemon 6.0.x POP Server Buffer Overflow Vulnerability
5908| [21964] solarwinds tftp server standard edition 5.0.55 - Directory Traversal vulnerability
5909| [21963] SolarWinds TFTP Server Standard Edition 5.0.55 Large UDP Packet Vulnerability
5910| [21948] IBM Websphere Edge Server 3.69/4.0 HTTP Header Injection Vulnerability
5911| [21947] IBM Websphere Edge Server 3.6/4.0 Cross Site Scripting Vulnerability
5912| [21944] Cisco CatOS 5.x/6.1/7.3/7.4 CiscoView HTTP Server Buffer Overflow Vulnerability
5913| [21938] TelCondex SimpleWebServer 2.0.6 - Denial of Service Vulnerability
5914| [21935] My Web Server 1.0.1/1.0.2 Long Get Request Denial of Service Vulnerability
5915| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
5916| [21917] BlackIce Server Protection 3.5/BlackICE Defender 2.9 Auto Block DoS Weakness
5917| [21911] Oracle 9i Application Server 9.0.2 Web Cache Administration Tool Denial of Service Vulnerability
5918| [21909] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (3)
5919| [21908] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (2)
5920| [21907] Cooolsoft PowerFTP Server 2.x Remote Denial of Service Vulnerability (1)
5921| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5922| [21880] Monkey HTTP Server 0.1/0.4/0.5 - Multiple Cross Site Scripting Vulnerabilities
5923| [21866] ServersCheck Monitoring Software 9.0.12 / 9.0.14 - Stored XSS
5924| [21857] Monkey HTTP Server 0.1.4 File Disclosure Vulnerability
5925| [21856] OpenVMS 5.3/6.2/7.x UCX POP Server Arbitrary File Modification Vulnerability
5926| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5927| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5928| [21834] phpMyAdmin 3.5.2.2 server_sync.php Backdoor
5929| [21794] Savant Webserver 3.1 File Disclosure Vulnerability
5930| [21792] Savant Webserver 3.1 Malformed Content-Length Denial of Service Vulnerability
5931| [21775] SWS Simple Web Server 0.0.3/0.0.4/0.1 New Line Denial of Service Vulnerability
5932| [21758] Caldera X Server 7.1/8.0 External Program Privileged Invocation Weakness
5933| [21751] Blazix 1.2 Special Character Handling Server Side Script Information Disclosure
5934| [21737] Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability
5935| [21735] Abyss Web Server 1.0 Encoded Backslash Directory Traversal Vulnerability
5936| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5937| [21728] Kerio MailServer 5.0/5.1 Web Mail Multiple Cross Site Scripting Vulnerabilities
5938| [21719] Apache 2.0 Path Disclosure Vulnerability
5939| [21710] MyWebServer 1.0.2 Long HTTP Request HTML Injection Vulnerability
5940| [21709] MyWebServer 1.0.2 Search Request Remote Buffer Overflow Vulnerability
5941| [21707] GoAhead WebServer 2.1 - Remote Arbitrary Command Execution Vulnerability
5942| [21698] BlueFace Falcon Web Server 2.0 Error Message Cross-Site Scripting Vulnerability
5943| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5944| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
5945| [21692] MS IE 5/6,Konqueror 2.2.2/3.0,Weblogic Server 5/6/7 Invalid X.509 Certificate Chain
5946| [21655] Cisco IOS 11.x TFTP Server Long File Name Buffer Overflow Vulnerability
5947| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
5948| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
5949| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
5950| [21639] VMWare GSX Server 2.0 Authentication Server Buffer Overflow Vulnerability
5951| [21627] Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability
5952| [21626] 3.3/4.0/4.2 MERCUR Mailserver Control-Service Buffer Overflow
5953| [21611] Summit Computer Networks Lil' HTTP Server 2.1/2.2 pbcgi.cgi Cross Site Scripting
5954| [21608] GoAhead WebServer 2.1.x Error Page Cross Site Scripting Vulnerability
5955| [21607] GoAhead WebServer 2.1.x URL Encoded Slash Directory Traversal Vulnerability
5956| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5957| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5958| [21603] iPlanet Web Server 4.1 Search Component File Disclosure Vulnerability
5959| [21602] icecast server 1.3.12 - Directory Traversal information disclosure vulnerability
5960| [21597] Key Focus KF Web Server 1.0.2 Directory Contents Disclosure Vulnerability
5961| [21593] Epic Games Unreal Tournament Server 436.0 DoS Amplifier Vulnerability
5962| [21591] ArGoSoft 1.8 Mail Server Directory Traversal Vulnerability
5963| [21586] E-Guest 1.1 Server Side Include Arbitrary Command Execution Vulnerability
5964| [21581] Summit Computer Networks Lil' HTTP Server 2 URLCount.CGI HTML Injection Vulnerability
5965| [21577] HP CIFS/9000 Server A.01.05/A.01.06 Buffer Overflow Vulnerability
5966| [21572] Half-Life Server 1.1/3.1 New Player Flood Denial of Service Vulnerability
5967| [21569] MS SQL Server 2000,MS Jet 4.0 Engine Unicode Buffer Overflow Vulnerability
5968| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5969| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5970| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
5971| [21542] AnalogX SimpleServer:WWW 1.16 Web Server Buffer Overflow Vulnerability
5972| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
5973| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
5974| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5975| [21531] Caldera OpenServer 5.0.x XSCO Color Database File Heap Overflow Vulnerability
5976| [21510] MS IE 5/6,MS ISA Server 2000,MS Proxy Server 2.0 Gopher Client Buffer Overflow
5977| [21508] SafeNet Sentinel Keys Server Crash PoC
5978| [21498] Evolvable Shambala Server 4.5 Web Server Denial of Service Vulnerability
5979| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5980| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5981| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5982| [21489] Caldera OpenServer 5.0.5/5.0.6 SCOAdmin Symbolic Link Vulnerability
5983| [21488] Netscape Enterprise Web Server for Netware 4/5 5.0 Information Disclosure
5984| [21482] MIT PGP Public Key Server 0.9.2/0.9.4 Search String Remote Buffer Overflow
5985| [21468] Matu FTP Server 1.13 Buffer Overflow Vulnerability
5986| [21467] YoungZSoft 3.30/4.0 CMailServer Buffer Overflow Vulnerability (2)
5987| [21466] YoungZSoft 3.30/4.0 CMailServer Buffer Overflow Vulnerability (1)
5988| [21450] id Software Quake II Server 3.20/3.21 Remote Information Disclosure Vulnerability
5989| [21445] Critical Path InJoin Directory Server 4.0 File Disclosure Vulnerability
5990| [21444] Critical Path InJoin Directory Server 4.0 Cross-Site Scripting Vulnerability
5991| [21432] BEA Systems WebLogic Server and Express 7.0 Null Character DoS
5992| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5993| [21411] vqServer 1.9.x CGI Demo Program Script Injection Vulnerability
5994| [21390] Sambar Server 5.1 Script Source Disclosure Vulnerability
5995| [21367] Abyss Web Server 1.0 File Disclosure Vulnerability
5996| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5997| [21338] XTux Server 2001.0 6.01 Garbage Denial of Service Vulnerability
5998| [21337] Menasoft SPHEREserver 0.99 Denial of Service Vulnerability
5999| [21306] Galacticomm Worldgroup 3.20 Remote Web Server Denial of Service Vulnerability
6000| [21298] Essentia Web Server 2.1 Long URL Buffer Overflow Vulnerability
6001| [21294] Phusion Webserver 1.0 Long URL Buffer Overflow Vulnerability
6002| [21293] Phusion Webserver 1.0 Long URL Denial of Service Vulnerability
6003| [21292] phusion webserver 1.0 - Directory Traversal vulnerability (2)
6004| [21291] phusion webserver 1.0 - Directory Traversal vulnerability (1)
6005| [21273] Ezylog Photovoltaic Management Server Multiple Vulnerabilities
6006| [21260] Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability
6007| [21237] Cyberstop Web Server 0.1 Long Request DoS Vulnerability
6008| [21228] Sambar Server 5.1 Sample Script Denial of Service Vulnerability
6009| [21215] FreeWnn 1.1 jserver JS_MKDIR Metacharacter Command Execution Vulnerability
6010| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
6011| [21178] Brian Dorricott MAILTO 1.0.7-9 Unauthorized Mail Server Use Vulnerability
6012| [21170] Volition Red Faction 1.0/1.1 Game Server/Client Denial of Service Vulnerability
6013| [21163] Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial of Service Vulnerability (2)
6014| [21162] Cooolsoft PowerFTP Server 2.0 3/2.10 Multiple Denial of Service Vulnerability (1)
6015| [21145] IBM HTTP Server 1.3.x Source Code Disclosure Vulnerability
6016| [21142] Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability
6017| [21141] Red Hat TUX 2.1 .0-2 HTTP Server Oversized Host Denial of Service Vulnerability
6018| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
6019| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
6020| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
6021| [21110] EFTP Server 2.0.7 .337 Directory and File Existence Vulnerability
6022| [21101] Merit AAA RADIUS Server 3.8 rlmadmin Symbolic Link Vulnerability
6023| [21089] AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (2)
6024| [21088] AOLServer 3 Long Authentication String Buffer Overflow Vulnerability (1)
6025| [21042] id Software Quake 3 Arena Server 1.29 Possible Buffer Overflow Vulnerability
6026| [21039] SimpleServer:WWW 1.0.7/1.0.8/1.13 Hex Encoded URL Directory Traversal Vulnerability
6027| [21027] Sambar Server 4.x/5.0 Insecure Default Password Protection Vulnerability
6028| [21026] Sambar Server 4.4/5.0 pagecount File Overwrite Vulnerability
6029| [21009] ArGoSoft FTP Server 1.2.2 .2 Weak Password Encryption Vulnerability
6030| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
6031| [20946] Cerberus FTP Server 1.x Buffer Overflow DoS Vulnerability
6032| [20934] Internet Software Solutions Air Messenger LAN Server 3.4.2 Path Disclosure Vulnerability
6033| [20933] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (4)
6034| [20932] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (3)
6035| [20931] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (2)
6036| [20930] MS Index Server 2.0 and Indexing Service for Win 2000 ISAPI Extension Buffer Overflow (1)
6037| [20922] Rumpus FTP Server 1.3.x/2.0.3 Stack Overflow DoS Vulnerability
6038| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
6039| [20910] TransSoft Broker FTP Server 3.0/4.0/4.7/5.x CWD Buffer Overflow Vulnerability
6040| [20904] Pragma Systems InterAccess TelnetD Server 4.0 - Denial of Service
6041| [20895] WebTrends Enterprise Reporting Server 3.1 c/3.5 Source Code Disclosure
6042| [20879] OpenServer 5.0.5/5.0.6,HP-UX 10/11,Solaris 2.6/7.0/8 rpc.yppasswdd Buffer Overrun
6043| [20876] Simple Web Server 2.2-rc2 ASLR Bypass Exploit
6044| [20851] SCO OpenServer 5.0.x StartX Weak XHost Permissions Vulnerability
6045| [20845] Maxum Rumpus FTP Server 1.3.2/1.3.4/2.0.3 dev Remote DoS
6046| [20830] T. Hauck Jana Server 1.45/1.46/2.0 MS-DOS Device Name DoS Vulnerability
6047| [20829] T. Hauck Jana Server 1.45/1.46 Hex Encoded Directory Traversal Vulnerability
6048| [20828] SpyNet 6.5 Chat Server Multiple Connection Denial of Service Vulnerability
6049| [20826] Jason Rahaim MP3Mystic 1.0.x Server Directory Traversal Vulnerability
6050| [20825] michael lamont savant http server 2.1 - Directory Traversal vulnerability
6051| [20814] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (5)
6052| [20813] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (4)
6053| [20812] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (3)
6054| [20811] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (2)
6055| [20810] FreeBSD 2.x,HP-UX 9/10/11,kernel 2.0.3,Windows NT 4.0/Server 2003,NetBSD 1 loopback (land.c) DoS (1)
6056| [20809] Excite for Web Servers 1.1 Administrative Password Vulnerability
6057| [20797] Perl Web Server 0.x Path Traversal Vulnerability
6058| [20796] Zabbix Server Arbitrary Command Execution
6059| [20793] RobTex Viking Server 1.0.7 Relative Path Webroot Escaping Vulnerability
6060| [20779] Oracle 8 Server 'TNSLSNR80.EXE' DoS Vulnerability
6061| [20771] Simpleserver WWW 1.0.x AUX Directory Denial of Service Vulnerability
6062| [20770] GoAhead Software GoAhead Webserver (Windows) 2.1 - Denial of Service
6063| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
6064| [20758] Vice City Multiplayer Server 0.3z R2 Remote Code Execution
6065| [20747] Oracle Application Server 4.0.8 .2 ndwfn4.so buffer overflow
6066| [20742] SCO Open Server 5.0.6 recon Buffer Overflow Vulnerability
6067| [20739] SCO Open Server 5.0.6 lpusers Buffer Overflow Vulnerability
6068| [20737] SCO Open Server 5.0.6 lpshut Buffer Overflow Vulnerability
6069| [20736] SCO Open Server 5.0.6 lpforms Buffer Overflow Vulnerability
6070| [20735] SCO OpenServer 5.0.6 lpadmin Buffer Overflow Vulnerability
6071| [20726] Gene6 BPFTP Server 2.0 File Existence Disclosure Vulnerability
6072| [20723] Gene6 BPFTP FTP Server 2.0 User Credentials Disclosure Vulnerability
6073| [20719] Tomcat 3.2.1/4.0,Weblogic Server 5.1 URL JSP Request Source Code Disclosure Vulnerability
6074| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
6075| [20702] Sysax Multi Server 5.64 Create Folder Buffer Overflow
6076| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
6077| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
6078| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
6079| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
6080| [20682] Michael Lamont Savant Web Server 3.0 DoS Vulnerability
6081| [20677] "IOServer ""Root Directory"" Trailing Backslash Multiple Vulnerabilities"
6082| [20676] Sysax Multi-Server 5.64 Create Folder Buffer Overflow
6083| [20657] robin twombly a1 http server 1.0 - Directory Traversal vulnerability
