· 6 years ago · Dec 14, 2019, 10:14 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.municipalidaddeantofagasta.cl ISP SERVICIOS INTERNET LTDA
4Continent South America Flag
5CL
6Country Chile Country Code CL
7Region Unknown Local time 14 Dec 2019 16:31 -03
8City Unknown Postal Code Unknown
9IP Address 190.113.1.104 Latitude -33.439
10 Longitude -70.643
11=======================================================================================================================================
12#######################################################################################################################################
13> www.municipalidaddeantofagasta.cl
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18www.municipalidaddeantofagasta.cl canonical name = municipalidaddeantofagasta.cl.
19Name: municipalidaddeantofagasta.cl
20Address: 190.113.1.104
21>
22######################################################################################################################################
23Domain name: municipalidaddeantofagasta.cl
24Registrant name: I MUNICIPALIDAD DE ANTOFAGASTA (I MUNICIPALIDAD DE ANTOFAGASTA)
25Registrant organisation:
26Registrar name: NIC Chile
27Registrar URL: https://www.nic.cl
28Creation date: 2003-04-04 17:06:38 CLST
29Expiration date: 2027-04-29 13:06:38 CLST
30Name server: ns.municipalidadantofagasta.cl
31######################################################################################################################################
32[+] Target : www.municipalidaddeantofagasta.cl
33
34[+] IP Address : 190.113.1.104
35
36[+] Headers :
37
38[+] Date : Sat, 14 Dec 2019 19:53:25 GMT
39[+] Server : Apache
40[+] X-Powered-By : PHP/5.6.40
41[+] Connection : Close
42[+] Set-Cookie : 8d8b09f92a9584f058d8920be2989e03=66b3ca19b32d7c2712d04722b907e790; path=/; HttpOnly
43[+] Content-Length : 0
44[+] Content-Type : text/html; charset=UTF-8
45
46[+] SSL Certificate Information :
47
48[+] commonName : municipalidaddeantofagasta.cl
49[+] countryName : US
50[+] stateOrProvinceName : TX
51[+] localityName : Houston
52[+] organizationName : cPanel, Inc.
53[+] commonName : cPanel, Inc. Certification Authority
54[+] Version : 3
55[+] Serial Number : F34F1FB92651EFE79B3E2A4905F2C060
56[+] Not Before : Nov 16 00:00:00 2019 GMT
57[+] Not After : Feb 14 23:59:59 2020 GMT
58[+] OCSP : ('http://ocsp.comodoca.com',)
59[+] subject Alt Name : (('DNS', 'municipalidaddeantofagasta.cl'), ('DNS', 'cpanel.municipalidaddeantofagasta.cl'), ('DNS', 'mail.municipalidaddeantofagasta.cl'), ('DNS', 'webdisk.municipalidaddeantofagasta.cl'), ('DNS', 'webmail.municipalidaddeantofagasta.cl'), ('DNS', 'whm.municipalidaddeantofagasta.cl'), ('DNS', 'www.municipalidaddeantofagasta.cl'))
60[+] CA Issuers : ('http://crt.comodoca.com/cPanelIncCertificationAuthority.crt',)
61[+] CRL Distribution Points : ('http://crl.comodoca.com/cPanelIncCertificationAuthority.crl',)
62
63[+] Whois Lookup :
64
65[+] NIR : None
66[+] ASN Registry : lacnic
67[+] ASN : 22860
68[+] ASN CIDR : 190.113.0.0/19
69[+] ASN Country Code : CL
70[+] ASN Date : 2009-06-10
71[+] ASN Description : SERVICIOS INTERNET LTDA, CL
72[+] cidr : 190.113.0.0/19
73[+] name : None
74[+] handle : SIL
75[+] range : 190.113.0/19
76[+] description : SERVICIOS INTERNET LTDA
77[+] country : CL
78[+] state : None
79[+] city : None
80[+] address : None
81[+] postal_code : None
82[+] emails : ['lacnic@TECNOERA.COM']
83[+] created : 20090610
84[+] updated : 20090610
85######################################################################################################################################
86[i] Scanning Site: http://www.municipalidaddeantofagasta.cl
87
88
89
90B A S I C I N F O
91====================
92
93
94[+] Site Title:
95[+] IP address: 190.113.1.104
96[+] Web Server: Apache
97[+] CMS: Could Not Detect
98[+] Cloudflare: Not Detected
99[+] Robots File: Found
100
101-------------[ contents ]----------------
102User-agent: AhrefsBot
103Disallow: /
104
105User-agent: SemrushBot
106Disallow: /
107
108User-agent: oBot
109Disallow: /
110
111User-agent: bingbot
112Disallow: /
113
114User-agent: Firefox version 10 and lower - various robots
115Disallow: /
116
117User-agent: SemrushBot-SA
118Disallow: /
119-----------[end of contents]-------------
120
121
122
123W H O I S L O O K U P
124========================
125
126 %%
127%% This is the NIC Chile Whois server (whois.nic.cl).