6084| [20656] Robin Twombly A1 HTTP Server 1.0 - Denial of Service Vulnerability
6085| [20655] Orange Software Orange Web Server 2.1 DoS Vulnerability
6086| [20647] Atrium Software Mercur Mail Server 3.3 EXPN Buffer Overflow Vulnerability
6087| [20638] Bajie Webserver 0.78/0.90 Remote Command Execution Vulnerability
6088| [20622] Xmail 0.5/0.6 CTRLServer Remote Arbitrary Commands Vulnerability
6089| [20620] SCO UNIX 5 calserver Remote Buffer Overflow Vulnerability
6090| [20616] soft lite serverworx 3.0 - Directory Traversal vulnerability
6091| [20614] aolserver 3.2 win32 - Directory Traversal vulnerability
6092| [20612] informs picserver 1.0 - Directory Traversal vulnerability
6093| [20609] Heat-On HSWeb Web Server 2.0 Path Disclosure Vulnerability
6094| [20608] guido frassetto sedum http server 2.0 - Directory Traversal vulnerability
6095| [20607] goahead webserver 2.0/2.1 - Directory Traversal vulnerability
6096| [20602] Solaris x86 2.4/2.5 nlps_server Buffer Overflow Vulnerability
6097| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
6098| [20591] Netscape Enterprise Server 3.0/4.0 'Index' Disclosure Vulnerability
6099| [20570] Sambar Server 4.1 beta Admin Access Vulnerability
6100| [20531] IBM HTTP Server 1.3 AfpaCache/WebSphereNet.Data DoS Vulnerability
6101| [20530] Lotus Domino Server 5.0.x Directory Traversal Vulnerability (2)
6102| [20529] Lotus Domino Server 5.0.x Directory Traversal Vulnerability (1)
6103| [20516] BEA Systems Weblogic Server 4.0 x/4.5 x/5.1 x Double Dot Buffer Overflow
6104| [20496] Oops Proxy Server 1.4.22 Buffer Overflow Vulnerabilities (2)
6105| [20495] Oops Proxy Server 1.4.22 Buffer Overflow Vulnerabilities (1)
6106| [20482] Novell Netware Web Server 3.x files.pl Vulnerability
6107| [20460] Microsoft Windows NT 4.0 PhoneBook Server Buffer Overflow
6108| [20457] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability
6109| [20456] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability
6110| [20451] Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
6111| [20448] Novell NetWare Web Server 2.x convert.bas Vulnerability
6112| [20445] IIS 1.0,Netscape Server 1.0/1.12,OReilly WebSite Professional 1.1 b BAT/.CMD Remote Command Execution
6113| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
6114| [20407] NetcPlus SmartServer3 3.75 Weak Encryption Vulnerability
6115| [20406] RealServer 5.0/6.0/7.0 Memory Contents Disclosure Vulnerability
6116| [20403] Small HTTP server 2.0 1 Non-Existent File DoS Vulnerability
6117| [20396] HP-UX 10.x/11.x Aserver PATH Vulnerability
6118| [20375] Sun Java Web Server 1.1 Beta Viewable .jhtml Source Vulnerability
6119| [20367] xeams email server 4.4 build 5720 - Stored XSS
6120| [20366] winwebmail server 3.8.1.6 - Stored XSS
6121| [20349] emailarchitect enterprise email server 10.0 - Stored XSS
6122| [20348] axigen mail server 8.0.1 - Stored XSS
6123| [20325] Netscape Directory Server 4.12 Directory Server Directory Traversal Vulnerability
6124| [20319] Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion
6125| [20318] Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message RCE
6126| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
6127| [20282] Evolvable Shambala Server 4.5 DoS Vulnerability
6128| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
6129| [20246] TalentSoft Web+ Application Server (Linux) 4.6 Example Script File Disclosure
6130| [20245] TalentSoft Web+ Client/Monitor/server 4.6 Source Code Disclosure Vulnerability
6131| [20244] TalentSoft Web+ Client/Monitor/server 4.6 Internal IP Address Disclosure
6132| [20242] Unixware 7.0 SCOhelp HTTP Server Format String Vulnerability
6133| [20229] IBM Websphere Application Server 3.0.2 Server Plugin DoS Vulnerability
6134| [20228] TYPSoft 0.7 x FTP Server remote DoS Vulnerability
6135| [20223] Sambar Server 4.3/4.4 beta 3 Search CGI Vulnerability
6136| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
6137| [20180] RobTex Viking Server 1.0.6 Build 355 Buffer Overflow Vulnerability
6138| [20178] vqSoft vqServer 1.4.49 DoS Vulnerability
6139| [20175] PragmaSys TelnetServer 2000 rexec Buffer Overflow Vulnerability
6140| [20163] WorldView 6.5/Wnn4 4.2 Asian Language Server Remote Buffer Overflow Vulnerability
6141| [20148] MediaHouse Software Statistics Server LiveStats 5.2 - Buffer Overflow Vulnerability
6142| [20136] NAI Net Tools PKI Server 1.0 Format String Vulnerability
6143| [20135] nai net tools pki server 1.0 - Directory Traversal vulnerability
6144| [20134] NAI Net Tools PKI Server 1.0 strong.exe Buffer Overflow Vulnerability
6145| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
6146| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
6147| [20108] CVS Kit CVS Server 1.10 .8 Checkin.prog Binary Execution Vulnerability
6148| [20107] CVS Kit CVS Server 1.10 .8 Instructed File Create Vulnerability
6149| [20104] Roxen WebServer 2.0 .X %00 Request File/Directory Disclosure Vulnerability
6150| [20103] analogx simpleserver:www 1.0.6 - Directory Traversal vulnerability
6151| [20097] IBM Websphere Application Server 2.0./3.0/3.0.2 .1 Showcode Vulnerability
6152| [20095] Sun Java Web Server 1.1.3/2.0 Servlets Vulnerability
6153| [20066] Michael Lamont Savant WebServer 2.1/3.0 - Buffer Overflow Vulnerability
6154| [20054] West Street Software LocalWEB HTTP Server 1.2 - Buffer Overflow
6155| [20052] Centrinity FirstClass 5.77 0 Intranet Server Long Header Denial of Service Vulnerability
6156| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
6157| [20046] Netscape Professional Services FTP Server (LDAP Aware) 1.3.6 FTP Server Vulnerability
6158| [20028] Simple Web Server Connection Header Buffer Overflow
6159| [20026] OpenLinux 2.3/2.4,RedHat 6.0/6.1,SCO eServer 2.3 - Denial of Service
6160| [20021] RedHat 6.2 Piranha Virtual Server Package Plaintext Password Vulnerability
6161| [20017] Max Feoktistov Small HTTP server 1.212 Buffer Overflow
6162| [20016] Shadow Op Software Dragon Server 1.0/2.0 - Multiple DoS
6163| [20015] AnalogX SimpleServer:WWW 1.0.5 DoS Vulnerability
6164| [20009] atmail email server appliance 6.4 - Stored XSS - csrf - rce
6165| [19996] ColdFusion Server 2.0/3.x/4.x Administrator Login Password DoS Vulnerability
6166| [19995] Michael Lamont Savant WebServer 2.1 CGI Source Code Disclosure
6167| [19988] httpdx 1.5.4 - Remote HTTP Server Denial of Service
6168| [19986] Oxide Webserver 2.0.4 - Denial of Service Vulnerability
6169| [19977] Real Networks Real Server 7.0/7.0.1/8.0 Beta View-Source DoS Vulnerability
6170| [19976] Concatus IMate Web Mail Server 2.5 - Buffer Overflow Vulnerability
6171| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
6172| [19950] XFree86 X11R6 3.3.5/3.3.6/4.0 Xserver Denial of Service Vulnerability
6173| [19944] Lotus Domino Enterprise Server 5.0.1/5.0.2/5.0.3,Mail Server 5.0.1/5.0.2/5.0.3 - Buffer Overflow
6174| [19937] Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit
6175| [19920] Computalynx CProxy Server 3.3 SP2 Buffer Overflow DoS Vulnerability
6176| [19897] FrontPage 2000,IIS 4.0/5.0 Server Extensions Path Disclosure Vulnerability
6177| [19895] NetWin DNews 5.3 Server Buffer Overflow Vulnerability
6178| [19884] Atrium Software Cassandra NNTP Server 1.10 Buffer Overflow Vulnerability
6179| [19879] RedHat 6.2 Piranha Virtual Server Package Default Account and Password Vulnerability
6180| [19877] FrontPage 98/Personal WebServer 1.0,Personal Web Server 2.0 htimage.exe File Existence Disclosure
6181| [19857] ALLMediaServer 0.8 - Buffer Overflow
6182| [19856] GameHouse dldisplay ActiveX control 0,Real Server 7.0 Port 7070 DoS
6183| [19853] FrontPage 97/98 Server Image Mapper Buffer Overflow
6184| [19850] RedHat Linux 6.x X Font Server DoS and Buffer Overflow Vulnerabilities
6185| [19846] MS FrontPage 98 Server Extensions for IIS,MS InterDev 1.0 - Buffer Overflow Vulnerability
6186| [19845] MS FrontPage 98 Server Extensions for IIS,MS InterDev 1.0 Filename Obfuscation
6187| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
6188| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
6189| [19822] SGI IRIX 5.x/6.x Objectserver Vulnerability
6190| [19820] AnalogX SimpleServer:WWW 1.0.3 DoS Vulnerability
6191| [19815] vqsoft vqserver for windows 1.9.9 - Directory Traversal vulnerability
6192| [19814] Netscape Enterprise Server 3.0/3.6/3.51 Directory Indexing Vulnerability
6193| [19807] Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (2)
6194| [19806] Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)
6195| [19805] GameHouse dldisplay ActiveX control 0,Real Server 5.0/7.0 Internal IP Address Disclosure
6196| [19799] Windows 2000/95/98/ME/NT 3.5.x/Enterprise Server 4.0/Terminal Server 4.0/Workstation 4.0 MS DoS Device Name DoS
6197| [19783] Netscape Enterprise Server 3.6 SP2/FastTrack Server 2.0.1 GET Request Vulnerability
6198| [19761] Sambar Server 4.2 beta 7 Batch CGI Vulnerability
6199| [19760] Pragma Systems InterAccess TelnetD Server 4.0 Terminal Configuration Vulnerability
6200| [19755] Pragma Systems InterAccess TelnetD Server 4.0 Build 4 Buffer Overflow
6201| [19753] ms frontpage personal webserver 1.0/personal web server 4.0 - Directory Traversal
6202| [19752] SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability
6203| [19749] ISC BIND 4.9.7/8.x Traffic Amplification and NS Route Discovery Vulnerability
6204| [19748] True North Software Internet Anywhere Mail Server 3.1.3 RETR DoS
6205| [19747] Zeus Web Server 3.x Null Terminated Strings Vulnerability
6206| [19745] Daniel Beckham The Finger Server 0.82 BETA Pipe Vulnerability
6207| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
6208| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
6209| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
6210| [19712] Allaire ColdFusion Server 4.0/4.0.1 CFCACHE Vulnerability
6211| [19705] Netscape FastTrack Server 2.0.1 a GET Buffer Overflow Vulnerability
6212| [19703] AnalogX SimpleServer:WWW 1.0.1 GET Buffer Overflow Vulnerability
6213| [19695] Michael Lamont Savant WebServer 2.0 NULL Character DoS Vulnerability
6214| [19689] ZBServer Pro 1.5 - Buffer Overflow Vulnerability (2)
6215| [19688] ZBServer Pro 1.5 - Buffer Overflow Vulnerability (1)
6216| [19687] Real Networks Real Server 5.0 ramgen Denial of Service Vulnerability
6217| [19684] SCO Open Server 5.0.5,IRIX 6.2 ibX11/X11 Toolkit/Athena Widget Library Buffer Overflows Vulnerability
6218| [19682] Netscape Enterprise Server ,Novell Groupwise 5.2/5.5 GWWEB.EXE Multiple Vulnerabilities
6219| [19666] GoodTech Telnet Server NT 2.2.1 DoS Vulnerability
6220| [19664] Cat Soft Serv-U 2.5 a Server SITE PASS DoS Vulnerability
6221| [19638] Microsoft SQL Server 7.0/7.0 SP1 NULL Data DoS Vulnerability
6222| [19635] Sun Solaris 7.0 rpc.ttdbserver Denial of Service Vulnerability
6223| [19633] Windows 95/98/Enterprise Server 4/NT Server 4/Terminal Server 4/Workstation 4 Riched Buffer Overflow
6224| [19632] Tektronix Phaser Network Printer 740/750/750DP/840/930 PhaserLink Webserver Vulnerability
6225| [19625] ALLMediaServer 0.8 SEH Overflow Exploit
6226| [19624] Gene6 G6 FTP Server 2.0 - Buffer Overflow DoS Vulnerability
6227| [19622] Antelope Software W4-Server 2.6 a/Win32 Cgitest.exe Buffer Overflow
6228| [19619] QPC Software QVT Term 4.3/QVT/Net 4.3 Suite FTP Server DoS Vulnerability
6229| [19617] NetcPlus SmartServer3 3.5.1 POP Buffer Overflow Vulnerability
6230| [19613] Poison Ivy 2.3.2 C&C Server Buffer Overflow
6231| [19611] TransSoft Broker FTP Server 3.0 x/4.0 User Name Buffer Overflow Vulnerability
6232| [19584] Sky Communications Skyfull 1.1.4 Mail Server MAIL FROM Buffer Overflow
6233| [19581] Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (2)
6234| [19580] Avirt Gateway Suite 3.3 a/3.5 Mail Server Buffer Overflow (1)
6235| [19571] Netscape Messaging Server 3.6/3.54/3.55 RCPT TO DoS Vulnerability
6236| [19562] "MediaHouse Software Statistics Server 4.28/5.1 ""Server ID"" Buffer Overflow Vulnerability"
6237| [19561] True North Software Internet Anywhere Mail Server 2.3.x Mail Server Multiple Buffer Overflow
6238| [19543] SCO Open Server 5.0.5 cancel Buffer Overflow Vulnerability
6239| [19542] SCO Open Server <= 5.0.5 'userOsa' symlink Vulnerability
6240| [19540] t. hauck jana webserver 1.0/1.45/1.46 - Directory Traversal vulnerability
6241| [19500] SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (2)
6242| [19499] SCO Open Server 5.0.5 X Library Buffer Overflow Vulnerability (1)
6243| [19494] NetcPlus SmartServer 3.5.1 SMTP Buffer Overflow
6244| [19493] Netscape Enterprise Server 3.51/3.6 SP2 Accept Buffer Overflow Vulnerability
6245| [19489] Microsoft Windows NT 4.0 DCOM Server Vulnerability
6246| [19457] Ms Commercial Internet System 2.0/2.5,IIS 4.0,Site Server Commerce Edition 3.0 alpha/3.0 DoS
6247| [19446] WebTrends Enterprise Reporting Server 1.5 Negative Content Length DoS Vulnerability
6248| [19445] Microsoft FrontPage Personal WebServer 1.0 PWS DoS Vulnerability
6249| [19443] Netscape Enterprise Server 3.51/3.6 JHTML View Source Vulnerability
6250| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
6251| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
6252| [19416] Netscape Enterprise Server <= 3.6 SSL Buffer Overflow DoS Vulnerability
6253| [19415] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (3)
6254| [19414] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (2)
6255| [19413] Windows 95/98,Windows NT Enterprise Server <= 4.0 SP5,Windows NT Terminal Server <= 4.0 SP4,Windows NT Workstation <= 4.0 SP5 (1)
6256| [19392] Able2Extract and Able2Extract Server 6.0 - Memory Corruption
6257| [19363] Netscape FastTrack Server 3.0.1 Fasttrack Root Directory Listing Vulnerability
6258| [19362] SCO Open Server <= 5.0.5 XBase Buffer Overflow Vulnerabilities