128%%
129%% Rights restricted by copyright.
130%% See https://www.nic.cl/normativa/politica-publicacion-de-datos-cl.pdf
131%%
132
133Domain name: municipalidaddeantofagasta.cl
134Registrant name: I MUNICIPALIDAD DE ANTOFAGASTA (I MUNICIPALIDAD DE ANTOFAGASTA)
135Registrant organisation:
136Registrar name: NIC Chile
137Registrar URL: https://www.nic.cl
138Creation date: 2003-04-04 17:06:38 CLST
139Expiration date: 2027-04-29 13:06:38 CLST
140Name server: ns.municipalidadantofagasta.cl
141
142%%
143%% For communication with domain contacts please use website.
144%% See https://www.nic.cl/registry/Whois.do?d=municipalidaddeantofagasta.cl
145%%
146
147
148
149
150G E O I P L O O K U P
151=========================
152
153[i] IP Address: 190.113.1.104
154[i] Country: Chile
155[i] State:
156[i] City:
157[i] Latitude: -33.4378
158[i] Longitude: -70.6503
159
160
161
162
163H T T P H E A D E R S
164=======================
165
166
167[i] HTTP/1.1 403 Forbidden
168[i] Date: Sat, 14 Dec 2019 19:53:54 GMT
169[i] Server: Apache
170[i] X-Powered-By: PHP/5.6.40
171[i] Connection: Close
172[i] Set-Cookie: 8d8b09f92a9584f058d8920be2989e03=d756fd1638eacd2230ce34074daeae7f; path=/; HttpOnly
173[i] Content-Length: 0
174[i] Content-Type: text/html; charset=UTF-8
175
176
177
178
179D N S L O O K U P
180===================
181
182municipalidaddeantofagasta.cl. 599 IN TXT "v=spf1 ip4:190.113.1.104 +a +mx ~all"
183municipalidaddeantofagasta.cl. 599 IN SOA ns170.tecnoera.com. spcp.tecnoera.com. 2019041500 3600 1800 1209600 86400
184municipalidaddeantofagasta.cl. 599 IN NS ns171.tecnoera.com.
185municipalidaddeantofagasta.cl. 599 IN NS ns170.tecnoera.com.
186municipalidaddeantofagasta.cl. 599 IN A 190.113.1.104
187municipalidaddeantofagasta.cl. 599 IN MX 0 municipalidaddeantofagasta.cl.
188
189
190
191
192S U B N E T C A L C U L A T I O N
193====================================
194
195Address = 190.113.1.104
196Network = 190.113.1.104 / 32
197Netmask = 255.255.255.255
198Broadcast = not needed on Point-to-Point links
199Wildcard Mask = 0.0.0.0
200Hosts Bits = 0
201Max. Hosts = 1 (2^0 - 0)
202Host Range = { 190.113.1.104 - 190.113.1.104 }
203
204
205
206N M A P P O R T S C A N
207============================
208
209Starting Nmap 7.70 ( https://nmap.org ) at 2019-12-14 19:53 UTC
210Nmap scan report for municipalidaddeantofagasta.cl (190.113.1.104)
211Host is up (0.17s latency).