6259| [19291] EZHomeTech EzServer <= 6.4.017 Stack Buffer Overflow Vulnerability
6260| [19266] Ezhometech Ezserver 6.4 Stack Overflow Exploit
6261| [19244] Apple Mac OS X Server 10.0 Overload Vulnerability
6262| [19231] PHP apache_request_headers Function Buffer Overflow
6263| [19225] Compaq Client Management Agents 3.70/4.0,Insight Management Agents 4.21 A/4.22 A/4.30 A,Intelligent Cluster Administrator 1.0,Management Agents for Workstations 4.20 A,Server Management Agents <= 4.23,Survey Utility 2.0 Web File Access Vulnerability
6264| [19220] Allaire ColdFusion Server <= 4.0.1 CFCRYPT.EXE Vulnerability
6265| [19219] bisonware bisonware ftp server 3.5 - Multiple Vulnerabilities
6266| [19208] Microsoft Site Server Commerce Edition 3.0 alpha AdSamples Vulnerability
6267| [19197] "Microsoft Windows NT <= 4.0 SP5,Terminal Server 4.0 ""Pass the Hash"" with Modified SMB Client Vulnerability"
6268| [19194] Microsoft IIS 3.0/4.0 Using ASP And FSO To Read Server Files Vulnerability
6269| [19167] Ipswitch IMail 5.0,WS_FTP Server 1.0.1/1.0.2 Server Privilege Escalation Vulnerability
6270| [19152] Microsoft IIS 5.0 IISAPI Extension Enumerate Root Web Server Directory Vulnerability
6271| [19145] NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 Server Operator to Administrator Privilege Escalation: System Key Vulnerability
6272| [19131] XM Easy Personal FTP Server <= 5.30 - Remote Format String Write4 Exploit
6273| [19129] Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
6274| [19123] SCO Open Server <= 5.0.4 POP Server Buffer Overflow Vulnerability
6275| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
6276| [19112] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(2)
6277| [19111] BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC BIND <= 8.1.1,NetBSD <= 1.3.1,RedHat Linux <= 5.0,SCO Open Desktop 3.0/Server 5.0,Unixware 2.1/7.0,SGI IRIX <= 6.3,Solaris <= 2.5.1 BIND buffer overflow(1)
6278| [19110] Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (2)
6279| [19109] Qualcomm qpopper 2.4 POP Server Buffer Overflow Vulnerability (1)
6280| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
6281| [19093] Allaire ColdFusion Server <= 4.0 - Remote File Display, Deletion, Upload and Execution Vulnerability
6282| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
6283| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
6284| [19069] Qualcomm Eudora Internet Mail Server 1.2 - Buffer Overflow Vulnerability
6285| [19047] Stalker Internet Mail Server 1.6 - Buffer Overflow Vulnerability
6286| [19046] AppleShare IP Mail Server 5.0.3 - Buffer Overflow Vulnerability
6287| [19024] ComSndFTP Server 1.3.7 Beta Remote Format String Overflow
6288| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
6289| [18982] Hexamail Server <= 4.4.5 Persistent XSS Vulnerability
6290| [18973] GIMP script-fu Server Buffer Overflow
6291| [18946] Tftpd32 DNS Server 4.00 Denial of Service
6292| [18945] WinRadius Server 2009 Denial of Service
6293| [18915] FlexNet License Server Manager lmgrd Buffer Overflow
6294| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
6295| [18878] Pro-face Pro-Server EX WinGP PC Runtime Multiple Vulnerabilities
6296| [18877] FlexNet License Server Manager Stack Overflow In lmgrd
6297| [18858] elearning server 4g Multiple Vulnerabilities
6298| [18857] Kerio WinRoute Firewall Web Server < 6 Source Code Disclosure
6299| [18841] Lynx Message Server Multiple Vulnerabilities
6300| [18766] Oracle GlassFish Server - REST CSRF
6301| [18764] Oracle GlassFish Server 3.1.1 (build 12) Multiple XSS
6302| [18759] TFTP Server for Windows 1.4 ST WRQ Buffer Overflow
6303| [18734] EMC IRM License Server DoS Server 4.6.1.1995
6304| [18718] distinct tftp server <= 3.01 - Directory Traversal vulnerability
6305| [18665] PHP 5.4.0 Built-in Web Server DoS PoC
6306| [18643] Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 - Remote Buffer Overflow Vulnerability
6307| [18630] Android FTPServer 1.9.0 - Remote DoS
6308| [18629] Tiny Server <= 1.1.9 HTTP HEAD DoS
6309| [18628] PeerFTP Server <= 4.01 - Remote Crash PoC
6310| [18626] ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Vulnerability
6311| [18625] 2X ApplicationServer 10.1 TuxSystem Class ActiveX Control Remote File Overwrite Vulnerability
6312| [18623] LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Arbitrary File Deletion Vulnerability
6313| [18622] LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server Remote Code Execution Vulnerability
6314| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
6315| [18615] TypesoftFTP Server 1.1 - Remote DoS (APPE)
6316| [18610] Tiny Server 1.1.5 - Arbitrary File Disclosure Exploit
6317| [18604] NetDecision 4.5.1 HTTP Server Buffer Overflow
6318| [18587] Network Instrument Observer SNMP SetRequest Denial of Service Vulnerability
6319| [18582] Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
6320| [18543] Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability
6321| [18541] Netmechanica NetDecision HTTP Server Denial of Service Vulnerability
6322| [18534] Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit
6323| [18524] Tiny HTTP Server <= 1.1.9 - Remote Crash PoC
6324| [18476] Sysax Multi Server <= 5.52 File Rename BoF RCE (Egghunter)
6325| [18469] Typsoft FTP Server 1.10 Multiple Commands DoS
6326| [18453] OfficeSIP Server 3.1 - Denial of Service Vulnerability
6327| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
6328| [18451] Sphinix Mobile Web Server 3.1.2.47 Multiple Persistent XSS Vulnerabilities
6329| [18448] Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
6330| [18442] Apache httpOnly Cookie Disclosure
6331| [18423] HP Diagnostics Server magentservice.exe Overflow
6332| [18420] Sysax Multi Server 5.50 Create Folder Remote Code Exec BoF (MSF Module)
6333| [18401] Savant Web Server 3.1 - Buffer Overflow Exploit (Egghunter)
6334| [18382] Sysax Multi Server 5.50 Create Folder BOF
6335| [18345] TFTP Server 1.4 ST (RRQ) Buffer Overflow Exploit
6336| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
6337| [18240] CoDeSys SCADA 2.3 - Webserver Stack Buffer Overflow
6338| [18235] zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal
6339| [18190] Serv-U FTP Server < 4.2 - Buffer Overflow
6340| [18189] Ipswitch TFTP Server Directory Traversal Vulnerability
6341| [18188] Hillstone Software HS TFTP Server Denial of Service Vulnerability
6342| [18179] IBM Lotus Domino Server Controller Authentication Bypass Vulnerability
6343| [18112] optima apiftp server <= 1.5.2.13 - Multiple Vulnerabilities
6344| [18057] NJStar Communicator 3.00 MiniSMTP Server Remote Exploit
6345| [18038] GTA SA-MP server.cfg - Buffer Overflow
6346| [18028] "zFTP Server ""cwd/stat"" Remote Denial-of-Service"
6347| [18017] Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)
6348| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
6349| [17963] atvise webMI2ADS Web Server <= 1.0 - Multiple Vulnerabilities
6350| [17893] GTA SA-MP server.cfg - Local Buffer Overflow Vulnerability
6351| [17886] FreeFloat FTP Server Buffer Overflow Exploit (DEP Bypass)
6352| [17879] MetaServer RT <= 3.2.1.450 - Multiple Vulnerabilities
6353| [17870] KnFTP 1.0.0 Server - Remote Buffer Overflow Exploit, 'USER' command
6354| [17856] KnFTP 1.0.0 Server Multiple Buffer Overflow Exploit (DoS PoC)
6355| [17828] Wordpress Plugin Forum Server <= 1.7 - SQL Injection Vulnerability
6356| [17827] Procyon Core Server HMI <= 1.13 - Coreservice.exe Stack Buffer Overflow
6357| [17819] KnFTP Server Buffer Overflow Exploit
6358| [17817] ScadaTEC ModbusTagServer & ScadaPhone (.zip) Buffer Overflow Exploit (0day)
6359| [17810] BisonFTP Server Remote Buffer Overflow Exploit (MSF)
6360| [17796] Windows Server 2008 R1 Local Denial of Service
6361| [17742] Mini FTP Server 1.1 Buffer Corruption Remote Denial of Service
6362| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
6363| [17691] Apache Struts < 2.2.0 - Remote Command Execution
6364| [17649] BisonFTP Server <= 3.5 - Remote Buffer Overflow Exploit
6365| [17626] PXE exploit server
6366| [17619] CiscoKits 1.0 TFTP Server Directory Traversal Vulnerability
6367| [17618] CiscoKits 1.0 TFTP Server DoS (write command)
6368| [17615] Sun/Oracle GlassFish Server Authenticated Code Execution
6369| [17601] Omnicom Alpha 4.0e LPD Server DoS
6370| [17588] Actfax FTP Server <= 4.27 - USER Command 0day Stack Buffer Overflow (MSF)
6371| [17581] MyWebServer 1.0.3 - Arbitrary File Download
6372| [17580] MyWebServer 1.0.3 - Denial of Service
6373| [17578] MinaliC Webserver 2.0 - Remote Source Disclosure
6374| [17571] OpenX Ad Server 2.8.7 Cross Site Request Forgery
6375| [17569] Ciscokits 1.0 TFTP Server File Name DoS
6376| [17551] Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability
6377| [17550] FreeFloat FTP Server 1.0 - ACCL Buffer Overflow Exploit
6378| [17549] Lotus Domino SMTP router, EMAIL server and client DoS
6379| [17548] FreeFloat FTP Server REST Buffer Overflow (MSF)
6380| [17546] FreeFloat FTP Server 1.0 - REST, PASV Buffer Overflow Exploit
6381| [17540] Freefloat FTP Server MKD Buffer Overflow (MSF)
6382| [17539] FreeFloat FTP Server 1.00 - MKD Buffer Overflow Exploit
6383| [17535] Java RMI Server Insecure Default Configuration Java Code Execution
6384| [17519] Freefloat FTP Server (LIST command) Buffer Overflow Exploit
6385| [17507] Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
6386| [17498] Freefloat FTP Server Buffer Overflow Vulnerability (MSF)
6387| [17476] Microsoft IIS FTP Server <= 7.0 Stack Exhaustion DoS [MS09-053]
6388| [17455] Smallftpd 1.0.3 FTP Server Denial of Service Vulnerability
6389| [17434] RealWin SCADA Server DATAC Login Buffer Overflow
6390| [17417] DATAC RealWin SCADA Server 2 On_FC_CONNECT_FCS_a_FILE Buffer Overflow
6391| [17404] IBM WebSphere Application Server 7.0.0.13 CSRF Vulnerability
6392| [17393] Oracle HTTP Server XSS Header Injection
6393| [17382] Tele Data Contact Management Server Directory Traversal
6394| [17381] simple web-server 1.2 - Directory Traversal
6395| [17374] 7-Technologies IGSS 9 IGSSdataServer .RMS Rename Buffer Overflow
6396| [17373] ActFax Server FTP Remote BOF (post auth) Bigger Buffer
6397| [17361] Xitami Web Server 2.5b4 Remote Buffer Overflow (Egghunter)
6398| [17359] Xitami Web Server 2.5b4 Remote Buffer Overflow Exploit
6399| [17354] Easy Ftp Server 1.7.0.2 - Post-Authentication BoF
6400| [17352] 7-Technologies IGSS 9 Data Server/Collector Packet Handling Vulnerabilities
6401| [17351] iPhone4 FTP Server 1.0 - Empty CWD-RETR Remote Crash
6402| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
6403| [17300] 7-Technologies IGSS <= 9.00.00 b11063 - IGSSdataServer.exe Stack Overflow
6404| [17276] Oracle GlassFish Server Administration Console Authentication Bypass
6405| [17219] EMC HomeBase Server Directory Traversal Remote Code Execution
6406| [17188] IBM Tivoli Directory Server SASL Bind Request Remote Code Execution
6407| [17159] Microsoft Host Integration Server <= 8.5.4224.0 DoS Vulnerabilities
6408| [17148] Zend Server Java Bridge Arbitrary Java Code Execution
6409| [17116] Longshine Multiple Print Servers Cross-site Scripting Vulnerability
6410| [17115] ZO Tech Multiple Print Servers Cross-site Scripting Vulnerability
6411| [17063] easy file sharing web server 5.8 - Multiple Vulnerabilities
6412| [17053] wodWebServer.NET 1.3.3 - Directory Traversal
6413| [17034] Progea Movicon 11 TCPUploadServer Remote Exploit
6414| [17033] IGSS 8 ODBC Server Multiple Remote Uninitialized Pointer Free DoS
6415| [16984] HP OpenView Performance Insight Server Backdoor Account Code Execution
6416| [16970] Kolibri <= 2.0 - HTTP Server HEAD Buffer Overflow
6417| [16939] Hiawatha WebServer 7.4 - Denial of Service Vulnerability
6418| [16930] ToolTalk rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)
6419| [16915] Oracle VM Server Virtual Server Agent Command Injection
6420| [16891] QuickTime Streaming Server parse_xml.cgi Remote Execution
6421| [16872] WebSTAR FTP Server USER Overflow
6422| [16863] AppleFileServer LoginExt PathName Overflow
6423| [16858] RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution
6424| [16846] UoW IMAP server LSUB Buffer Overflow
6425| [16829] Trend Micro ServerProtect 5.58 EarthAgent.EXE Buffer Overflow
6426| [16828] Trend Micro ServerProtect 5.58 CreateBinding() Buffer Overflow
6427| [16827] Trend Micro ServerProtect 5.58 Buffer Overflow
6428| [16823] Network Associates PGP KeyServer 7 LDAP Buffer Overflow
6429| [16819] SoftiaCom WMailserver 1.0 - Buffer Overflow
6430| [16817] GoodTech Telnet Server <= 5.0.6 - Buffer Overflow
6431| [16815] Novell ZENworks 6.5 Desktop/Server Management Overflow
6432| [16802] Webster HTTP Server GET Buffer Overflow
6433| [16798] Apache mod_jk 1.2.20 Buffer Overflow
6434| [16789] Adobe RoboHelp Server 8 Arbitrary File Upload and Execute
6435| [16782] Apache Win32 Chunked Encoding
6436| [16777] Free Download Manager Remote Control Server Buffer Overflow
6437| [16773] Novell eDirectory NDS Server Host Header Overflow
6438| [16772] EFS Easy Chat Server Authentication Request Handling Buffer Overflow
6439| [16771] EasyFTP Server <= 1.7.0.11 list.html path Stack Buffer Overflow
6440| [16770] Savant 3.1 Web Server Overflow
6441| [16766] Sybase EAServer 5.2 - Remote Stack Buffer Overflow
6442| [16757] Novell Messenger Server 2.0 Accept-Language Overflow
6443| [16753] Xitami 2.5c2 Web Server If-Modified-Since Overflow
6444| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
6445| [16745] Computer Associates License Server GETCONFIG Overflow
6446| [16742] Easy File Sharing FTP Server 2.0 PASS Overflow
6447| [16740] Microsoft IIS FTP Server NLST Response Overflow
6448| [16737] EasyFTP Server <= 1.7.0.11 CWD Command Stack Buffer Overflow
6449| [16734] EasyFTP Server <= 1.7.0.11 LIST Command Stack Buffer Overflow
6450| [16733] FileCopa FTP Server pre 18 Jul Version
6451| [16719] WS-FTP Server 5.03 MKD Overflow
6452| [16718] Xlink FTP Server Buffer Overflow
6453| [16717] Ipswitch WS_FTP Server 5.05 XMD5 Overflow
6454| [16712] BolinTech Dream FTP Server 1.02 Format String
6455| [16711] EasyFTP Server <= 1.7.0.11 MKD Command Stack Buffer Overflow
6456| [16703] GlobalSCAPE Secure FTP Server Input Overflow
6457| [16702] KarjaSoft Sami FTP Server 2.02 - USER Overflow
6458| [16697] IBM Lotus Domino Web Server Accept-Language Stack Buffer Overflow
6459| [16690] Qbik WinGate WWW Proxy Server URL Processing Overflow
6460| [16641] SasCam Webcam Server 2.6.5 Get() method - Buffer Overflow
6461| [16491] WinVNC Web Server <= 3.3.3r7 - GET Overflow
6462| [16445] Bopup Communications Server Buffer Overflow
6463| [16431] BigAnt Server 2.50 SP1 Buffer Overflow
6464| [16430] BigAnt Server 2.2 - Buffer Overflow
6465| [16426] BigAnt Server 2.52 USV Buffer Overflow
6466| [16419] Mercury/32 <= 4.01b - PH Server Module Buffer Overflow
6467| [16416] CA BrightStor ARCserve for Laptops & Desktops LGServer Multiple Commands Buffer Overflow
6468| [16415] CA BrightStor ARCserve for Laptops & Desktops LGServer (rxsSetDataGrowthScheduleAndFilter) Buffer Overflow
6469| [16411] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
6470| [16409] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
6471| [16400] CA BrightStor ARCserve for Laptops & Desktops LGServer Buffer Overflow
6472| [16398] Microsoft SQL Server Hello Overflow
6473| [16396] Microsoft SQL Server sp_replwritetovarbin Memory Corruption via SQL Injection
6474| [16395] Microsoft SQL Server Payload Execution
6475| [16394] Microsoft SQL Server Payload Execution via SQL injection
6476| [16393] Microsoft SQL Server Resolution Overflow
6477| [16392] Microsoft SQL Server sp_replwritetovarbin Memory Corruption
6478| [16389] Omni-NFS Server Buffer Overflow
6479| [16385] DATAC RealWin SCADA Server Buffer Overflow
6480| [16384] DATAC RealWin SCADA Server SCPC_TXTEVENT Buffer Overflow
6481| [16383] DATAC RealWin SCADA Server SCPC_INITIALIZE_RF Buffer Overflow
6482| [16382] DATAC RealWin SCADA Server SCPC_INITIALIZE Buffer Overflow
6483| [16368] Microsoft LSASS Service DsRolerUpgradeDownlevelServer Overflow
6484| [16367] Microsoft Server Service NetpwPathCanonicalize Overflow
6485| [16362] Microsoft Server Service Relative Path Stack Corruption
6486| [16350] Allied Telesyn TFTP Server 1.9 Long Filename Overflow
6487| [16344] FutureSoft TFTP Server 2000 Transfer-Mode Overflow
6488| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
6489| [16314] Sun Java System Web Server WebDAV OPTIONS Buffer Overflow
6490| [16287] Wyse Rapport Hagent Fake Hserver Command Execution
6491| [16286] RealServer Describe Buffer Overflow
6492| [16274] JBoss Application Server Remote Exploit
6493| [16260] Quick 'n Easy FTP Server 3.2 - Denial of Service
6494| [16259] home ftp server 1.12 - Directory Traversal
6495| [16235] Wordpress Plugin Forum Server 1.6.5 - SQL Injection Vulnerability
6496| [16230] Victory FTP Server 5.0 - Denial of Service Exploit
6497| [16177] ActFax Server FTP Remote BOF (post auth)
6498| [16176] ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit
6499| [16166] MS Windows Server 2003 AD Pre-Auth BROWSER ELECTION Remote Heap Overflow
6500| [16150] XM Easy Personal FTP Server 5.8.0 (TYPE) Denial of Service
6501| [16095] Terminal Server Client .rdp Denial of Service
6502| [16075] Caedo HTTPd Server 0.5.1 ALPHA - Remote File Download
6503| [16054] sap crystal report server 2008 - Directory Traversal
6504| [16040] Automated Solutions Modbus/TCP OPC Server Remote Heap Corruption PoC
6505| [16036] Golden FTP Server 4.70 - PASS Command Buffer Overflow Exploit
6506| [15868] QuickPHP Web Server Arbitrary (src .php) File Download
6507| [15862] quickphp web server 1.9.1 - Directory Traversal
6508| [15860] TYPSoft FTP Server (v 1.10) RETR CMD Denial of Service
6509| [15821] HttpBlitz Web Server Denial of Service Exploit
6510| [15764] ViRobot Desktop 5.5 and Server 3.5 <= 2008.8.1.1 - Privilege Escalation Vulnerability
6511| [15723] FreeBSD LiteSpeed Web Server 4.0.17 with PHP - Remote Exploit
6512| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
6513| [15689] Freefloat FTP Server Buffer Overflow Vulnerability 0day
6514| [15617] VMware 2 Web Server - Directory Traversal
6515| [15450] filecopa ftp server 6.01 - Directory Traversal
6516| [15445] femitter ftp server 1.04 - Directory Traversal vulnerability
6517| [15442] Zeeways Adserver Multiple Vulnerabilities
6518| [15438] AT-TFTP Server 1.8 - Remote Directory Traversal Vulnerability
6519| [15437] Quick Tftp Server Pro 2.1 - Remote Directory Traversal Vulnerability
6520| [15427] WinTFTP Server Pro 3.1 - (0day) Remote Directory Traversal Vulnerability
6521| [15422] Sami HTTP Server 2.0.1 GET Request Denial of Service Exploit
6522| [15373] mongoose web server 2.11 - Directory Traversal vulnerability
6523| [15357] Home FTP Server 1.11.1.149 RETR DELE RMD - Remote Directory Traversal Exploit
6524| [15349] Home FTP Server 1.11.1.149 - Post-Auth Directory Traversal
6525| [15336] MinaliC Webserver 1.0 - Remote Source Disclosure/File Download
6526| [15334] MinaliC Webserver 1.0 - Denial of Service Vulnerability
6527| [15333] MinaliC Webserver 1.0 - Directory Traversal Vulnerability
6528| [15319] Apache 2.2 (Windows) Local Denial of Service
6529| [15307] HP Data Protector Media Operations 6.11 HTTP Server Remote Integer Overflow DoS
6530| [15290] Oracle Sun Java System Web Server - HTTP Response Splitting
6531| [15244] Oracle Virtual Server Agent Command Injection
6532| [15238] Disk Pulse Server 2.2.34 - Remote Buffer Overflow Exploit
6533| [15231] Sync Breeze Server 2.2.30 - Remote Buffer Overflow Exploit
6534| [15008] MOAUB #15 - Ipswitch Imail Server List Mailer Reply-To Address Memory Corruption
6535| [14990] AA SMTP Server 1.1 - Crash PoC
6536| [14976] YOPS Web Server Remote Command Execution
6537| [14840] Mereo 1.9.2 - Remote HTTP Server Denial of Service Vulnerability
6538| [14779] deepin tftp server 1.25 - Directory Traversal vulnerability
6539| [14634] SmartCode ServerX VNC Server ActiveX 1.1.5.0 (scvncsrvx.dll) DoS Exploit
6540| [14623] Easy FTP Server 1.7.0.11 - Multiple Commands Remote Buffer Overflow Exploit (Post Auth)
6541| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
6542| [14607] Microsoft SMB Server Trans2 Zero Size Pool Alloc (MS10-054)
6543| [14496] UPlusFTP Server 1.7.1.01 - HTTP Remote Buffer Overflow (Post Auth)
6544| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6545| [14451] Easy FTP Server 1.7.0.11 - LIST Command Remote BoF Exploit (Post Auth) - (meta)
6546| [14409] AIX5l with FTP-Server Remote Root Hash Disclosure Exploit
6547| [14402] Easy FTP Server 1.7.0.11 - CWD Command Remote Buffer Overflow Exploit (Post Auth)
6548| [14400] Easy FTP Server 1.7.0.11 - LIST Command Remote Buffer Overflow Exploit (Post Auth)
6549| [14399] Easy FTP Server 1.7.0.11 - MKD Command Remote Buffer Overflow Exploit (Post Auth)
6550| [14380] Power/Personal FTP Server RETR Denial of Service
6551| [14287] Sun Java Web Server 7.0 u7 - Exploit with DEP bypass
6552| [14283] ClickGallery Server SQL Injection Vulnerability
6553| [14279] Inout Ad server Ultimate Shell Upload Vulnerabilty
6554| [14266] IrcDelphi Daemon Server Denial of Service
6555| [14254] EvoCam Web Server OSX ROP Remote Exploit (Snow Leopard)
6556| [14236] Sun Java Web Server 7.0 u7 Admin Interface DoS
6557| [14195] SasCam WebCam Server 2.6.5 - ActiveX SEH Overwrite
6558| [14194] Sun Java Web Server 7.0 u7 Remote Exploit
6559| [14156] Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel Use-after-free Vulnerability
6560| [14012] Weborf HTTP Server Denial of Service Vulnerability
6561| [13958] Sysax Multi Server (SFTP module) Multiple Commands DoS Vulnerabilities
6562| [13932] Open&Compact Ftp Server <= 1.2 Full System Access
6563| [13888] SasCam 2.6.5 - Remote HTTP Server Crash
6564| [13850] Litespeed Technologies Web Server Remote Poison null byte Exploit
6565| [13735] OS X EvoCam Web Server Buffer Overflow Exploit 3.6.6 and 3.6.7
6566| [13308] linux/x86 shellcode that forks a HTTP Server on port tcp/8800 166 bytes
6567| [12853] Quick 'n Easy FTP Server Lite 3.1
6568| [12815] GoAheaad Webserver Source Code Disclosure Vulnerability
6569| [12804] nginx [engine x] http server <= 0.6.36 Path Draversal
6570| [12774] HomeFTP Server r1.10.3 (build 144) Denial of Service Exploit
6571| [12754] Easy Address book Webserver 1.2 CSRF
6572| [12741] Open&Compact Ftp Server 1.2 Universal Pre-Auth Denial of Service
6573| [12740] POC - SEH control (0day) of Webby webserver
6574| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
6575| [12698] "Open&Compact Ftp Server 1.2 ""PORT"" command Remote DoS"
6576| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
6577| [12640] Abyss Web Server X1 - CSRF
6578| [12604] TYPSoft FTP Server 1.10 - RETR Command DoS
6579| [12603] SmallFTPD FTP Server 1.0.3 - DELE Command DoS
6580| [12587] wftpd server 3.30 Multiple Vulnerabilities(0day)
6581| [12582] zervit Web Server 0.4 - Directory Traversals
6582| [12581] zervit Web Server 0.4 - Source Disclosure/Download
6583| [12554] MiniManager For Mangos/Trinity Server DoS Vulnerability
6584| [12531] GeoHttpServer Remote DoS Vulnerability
6585| [12520] OCS Inventory NG Server <= 1.3.1 (login) Remote Authentication Bypass
6586| [12480] Acritum Femitter Server 1.03 - Multiple Vulnerabilities
6587| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
6588| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
6589| [12331] MultiThreaded HTTP Server 1.1 - Directory Traversal
6590| [12330] Apache OFBiz - Multiple XSS
6591| [12312] EasyFTP Server <= 1.7.0.2 CWD Buffer Overflow (Metasploit)
6592| [12309] Mongoose Web Server 2.8 - Multiple Directory Traversal Exploits
6593| [12308] MultiThreaded HTTP Server 1.1 - Source Disclosure
6594| [12304] MultiThreaded HTTP Server 1.1 - Directory Traversal
6595| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
6596| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
6597| [12201] MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer PoC
6598| [12131] Tembria Server Monitor 5.6.0 - Denial of Service
6599| [12119] WINDOWS FTP SERVER by DWG (Auth Bypass)
6600| [12114] miniature java web server <= 1.71 - Multiple Vulnerabilities
6601| [12044] Easy Ftp Server 1.7.0.2 - MKD Remote Post-Authentication BoF Exploit
6602| [12033] Java Mini Web Server <= 1.0 Path Traversal and Cross Site Scripting
6603| [11973] CompleteFTP Server Directory Traversal
6604| [11878] Cisco TFTP Server 1.1 DoS
6605| [11877] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack BOF
6606| [11857] MX Simulator Server Remote Buffer Overflow PoC
6607| [11856] uhttp Server Path Traversal Vulnerability
6608| [11855] Jinais IRC Server 0.1.8 - NULL Pointer PoC
6609| [11820] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Stack BOF
6610| [11810] eDisplay Personal FTP server 1.0.0 - Multiple Post-Authentication Crash SEH (PoC)
6611| [11809] eDisplay Personal FTP server 1.0.0 Pre-Authentication DoS (PoC)
6612| [11765] ArGoSoft FTP Server .NET 1.0.2.1 - Directory Traversal Vulnerability
6613| [11736] Kerio MailServer 6.2.2 preauth Remote Denial of Service PoC
6614| [11668] Easy FTP Server 1.7.0.2 - CWD Remote BoF (MSF Module)
6615| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
6616| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
6617| [11569] Web Server Creator Web Portal 0.1 - Multiple Vulnerabilities
6618| [11556] iPhone FTP Server By Zhang Boyang Remote DoS Exploit
6619| [11546] iPhone - FTP Server (WiFi FTP) by SavySoda DoS/PoC
6620| [11539] Easy FTP Server 1.7.0.2 - CWD Remote BoF
6621| [11503] Litespeed Web Server 4.0.12 - (Add Admin) CSRF and XSS Vulnerabilities
6622| [11500] Easy~Ftp Server 1.7.0.2 - (HTTP) Remote BoF Exploit
6623| [11470] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (PoC)
6624| [11469] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF (SEH) (PoC)
6625| [11468] Easy~Ftp Server 1.7.0.2 - Post-Authentication BoF
6626| [11403] Cisco Collaboration Server 5 XSS, Source Code Disclosure
6627| [11328] UplusFtp Server 1.7.0.12 - Remote Buffer Overflow
6628| [11273] iOS Serversman 3.1.5 - HTTP Remote DoS Exploit
6629| [11254] P2GChinchilla HTTP Server 1.1.1 - Denial of Service Exploit
6630| [11222] Joomla Component com_gameserver SQL Injection Vulnerability
6631| [11215] SHOUTcast Server <= 1.9.8/win32 - CSRF Vulnerability
6632| [11210] EFS Easy Chat server Universal BOF-SEH (Meta)
6633| [11179] Exploit EFS Software Easy Chat Server 2.2
6634| [11131] TurboFTP Server 1.00.712 Remote DoS
6635| [10973] BigAnt Server 2.52 - Remote Buffer Overflow Exploit 2
6636| [10821] WingFTP Server 3.2.4 - CSRF Vulnerability
6637| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
6638| [10772] AspBB - Active Server Page Bulletin Board DB Download Vulnerability
6639| [10765] BigAnt Server 2.52 SEH (0day)
6640| [10542] TFTP SERVER Buffer Overflow remote exploit
6641| [10434] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
6642| [10432] zabbix server Multiple Vulnerabilities
6643| [10349] CoreHTTP web server off-by-one buffer overflow vulnerability
6644| [10331] iWeb HTTP Server Directory Transversal Vulnerability
6645| [10303] Core FTP Server 1.0 Build 319 Denial of Service
6646| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
6647| [10258] Golden FTP Server 4.30 File Deletion Vulnerability
6648| [10257] XM Easy Professional FTP Server 5.8.0 - Denial of Service
6649| [10221] XM Easy Personal FTP Server 5.8.0 - Remote DoS Vulnerability
6650| [10171] Baby Web Server 2.7.2 Vulnerbility found Denial of Service(0day)
6651| [10162] Home FTP Server 'MKD' Command Directory Traversal Vulnerability
6652| [10104] XM Easy Personal FTP Server 'APPE' and 'DELE' Command DoS
6653| [10056] Ada Image Server <= 0.6.7 imgsrv.exe Buffer Overflow
6654| [10047] Femitter HTTP Server 1.03 Remote Source Disclosure
6655| [10031] Alcatel-Lucent OmniPCX Enterprise Communication Server <= 7.1 masterCGI Command Injection
6656| [10012] html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
6657| [10005] Windows 7 / Server 2008R2 Remote Kernel Crash
6658| [10004] Dopewars 1.5.12 Server Denial of Service
6659| [9999] Cerberus FTP server 3.0.6 Pre-Auth DoS
6660| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
6661| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6662| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6663| [9978] TwonkyMedia Server <= 4.4.17 & <= 5.0.65 - XSS
6664| [9937] RealServer 7-9 Describe Buffer Overflow
6665| [9934] Wyse Rapport Hagent Fake Hserver Command Execution
6666| [9931] AppleFileServer 10.3.3 LoginEXT PathName Overflow (OS X)
6667| [9928] WebSTAR FTP Server <= 5.3.2 USER Overflow (OS X)
6668| [9907] The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability
6669| [9897] Mongoose Web Server 2.8.0 Source Disclosure
6670| [9879] EMC RepliStor Server 6.3.1.3 DoS
6671| [9874] Cherokee web server 0.5.4 DoS
6672| [9852] Home FTP Server 1.10.1.139 'SITE INDEX' Command Remote Denial of Service
6673| [9813] Mereo Web Server 1.8 - Remote Source Code Disclosure
6674| [9811] Core FTP Server 1.0 build 304 DoS
6675| [9804] XM Easy Personal FTP Server <= 5.8.0 DoS
6676| [9734] BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2
6677| [9718] Xerver HTTP Server 4.32 - XSS / Directory Traversal Vulnerability
6678| [9717] Xerver HTTP Server <= 4.32 - Remote Denial of Service
6679| [9695] BigAnt Server 2.50 SP1 (ZIP File) Local Buffer Overflow PoC
6680| [9694] NaviCOPA Web Server 3.01 Remote Source Code Disclosure Vulnerability
6681| [9690] BigAnt Server 2.50 GET Request Remote BOF Exploit (SEH) Universal
6682| [9673] BigAnt Server 2.50 GET Request Remote BOF Exploit (SEH) 0day
6683| [9667] Cerberus FTP Server 3.0.3 - Remote Denial of Service Exploit
6684| [9664] FtpXQ FTP Server 3.0 - Remote Denial of Service Exploit (auth)
6685| [9662] IPSwitch IMAP Server <= 9.20 Remote Buffer Overflow Exploit
6686| [9660] Techlogica HTTP Server 1.03 Arbitrary File Disclosure Exploit
6687| [9657] httpdx Web Server 1.4 (Host Header) Remote Format String DoS Exploit
6688| [9652] Oracle Secure Backup Server 10.3.0.1.0 Auth Bypass/RCI Exploit
6689| [9650] Kolibri+ Web Server 2 Remote Arbitrary Source Code Disclosure #2
6690| [9649] Xerver HTTP Server 4.32 Arbitrary Source Code Disclosure Vuln
6691| [9644] Kolibri+ Webserver 2 (GET Request) Remote SEH Overwrite Exploit
6692| [9643] kolibri+ webserver 2 - Directory Traversal vulnerability
6693| [9638] Kolibri+ Webserver 2 Remote Source Code Disclosure Vulnerability
6694| [9621] Kolibri+ Webserver 2 (Get Request) Denial of Service Vulnerability
6695| [9587] Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service
6696| [9571] Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability
6697| [9559] Microsoft IIS 5.0 FTP Server Remote Stack Overflow Exploit (win2k sp4)
6698| [9547] SolarWinds TFTP Server <= 9.2.0.111 - Remote DoS Exploit
6699| [9541] Microsoft IIS 5.0/6.0 FTP Server Remote Stack Overflow Exploit (win2k)
6700| [9500] NaviCopa Web Server 3.01 Remote Buffer Overflow Exploit
6701| [9478] HTTP SERVER (httpsv) 1.6.2 (GET 404) Remote Denial of Service Exploit
6702| [9468] ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote BOF Exploit
6703| [9271] Inout Adserver (id) Remote SQL injection Vulnerability
6704| [9175] Sguil/PADS Remote Server Crash Vulnerability
6705| [9096] Sun One WebServer 6.1 JSP Source Viewing Vulnerability
6706| [9093] windows live messenger plus! fileserver 1.0 - Directory Traversal vuln
6707| [9031] Bopup Communications Server (3.2.26.5460) Remote BOF Exploit (SEH)
6708| [9020] AlumniServer 1.0.1 (resetpwemail) Blind SQL Injection Exploit
6709| [9019] AlumniServer 1.0.1 (Auth Bypass) SQL Injection Vulnerability
6710| [9002] Bopup Communications Server 3.2.26.5460 Remote SYSTEM Exploit
6711| [8991] Multiple HTTP Server Low Bandwidth Denial of Service #2
6712| [8976] Multiple HTTP Server Low Bandwidth Denial of Service (slowloris.pl)
6713| [8916] Free Download Manager 2.5/3.0 (Control Server) Remote BOF Exploit
6714| [8897] httpdx <= 0.8 FTP Server Delete/Get/Create Directories/Files Exploit
6715| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
6716| [8732] httpdx <= 0.5b FTP Server (CWD) Remote BOF Exploit (SEH)
6717| [8721] Zervit Webserver 0.04 (GET Request) Remote Buffer Overflow PoC
6718| [8716] httpdx <= 0.5b FTP Server (USER) Remote BOF Exploit (SEH)
6719| [8666] zervit webserver 0.4 - Directory Traversal / memory corruption PoC
6720| [8650] TYPSoft FTP Server 1.11 (ABORT) Remote DoS Exploit
6721| [8606] Quick 'n Easy Mail Server 3.3 (Demo) Remote Denial of Service PoC
6722| [8564] Baby Web Server 2.7.2.0 Arbitrary File Disclosure Exploit
6723| [8561] Quick 'n Easy Web Server 3.3.5 Arbitrary File Disclosure Exploit
6724| [8554] Belkin Bulldog Plus HTTP Server Remote Buffer Overflow Exploit
6725| [8542] Icewarp Merak Mail Server 9.4.1 Base64FileEncode() BOF PoC
6726| [8525] Dream FTP Server 1.02 (users.dat) Arbitrary File Disclosure Exploit
6727| [8524] Home Web Server <= r1.7.1 (build 147) Gui Thread-Memory Corruption
6728| [8522] Zervit HTTP Server <= 0.3 (sockets++ crash) Remote Denial of Service
6729| [8518] Femitter FTP Server 1.03 Arbitrary File Disclosure Exploit
6730| [8511] Xitami Web Server <= 5.0 - Remote Denial of Service Exploit
6731| [8500] Zervit Webserver 0.3 - Remote Denial of Service Exploit
6732| [8463] Zervit Webserver 0.02 Remote Directory Traversal Vulnerability
6733| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
6734| [8447] Zervit Webserver 0.02 Remote Buffer Overflow PoC
6735| [8428] MonGoose 2.4 Webserver Directory Traversal Vulnerability (win)
6736| [8392] Chance-i DiViS DVR System Web-server Directory Traversal Vulnerability
6737| [8368] peterConnects Web Server Traversal Arbitrary File Access Vulnerability
6738| [8333] Sun Calendar Express Web Server - (DoS/XSS) Multiple Remote Vulns
6739| [8310] Sami HTTP Server 2.x (HEAD) Remote Denial of Service Exploit
6740| [8294] XM Easy Personal FTP Server <= 5.7.0 (NLST) DoS Exploit
6741| [8283] Femitter FTP Server 1.x Multiple Vulnerabilities (post auth)
6742| [8273] Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth)
6743| [8256] Sysax Multi Server 4.3 - Remote Arbitrary Delete Files Exploit
6744| [8247] Hannon Hill Cascade Server Command Execution Vulnerability (post auth)
6745| [8245] SW-HTTPD Server 0.x Remote Denial of Service Exploit
6746| [8200] GuildFTPd FTP Server 0.999.14 Remote Delete Files Exploit
6747| [8190] IBM Director <= 5.20.3su2 CIM Server Remote DoS Vulnerability
6748| [8155] Easy File Sharing Web Server 4.8 File Disclosure Vulnerability
6749| [8154] EFS Easy Chat Server Authentication Request Buffer Overflow Exploit (pl)
6750| [8149] EFS Easy Chat Server - (CSRF) Change Admin Pass Vulnerability
6751| [8142] EFS Easy Chat Server Authentication Request BOF Exploit (SEH)
6752| [8087] i-dreams GB Server (admin.dat) File Disclosure Vulnerability
6753| [8041] GeoVision Digital Video Surveillance System (geohttpserver) DT Vuln
6754| [7966] navicopa webserver 3.0.1 (bof/sd) Multiple Vulnerabilities
6755| [7852] FTPShell Server 4.3 (licence key) Remote Buffer Overflow PoC
6756| [7845] AXIS 70U Network Document Server Privilege Escalation/XSS
6757| [7756] Nofeel FTP Server 3.6 (CWD) Remote Memory Consumption Exploit
6758| [7617] SasCam WebCam Server 2.6.5 ActiveX Remote BOF Exploit
6759| [7501] Microsoft SQL Server sp_replwritetovarbin() Heap Overflow Exploit
6760| [7452] ProSysInfo TFTP server TFTPDWIN <= 0.4.2 Univ. Remote BOF Exploit
6761| [7355] NULL FTP Server 1.1.0.7 SITE Parameters Command Injection Vuln
6762| [7352] Merlix Teamworx Server (DD/Bypass) Multiple Remote Vulns
6763| [7348] merlix educate servert (bypass/dd) Multiple Vulnerabilities
6764| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
6765| [7148] Ultrastats 0.2.144/0.3.11 (index.php serverid) SQL Injection Vulnerability
6766| [7132] MS Windows Server Service Code Execution Exploit (MS08-067) (2k/2k3)
6767| [7104] MS Windows Server Service Code Execution Exploit (MS08-067)
6768| [7075] Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerabilities
6769| [7012] hMAilServer 4.4.2 (PHPWebAdmin) File Inclusion Vulnerabilities
6770| [6926] FTP Now 2.6 Server Response Remote Crash PoC
6771| [6877] Pro Traffic One (poll_results.php id) Remote SQL Injection Vulnerability
6772| [6874] Harlandscripts Pro Traffic One (mypage.php) SQL Injection Vulnerability
6773| [6841] MS Windows Server Service Code Execution Exploit (MS08-067) (Univ)
6774| [6838] PumpKIN TFTP Server 2.7.2.0 - Denial of Service Exploit (meta)
6775| [6824] MS Windows Server Service Code Execution PoC (MS08-067)
6776| [6753] Titan FTP server 6.26 build 630 Remote Denial of Service Exploit
6777| [6752] Eserv 3.x FTP Server (ABOR) Remote Stack Overflow PoC
6778| [6741] XM Easy Personal FTP Server 5.6.0 - Remote Denial of Service Exploit
6779| [6719] NoticeWare E-mail Server 5.1.2.2 (POP3) Pre-Auth DoS Exploit
6780| [6581] WinFTP Server 2.3.0 (NLST) Denial of Service Exploit
6781| [6559] Observer 0.3.2.1 - Multiple Remote Command Execution Vulnerabilities
6782| [6481] Femitter FTP Server 1.03 (RETR) Remote Denial of Service Exploit PoC
6783| [6458] The Personal FTP Server 6.0f RETR Denial of Service Exploit
6784| [6387] CitectSCADA ODBC Server Remote Stack Buffer Overflow Exploit (meta)
6785| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
6786| [6155] Cisco IOS 12.3(18) FTP Server - Remote Exploit (attached to gdb)
6787| [6151] velocity web-server 1.0 - Directory Traversal file download vulnerability
6788| [6118] IntelliTamper 2.07 (server header) Remote Code Execution Exploit
6789| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
6790| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
6791| [6077] WinRemotePC Full+Lite 2008 r.2server Denial of Service Exploit
6792| [6012] CMailServer 5.4.6 (CMailCOM.dll) Remote SEH Overwrite Exploit
6793| [5563] TFTP Server for Windows 1.4 ST Remote BSS Overflow Exploit
6794| [5451] BigAnt Server 2.2 PreAuth Remote SEH Overflow Exploit (0day)
6795| [5438] XM Easy Personal FTP Server 5.4.0 (XCWD) Denial of Service Exploit
6796| [5427] Borland InterBase 2007 - ibserver.exe Buffer Overflow PoC
6797| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
6798| [5354] Xitami Web Server 2.5c2 - LRWP Processing Format String PoC
6799| [5341] Noticeware Email Server 4.6.1.0 - Denial of Service Exploit
6800| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
6801| [5314] TFTP Server for Windows 1.4 ST Buffer Overflow Exploit (0day)
6802| [5270] Home FTP Server 1.4.5 - Remote Denial of Service Exploit
6803| [5248] MDaemon IMAP server 9.6.4 (FETCH) Remote Buffer Overflow Exploit
6804| [5228] acronis pxe server 2.0.0.1076 - Directory Traversal / null pointer vulns
6805| [5210] Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) DoS Exploit
6806| [5184] MyServer 0.8.11 (204 No Content) error Remote Denial of Service Exploit
6807| [5152] X.Org xorg-server <= 1.1.1-48.13 - Probe for Files Exploit PoC
6808| [5151] Apple iPhoto 4.0.3 DPAP Server Denial of Service Exploit
6809| [5150] Thecus N5200Pro NAS Server Control Panel RFI Vulnerability
6810| [5106] Citrix Presentation Server Client WFICA.OCX ActiveX - Heap BOF Exploit
6811| [5044] IpSwitch WS_FTP Server with SSH 6.1.0.0 - Remote Buffer Overflow PoC
6812| [5036] Titan FTP Server 6.03 (USER/PASS) Remote Heap Overflow PoC
6813| [4878] McAfee E-Business Server Remote pre-auth Code Execution / DoS PoC
6814| [4873] Microsoft FoxServer (vfp6r.dll 6.0.8862.0) ActiveX Command Execution
6815| [4856] Half-Life CSTRIKE Server 1.6 - Denial of Service Exploit (no-steam)
6816| [4744] rooter VDSL Device (Goahead WEBSERVER) Disclosure Vulnerability
6817| [4734] Anon Proxy Server 0.1000 Remote Command Execution Vulnerability
6818| [4699] firefly media server (mt-daapd) 2.4.1 / svn 1699 - Multiple Vulnerabilities
6819| [4600] Firefly Media Server <= 0.2.4 - Remote Denial of Service Exploit
6820| [4574] IBM Lotus Domino 7.0.2FP1 IMAP4 Server LSUB Command Exploit
6821| [4556] LiteSpeed Web Server <= 3.2.3 - Remote Source Code Disclosure Vuln
6822| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
6823| [4541] Half-Life Server 3.1.1.0 - Remote Buffer Overflow Exploit
6824| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
6825| [4514] Eggdrop Server Module Message Handling Remote BoF Exploit
6826| [4450] Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day)
6827| [4438] IPSwitch IMail Server 8.0x Remote Heap Overflow Exploit
6828| [4430] Streamline PHP Media Server 1.0-beta4 RFI Vulnerability
6829| [4403] JetCast Server 2.0.0.4308 Remote Denial of Service Exploit
6830| [4398] Microsoft SQL Server Distributed Management Objects BoF Exploit
6831| [4379] Microsoft SQL Server Distributed Management Objects (sqldmo.dll) BoF
6832| [4367] Trend Micro ServerProtect eng50.dll - Remote Stack Overflow Exploit
6833| [4362] Web Oddity Web Server 0.09b Directory Transversal Exploit
6834| [4344] Hexamail Server 3.0.0.001 (pop3) pre-auth Remote Overflow PoC
6835| [4328] Postcast Server Pro 3.0.61 / Quiksoft EasyMail (emsmtp.dll 6.0.1) BoF
6836| [4315] SIDVault LDAP Server Preauth Remote Buffer Overflow Exploit
6837| [4289] Easy Chat Server 2.2 - Remote Denial of Service Exploit
6838| [4234] mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server Data Write/Code Execution
6839| [4228] IPSwitch IMail Server 2006 9.10 SUBSCRIBE Remote Overflow Exploit
6840| [4223] IPSwitch IMail Server 2006 SEARCH Remote Stack Overflow Exploit
6841| [4219] Confixx Pro <= 3.3.1 - (saveserver.php) Remote File Inclusion Vulnerability
6842| [4216] Xserver 0.1 Alpha Post Request Remote Buffer Overflow Exploit
6843| [4207] Lotus Domino IMAP4 Server 6.5.4 - Remote Buffer Overflow Exploit
6844| [4187] Traffic Stats (referralUrl.php offset) Remote SQL Injection Vulnerbility
6845| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
6846| [4100] phpTrafficA <= 1.4.2 (pageid) Remote SQL Injection Vulnerability
6847| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
6848| [4075] YourFreeScreamer 1.0 (serverPath) Remote File Inclusion Vulnerability
6849| [4046] MiniWeb Http Server 0.8.x Remote Denial of Service Exploit
6850| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
6851| [3815] Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield)
6852| [3715] Sami HTTP Server 2.0.1 POST Request Denial of Service Exploit
6853| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
6854| [3675] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit (2)
6855| [3674] Wserve HTTP Server 4.6 (Long Directory Name) Denial of Service Exploit
6856| [3649] Ipswitch WS_FTP 5.05 Server Manager Local Site Buffer Overflow Exploit
6857| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
6858| [3622] WinMail Server 4.4 build 1124 (WebMail) Remote Add Super User Exploit
6859| [3616] IBM Lotus Domino Server 6.5 PRE AUTH Remote Exploit
6860| [3602] IBM Lotus Domino Server 6.5 (username) Remote Denial of Service Exploit
6861| [3589] NaviCOPA Web Server 2.01 Remote Buffer Overflow Exploit (meta)
6862| [3579] Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (Win2K SP4)
6863| [3544] Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit
6864| [3541] FutureSoft TFTP Server 2000 Remote SEH Overwrite Exploit
6865| [3531] Helix Server 11.0.1 - Remote Heap Overflow Exploit (win2k SP4)
6866| [3461] TFTP Server 1.3 - Remote Buffer Overflow Denial of Service Exploit
6867| [3444] MS Internet Explorer (FTP Server Response) DoS Exploit (MS07-016)
6868| [3432] TFTPDWIN Server 0.4.2 (UDP) Denial of Service Exploit
6869| [3418] Mercury/32 Mail Server <= 4.01b (check) Buffer Overflow Exploit PoC
6870| [3385] XM Easy Personal FTP Server 5.30 (ABOR) Format String DoS Exploit
6871| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
6872| [3329] Axigen eMail Server 2.0.0b2 (pop3) Remote Format String Exploit
6873| [3291] SAP Web Application Server 6.40 Arbitrary File Disclosure Exploit
6874| [3248] CA BrightStor ARCserve 11.5.2.0 (catirpc.dll) RPC Server DoS Exploit
6875| [3244] CA BrightStor ARCserve (lgserver.exe) Remote Stack Overflow Exploit
6876| [3209] Xt-Stats 2.4.0.b3 (server_base_dir) - Remote File Include (RFI) Vulnerability
6877| [3204] Citrix Metaframe Presentation Server Print Provider Buffer Overflow PoC
6878| [3182] Sami HTTP Server 2.0.1 (HTTP 404 - Object not found) DoS Exploit
6879| [3140] Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow Exploit
6880| [3138] Twilight Webserver 1.3.3.0 (GET) Remote Denial of Service Exploit
6881| [3127] Sami FTP Server 2.0.2 (USER/PASS) Remote Buffer Overflow PoC
6882| [3126] WFTPD Pro Server <= 3.25 SITE ADMN Remote Denial of Service Exploit
6883| [3113] Jshop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability
6884| [3107] FileCOPA FTP Server <= 1.01 (LIST) Remote BoF Exploit (meta)
6885| [3093] AllMyGuests <= 0.3.0 (AMG_serverpath) Remote Inclusion Vulnerabilities
6886| [3092] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit meta
6887| [3063] Formbankserver 1.9 (Name) Directory Transversal Vulnerability
6888| [3056] Formbankserver 1.9 (Name) Remote Denial of Service Exploit
6889| [3038] Durian Web Application Server 3.02 Denial of Service Exploit
6890| [3037] Durian Web Application Server 3.02 Remote Buffer Overflow Exploit
6891| [3034] AIDeX Mini-WebServer <= 1.1 - Remote Denial of Service Crash Exploit
6892| [2985] acFTP FTP Server 1.5 (REST/PBSZ) Remote Denial of Service Exploit
6893| [2978] XM Easy Personal FTP Server 5.2.1 (USER) Format String DoS Exploit
6894| [2974] Http explorer Web Server 1.02 Directory Transversal Vulnerability
6895| [2972] DREAM FTP Server 1.0.2 (PORT) Remote Denial of Service Exploit
6896| [2961] Hewlett-Packard FTP Print Server <= 2.4.5 - Buffer Overflow (PoC)
6897| [2952] WinFtp Server 2.0.2 (PASV) Remote Denial of Service Exploit
6898| [2942] Star FTP Server 1.10 (RETR) Remote Denial of Service Exploit
6899| [2934] Sambar FTP Server 6.4 (SIZE) Remote Denial of Service Exploit
6900| [2926] Crob FTP Server 3.6.1 build 263 (LIST/NLST) Denial of Service Exploit
6901| [2916] Golden FTP server 1.92 (USER/PASS) Heap Overflow PoC
6902| [2914] Filezilla FTP Server <= 0.9.21 (LIST/NLST) Denial of Service Exploit
6903| [2901] Filezilla FTP Server 0.9.20b/0.9.21 (STOR) Denial of Service Exploit
6904| [2878] ContentServ 4.x - (admin/FileServer.php) File Disclosure Vulnerability
6905| [2734] WFTPD Pro Server 3.23.1.1 (APPE) Remote Buffer Overflow PoC
6906| [2729] Omni-NFS Server 5.2 (nfsd.exe) Remote Stack Overflow Exploit (meta)
6907| [2716] Essentia Web Server 2.15 (GET Request) Remote DoS Exploit
6908| [2715] XM Easy Personal FTP Server <= 5.2.1 - Remote Denial of Service Exploit
6909| [2699] EFS Easy Address Book Web Server <= 1.2 - Remote File Stream Exploit
6910| [2690] Easy File Sharing Web Server 4 Remote Information Stealer Exploit
6911| [2671] Novell eDirectory 8.8 NDS Server Remote Stack Overflow Exploit
6912| [2651] MiniHttpServer Web Forum & File Sharing Server 4.0 Add User Exploit
6913| [2650] RevilloC MailServer 1.x (RCPT TO) Remote Denial of Service Exploit
6914| [2601] Ipswitch IMail Server 2006 / 8.x (RCPT) Remote Stack Overflow Exploit
6915| [2445] NaviCOPA Web Server 2.01 (GET) Remote Buffer Overflow Exploit
6916| [2405] AllMyGuests <= 0.4.1 (cfg_serverpath) Remote File Include Vulnerability
6917| [2367] Mambo com_serverstat Component <= 0.4.4 File Include Vulnerability
6918| [2345] Mercur Mailserver 5.0 SP3 (IMAP) Remote Buffer Overflow Exploit (2)
6919| [2318] Web Server Creator 0.1 - (l) Remote Include Vulnerability
6920| [2258] MDaemon POP3 Server < 9.06 (USER) Remote Heap Overflow Exploit
6921| [2245] MDaemon POP3 Server < 9.06 (USER) Remote Buffer Overflow PoC
6922| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
6923| [2234] Easy File Sharing FTP Server 2.0 (PASS) Remote Exploit (PoC)
6924| [2079] eIQnetworks ESA (Syslog Server) Remote Buffer Overflow Exploit
6925| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
6926| [2047] FileCOPA FTP Server <= 1.01 (LIST) Remote Buffer Overflow Exploit
6927| [1976] Quake 3 Engine Client CG_ServerCommand() Remote Overflow Exploit
6928| [1949] XM Easy Personal FTP Server 5.0.1 (Port) Remote Overflow PoC
6929| [1924] Sun iPlanet Messaging Server 5.2 HotFix 1.16 Root Password Disclosure
6930| [1860] Bytehoard 2.1 (server.php) Remote File Include Vulnerability
6931| [1820] netPanzer 0.8 rev 952 (frameNum) Server Terminiation Exploit
6932| [1767] ActualAnalyzer Server <= 8.23 (rf) Remote File Include Vulnerability
6933| [1757] acFTP FTP Server <= 1.4 (USER) Remote Denial of Service Exploit
6934| [1754] FileCOPA FTP Server <= 1.01 (USER) Remote Pre-Auth DoS
6935| [1749] acFTP FTP Server <= 1.4 (USER) Remote Buffer Overflow PoC
6936| [1748] XM Easy Personal FTP Server <= 4.3 (USER) Remote Buffer Overflow PoC
6937| [1743] Golden FTP Server Pro 2.70 (APPE) Remote Buffer Overflow PoC
6938| [1739] Darwin Streaming Server <= 4.1.2 (parse_xml.cgi) Code Execution Exploit
6939| [1721] BL4 SMTP Server < 0.1.5 - Remote Buffer Overflow PoC
6940| [1681] Sybase EAServer 5.2 (WebConsole) Remote Stack Overflow Exploit
6941| [1680] Symantec Sygate Management Server (login) SQL Injection Exploit
6942| [1679] Novell Messenger Server 2.0 (Accept-Language) Remote Overflow Exploit
6943| [1652] ADODB < 4.70 (PhpOpenChat 3.0.x) Server.php SQL Injection Exploit
6944| [1593] Mercur Mailserver 5.0 SP3 (IMAP) Denial of Service Exploit
6945| [1592] Mercur Mailserver 5.0 SP3 (IMAP) Remote Buffer Overflow Exploit
6946| [1582] crossfire-server <= 1.9.0 SetUp() Remote Buffer Overflow Exploit
6947| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
6948| [1565] RevilloC MailServer 1.21 (USER) Remote Buffer Overflow Exploit PoC
6949| [1558] LieroX <= 0.62b Remote Server/Client Denial of Service Exploit
6950| [1552] XM Easy Personal FTP Server 1.0 (Port) Remote Overflow PoC
6951| [1531] ArGoSoft FTP Server <= 1.4.3.5 - Remote Buffer Overflow PoC
6952| [1483] Half-Life CSTRIKE Server <= 1.6 (non steam) Denial of Service Exploit
6953| [1463] SoftiaCom WMailserver 1.0 SMTP Remote Buffer Overflow Exploit (meta)
6954| [1462] Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (cpp)
6955| [1455] Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit
6956| [1452] Sami FTP Server 2.0.1 - Remote Buffer Overflow Exploit (meta)
6957| [1448] Sami FTP Server 2.0.1 - Remote Stack Based Buffer Overflow PoC
6958| [1422] Cerberus FTP Server <= 2.32 Denial of Service Exploit
6959| [1402] SCO Openserver 5.0.7 (termsh) Local Privilege Escalation Exploit
6960| [1381] Golden FTP Server <= 1.92 (APPE) Remote Overflow Exploit (meta)
6961| [1375] Mercury Mail Transport System 4.01b Remote Exploit (PH SERVER)
6962| [1373] Limbo <= 1.0.4.2 _SERVER[REMOTE_ADDR] Overwrite Remote Exploit
6963| [1371] Macromedia Flash Media Server 2 Remote Denial of Service Exploit
6964| [1336] FileZilla Server Terminal 0.9.4d Buffer Overflow PoC
6965| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
6966| [1287] GO-Global Windows Server <= 3.1.0.3270 Buffer Overflow (PoC)
6967| [1282] Blitzkrieg 2 <= 1.21 - (server/client) Denial of Service Exploit
6968| [1259] HP-UX FTP Server Preauthentication Directory Listing Exploit (meta)
6969| [1252] MuOnline Loopholes Web Server (pkok.asp) SQL Injection Exploit
6970| [1251] TYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability
6971| [1235] MultiTheftAuto 0.5 patch 1 Server Crash and MOTD Deletion Exploit
6972| [1220] Fastream NETFile Web Server <= 7.1.2 (HEAD) DoS Exploit
6973| [1196] CUPS Server <= 1.1 (Get Request) Denial of Service Exploit
6974| [1193] Free SMTP Server <= 2.2 Spam Filter Vulnerability
6975| [1184] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
6976| [1178] MS Windows IIS 5.0 (500-100.asp) Server Name Spoof Exploit
6977| [1166] Inframail Advantage Server Edition 6.0 <= 6.37 - (FTP) BoF Exploit
6978| [1165] Inframail Advantage Server Edition 6.0 <= 6.37 - (SMTP) BoF Exploit
6979| [1163] IA eMailServer Corporate Edition Version <= 5.2.2 - DoS Exploit
6980| [1162] GoodTech SMTP Server <= 5.14 Denial of Service Exploit
6981| [1160] Golden FTP Server Pro <= 2.52 (USER) Remote Buffer Overflow Exploit
6982| [1159] Mercury/32 Mail Server <= 4.01a (check) Buffer Overflow Exploit
6983| [1158] WS_FTP Server <= 5.03 (RNFR) Buffer Overflow Exploit
6984| [1150] ZENworks 6.5 Desktop/Server Management Remote Stack Overflow
6985| [1129] Quick 'n EasY <= 3.0 FTP Server Remote Denial of Service Exploit
6986| [1127] ProRat Server <= 1.9 (Fix-2) Buffer Overflow Crash Exploit
6987| [1126] BusinessMail Server <= 4.60.00 Remote Denial of Service Exploit
6988| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
6989| [1121] FTPshell Server <= 3.38 Remote Denial of Service Exploit
6990| [1108] Small HTTP Server <= 3.05.28 Arbitrary Data Execution Exploit
6991| [1107] Remote Control Server 1.6.2 - Denial of Service Exploit
6992| [1101] wMailServer 1.0 - Remote Denial of Service Exploit
6993| [1099] Baby Web Server <= 2.6.2 Command Validation Exploit
6994| [1094] AnalogX SimpleServer:WWW <= 1.05 Denial of Service Exploit
6995| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
6996| [1047] ViRobot Advanced Server 2.0 (addschup) Remote Cookie Exploit
6997| [1035] IPSwitch IMAP Server LOGON Remote Stack Overflow
6998| [1028] Crob FTP Server <= 3.6.1 - Remote Stack Overflow Exploit
6999| [1027] FutureSoft TFTP Server 2000 Remote Denial of Service Exploit
7000| [981] dSMTP Mail Server 3.1b Linux Remote Root Format String Exploit
7001| [978] Ashley's Web Server Denial of Service Exploit
7002| [975] GlobalScape Secure FTP Server 3.0 - Buffer Overflow Exploit
7003| [971] BulletProof FTP Server 2.4.0.31 Local Privilege Escalation Exploit
7004| [969] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (3rd)
7005| [968] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit (2nd)
7006| [967] Golden FTP Server Pro 2.52 Remote Buffer Overflow Exploit
7007| [949] PMsoftware Simple Web Server 1.0 - Remote Stack Overflow Exploit
7008| [947] MS Exchange Server Remote Code Execution Exploit (MS05-021)
7009| [945] PMSoftware Simple Web Server (GET Request) Remote BoF Exploit
7010| [932] Oracle Database Server <= 10.1.0.2 - Buffer Overflow Exploit
7011| [908] ArGoSoft FTP Server <= 1.4.2.8 - Denial of Service Exploit
7012| [899] SPECTral Personal SMTP Server <= 0.4.2 - Denial of Service Exploit
7013| [893] Ocean FTP Server 1.00 Denial of Service Exploit
7014| [891] MCPWS Personal WebServer <= 1.3.21 Denial of Service Exploit
7015| [883] GoodTech Telnet Server < 5.0.7 - Remote BoF Exploit (updated)
7016| [882] GoodTech Telnet Server < 5.0.7 - Buffer Overflow Crash Exploit
7017| [880] Freeciv Server <= 2.0.0beta8 Denial of Service Exploit
7018| [859] CA License Server (GETCONFIG) Remote Buffer Overflow Exploit (c)
7019| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7020| [849] Scrapland <= 1.0 Server Termination Denial of Service Exploit
7021| [847] BadBlue 2.55 Web Server Remote Buffer Overflow
7022| [841] "Soldier of Fortune 2 <= 1.03 ""cl_guid"" - Server Crash"
7023| [828] Knox Arkeia Server Backup 5.3.x Remote Root Exploit
7024| [826] Medal of Honor Spearhead Server Remote Buffer Overflow (Linux)
7025| [825] 3Com Ftp Server 2.0 - Remote Overflow Exploit
7026| [819] Savant Web Server 3.1 - Remote BoF (French Win OS support)
7027| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
7028| [810] Armagetron Advanced <= 0.2.7.0 Server Crash Exploit
7029| [799] Mac OS X AppleFileServer Remote Denial of Service Exploit
7030| [794] 3CServer 1.1 FTP Server Remote Exploit
7031| [787] Savant Web Server 3.1 - Remote Buffer OverflowExploit (win2003)
7032| [781] Savant Web Server 3.1 - Remote Buffer Overflow Exploit
7033| [780] Xpand Rally <= 1.0.0.0 (Server/Clients) Crash Exploit
7034| [767] Golden FTP Server <= 2.02b Remote Buffer Overflow Exploit
7035| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7036| [693] Ability Server <= 2.34 Remote APPE Buffer Overflow Exploit
7037| [667] Jana Server <= 2.4.4 (http/pna) Denial of Service Exploit
7038| [664] WS_FTP Server <= 5.03 MKD Remote Buffer Overflow Exploit
7039| [658] MailEnable Mail Server IMAP <= 1.52 Remote Buffer Overflow Exploit
7040| [653] Soldier of Fortune II <= 1.3 Server/Client Denial of Service Exploit
7041| [644] DMS POP3 Server 1.5.3 build 37 - Buffer Overflow Exploit
7042| [628] NetNote Server <= 2.2 build 230 - Crafted String DoS Exploit
7043| [625] WinFTP Server 1.6 - Denial of Service Exploit
7044| [618] Ability Server 2.34 FTP STOR Buffer Overflow Exploit (Unix Exploit)
7045| [611] chesapeake tftp server 1.0 - Directory Traversal and DoS PoC exploit
7046| [602] SCO Openserver 5.0.7 (MMDF deliver) Local Root Exploit
7047| [594] BaSoMail Server 1.24 POP3/SMTP Remote Denial of Service Exploit
7048| [593] Quick 'n EasY VER 2.4 Ftp Server remote D.o.S
7049| [592] Ability Server <= 2.34 (APPE) Remote Buffer Overflow Exploit
7050| [588] Ability Server 2.34 FTP STOR Buffer Overflow
7051| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7052| [583] SLX Server 6.1 Arbitrary File Creation Exploit (PoC)
7053| [551] MyServer 0.7.1 (POST) Denial of Service Exploit
7054| [471] Emulive Server4 7560 Remote Denial of Service Exploit
7055| [468] Pigeon Server <= 3.02.0143 Denial of Service Exploit
7056| [466] htpasswd Apache 1.3.31 - Local Exploit
7057| [439] BlackJumboDog FTP Server 3.6.1 - Remote Buffer Overflow Exploit
7058| [429] Ground Control <= 1.0.0.7 (Server/Client) Denial of Service Exploit
7059| [428] CesarFTP Server Long Command Denial of Service Exploit
7060| [427] WFTPD Pro Server 3.21 MLST Remote Denial of Service Exploit
7061| [426] TiTan FTP Server Long Command Heap Overflow PoC Exploit
7062| [423] Easy File Sharing Webserver 1.25 Denial of Service Exploit
7063| [419] BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit
7064| [401] IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility
7065| [391] Mac OS X <= 10.3.3 AppleFileServer Remote Root Overflow Exploit
7066| [382] Melange Chat Server 1.10 Remote Buffer Overflow Exploit
7067| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7068| [362] Xitami Web Server Denial of Service Exploit
7069| [361] Flash FTP Server Directory Traversal
7070| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7071| [358] Lexmark Multiple HTTP Servers Denial of Service Vulnerability
7072| [356] OverByte ICS FTP Server Remote Denial of Service Exploit
7073| [288] Progress Database Server 8.3b (prodb) Local Root Exploit
7074| [263] Netscape Enterprise Server 4.0/sparc/SunOS 5.7 - Remote Exploit
7075| [261] SCO OpenServer 5.0.5 Env Local Stack Overflow Exploit
7076| [228] Oops! 1.4.6 (one russi4n proxy-server) Heap Buffer Overflow Exploit
7077| [165] WS_FTP Server <= 4.0.2 ALLO Remote Buffer Overflow Exploit
7078| [161] Red Faction <= 1.20 Server Reply Remote Buffer Overflow Exploit
7079| [159] WFTPD Server <= 3.21 Remote Buffer Overflow Exploit
7080| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7081| [127] Opera 7.22 - File Creation and Execution Exploit (Webserver)
7082| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7083| [121] MS Frontpage Server Extensions fp30reg.dll Exploit (MS03-051)
7084| [116] NIPrint LPD-LPR Print Server <= 4.10 Remote Exploit
7085| [96] 4D WebSTAR FTP Server Suite Remote Buffer Overflow Exploit
7086| [94] MyServer 0.4.3 DoS
7087| [90] eMule/xMule/LMule OP_SERVERMESSAGE Format String Exploit
7088| [86] Real Server 7/8/9 Remote Root Exploit (Windows & Linux)
7089| [81] MS Windows 2000 RSVP Server Authority Hijacking PoC Exploit
7090| [79] DameWare Mini Remote Control Server SYSTEM Exploit
7091| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7092| [65] MS Windows SQL Server Denial of Service Remote Exploit (MS03-031)
7093| [46] Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit
7094| [42] Winmail Mail Server 2.3 - Remote Format String Exploit
7095| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7096| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7097| [23] Real Server < 8.0.2 - Remote Exploit (Windows Platforms)
7098| [17] Xeneo Web Server 2.2.9.0 - Denial of Service Exploit
7099| [13] Chindi Server 1.0 - Denial of Service Exploit
7100| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7101|
7102| OpenVAS (Nessus) - http://www.openvas.org:
7103| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7104| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7105| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7106| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7107| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7108| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7109| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7110| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7111| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7112| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7113| [802704] Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability
7114| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7115| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7116| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7117| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7118| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7119| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7120| [71291] FreeBSD Ports: trafficserver
7121| [10678] Apache /server-info accessible
7122| [10677] Apache /server-status accessible
7123|
7124| SecurityTracker - https://www.securitytracker.com:
7125| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7126| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7127| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7128| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7129| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7130| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7131| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7132| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7133| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7134| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7135| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7136| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7137| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7138| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7139| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7140| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7141| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7142| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7143| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7144| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7145| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7146| [1006755] Inktomi Traffic Server Input Validation Flaw Lets Remote Users Execute Scripting Code in Arbitrary Security Domains
7147| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
7148| [1006533] Microsoft Firewall Service in ISA Server Has Unspecified Flaw That Lets Remote Users Stop Traffic
7149| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7150| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7151| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7152| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7153| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7154| [1005472] IBM Web Traffic Express Caching Proxy Server Allows Cross-Site Scripting Attacks
7155| [1005471] IBM Web Traffic Express Caching Proxy Server Can Be Crashed By Remote Users
7156| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7157| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7158| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7159| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7160| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7161| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7162| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7163| [1004691] Inktomi Traffic Edge Caching Server Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges
7164| [1004690] Inktomi Traffic Server Network Cache Buffer Overflow Lets Local Users Execute Arbitrary Code with Root Privileges
7165| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7166| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7167| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7168| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7169| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7170| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7171| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7172| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7173| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7174| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7175| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7176| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7177| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7178| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7179| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
7180| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
7181| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
7182| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
7183| [1001492] A1-Stats Web Server Traffic Monitoring Statistics Package Lets Remote Users View Files Anywhere on the Server and Overwrite the Contents of Some Existing Files
7184| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
7185| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
7186|
7187| OSVDB - http://www.osvdb.org:
7188| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
7189| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
7190| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
7191| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
7192| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
7193| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
7194| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
7195| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
7196| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
7197| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
7198| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
7199| [91082] IBM WebSphere Application Server (WAS) Plug-in WebSphere App Traffic IHS DoS
7200| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
7201| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
7202| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
7203| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
7204| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
7205| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
7206| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
7207| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
7208| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
7209| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
7210| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
7211| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
7212| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
7213| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
7214| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
7215| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
7216| [79879] NetDecision Traffic Grapher Server Web Request Parsing Traversal Arbitrary File Access
7217| [79652] NetDecision Traffic Grapher Server Web Request GET Header Parsing NetDecision Script File Source Code Disclosure
7218| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
7219| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
7220| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
7221| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
7222| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
7223| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
7224| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
7225| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
7226| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
7227| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
7228| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
7229| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
7230| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
7231| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
7232| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
7233| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
7234| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
7235| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
7236| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
7237| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
7238| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
7239| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
7240| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
7241| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
7242| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
7243| [63895] Apache HTTP Server mod_headers Unspecified Issue
7244| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
7245| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
7246| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
7247| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
7248| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
7249| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
7250| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
7251| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
7252| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
7253| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
7254| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
7255| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
7256| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
7257| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
7258| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
7259| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
7260| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
7261| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
7262| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
7263| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
7264| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
7265| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
7266| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
7267| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
7268| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
7269| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
7270| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
7271| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
7272| [52598] IBM WebSphere Application Server (WAS) Unspecified SSL Traffic Routing Weakness
7273| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
7274| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
7275| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
7276| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
7277| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
7278| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
7279| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
7280| [45688] Cisco Cisco Service Control Engine (SCE) SSH Server Management Interface Traffic Remote DoS
7281| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
7282| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
7283| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
7284| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
7285| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
7286| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
7287| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
7288| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
7289| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
7290| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
7291| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
7292| [40522] Alcatel-Lucent OmniPCX Enterprise Communications Server IP Fixation Remote VoIP Traffic Disclosure
7293| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
7294| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
7295| [40262] Apache HTTP Server mod_status refresh XSS
7296| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
7297| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
7298| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
7299| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
7300| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
7301| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
7302| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
7303| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
7304| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
7305| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
7306| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
7307| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
7308| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
7309| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
7310| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
7311| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
7312| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
7313| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
7314| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
7315| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
7316| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
7317| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
7318| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
7319| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
7320| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
7321| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
7322| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
7323| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7324| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7325| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7326| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7327| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7328| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7329| [20285] Apache HTTP Server Log File Control Character Injection
7330| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7331| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7332| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7333| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7334| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7335| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7336| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7337| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7338| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7339| [18233] Apache HTTP Server htdigest user Variable Overfow
7340| [17738] Apache HTTP Server HTTP Request Smuggling
7341| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
7342| [16586] Apache HTTP Server Win32 GET Overflow DoS
7343| [16014] IBM Web Traffic Express Caching Proxy Server HTTP GET Request XSS
7344| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7345| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7346| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7347| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7348| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7349| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7350| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7351| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7352| [12848] Apache HTTP Server htdigest realm Variable Overflow
7353| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7354| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7355| [12557] Apache HTTP Server prefork MPM accept Error DoS
7356| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7357| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7358| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7359| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7360| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7361| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7362| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7363| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7364| [10068] Apache HTTP Server htpasswd Local Overflow
7365| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7366| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7367| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7368| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7369| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7370| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7371| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7372| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7373| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7374| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7375| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7376| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7377| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7378| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7379| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7380| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7381| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7382| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7383| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7384| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7385| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7386| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7387| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7388| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7389| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7390| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7391| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7392| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7393| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7394| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7395| [9225] IBM Web Traffic Express Caching Proxy Server Location: Header XSS
7396| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7397| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7398| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7399| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7400| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7401| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7402| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7403| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7404| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7405| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7406| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7407| [7611] Apache HTTP Server mod_alias Local Overflow
7408| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7409| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7410| [6795] Inktomi Traffic-Server MiTM XSS
7411| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7412| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7413| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7414| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7415| [5030] Inktomi Traffic Server traffic_manager Overflow
7416| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7417| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7418| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7419| [4553] Apache HTTP Server ApacheBench Overflow DoS
7420| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7421| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7422| [4383] Apache HTTP Server Socket Race Condition DoS
7423| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7424| [4231] Apache Cocoon Error Page Server Path Disclosure
7425| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7426| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7427| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7428| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7429| [3322] mod_php for Apache HTTP Server Process Hijack
7430| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7431| [2733] Apache HTTP Server mod_rewrite Local Overflow
7432| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7433| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7434| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7435| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7436| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7437| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7438| [862] Apache HTTP Server SSI Error Page XSS
7439| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7440| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7441| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7442| [787] Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy
7443| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7444| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7445| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7446| [637] Apache HTTP Server UserDir Directive Username Enumeration
7447| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7448| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7449| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7450| [561] Apache Web Servers mod_status /server-status Information Disclosure
7451| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7452| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7453| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7454| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7455| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7456| [222] Apache HTTP Server test-cgi Arbitrary File Access
7457| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7458| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7459|_
7460445/tcp closed microsoft-ds
746121571/tcp closed unknown
7462Service Info: OS: Unix
7463#######################################################################################################################################
7464 Anonymous JTSEC #OpDeathEathers Full Recon #8