212rDNS record for 190.113.1.104: APP-05-LON-CP3.tecnoera.com
213
214PORT STATE SERVICE
21521/tcp open ftp
21622/tcp open ssh
21723/tcp filtered telnet
21880/tcp open http
219110/tcp open pop3
220143/tcp open imap
221443/tcp open https
2223389/tcp filtered ms-wbt-server
223
224Nmap done: 1 IP address (1 host up) scanned in 2.67 seconds
225
226
227
228S U B - D O M A I N F I N D E R
229==================================
230
231
232[i] Total Subdomains Found : 6
233
234[+] Subdomain: cpanel.municipalidaddeantofagasta.cl
235[-] IP: 190.113.1.104
236
237[+] Subdomain: webmail.municipalidaddeantofagasta.cl
238[-] IP: 190.113.1.104
239
240[+] Subdomain: omil.municipalidaddeantofagasta.cl
241[-] IP: 190.113.1.104
242
243[+] Subdomain: www.omil.municipalidaddeantofagasta.cl
244[-] IP: 190.113.1.104
245
246[+] Subdomain: whm.municipalidaddeantofagasta.cl
247[-] IP: 190.113.1.104
248
249[+] Subdomain: ns.municipalidaddeantofagasta.cl
250[-] IP: 190.113.1.104
251#######################################################################################################################################
252[+] Starting At 2019-12-14 14:53:45.550231
253[+] Collecting Information On: http://www.municipalidaddeantofagasta.cl/
254[#] Status: 403
255--------------------------------------------------
256[#] Web Server Detected: Apache
257[#] X-Powered-By: PHP/5.6.40
258[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
259- Date: Sat, 14 Dec 2019 19:53:45 GMT
260- Server: Apache
261- X-Powered-By: PHP/5.6.40
262- Connection: Close
263- Set-Cookie: 8d8b09f92a9584f058d8920be2989e03=6ce0776dfef8e6bc48b8d82f9fa3a7d4; path=/; HttpOnly
264- Content-Length: 0
265- Content-Type: text/html; charset=UTF-8
266--------------------------------------------------
267[#] Finding Location..!
268[#] status: success
269[#] country: Chile
270[#] countryCode: CL
271[#] region: VS
272[#] regionName: Region de Valparaiso
273[#] city: Viña del Mar
274[#] zip: 2520000
275[#] lat: -33.0293
276[#] lon: -71.5675
277[#] timezone: America/Santiago
278[#] isp: Latin American and Caribbean IP address Regional Registry
279[#] org: Servicios Internet Ltda
280[#] as: AS22860 Latin American and Caribbean IP address Regional Registry
281[#] query: 190.113.1.104
282--------------------------------------------------
283[x] Didn't Detect WAF Presence on: http://www.municipalidaddeantofagasta.cl/
284--------------------------------------------------
285[#] Starting Reverse DNS
286[-] Failed ! Fail
287--------------------------------------------------
288[!] Scanning Open Port
289[#] 21/tcp open ftp
290[#] 22/tcp open ssh
291[#] 26/tcp open rsftp
292[#] 53/tcp open domain
293[#] 80/tcp open http
294[#] 110/tcp open pop3
295[#] 143/tcp open imap
296[#] 443/tcp open https
297[#] 465/tcp open smtps
298[#] 587/tcp open submission
299[#] 993/tcp open imaps
300[#] 995/tcp open pop3s
301--------------------------------------------------
302[+] Collecting Information Disclosure!
303[#] Detecting sitemap.xml file
304[!] sitemap.xml File Found: http://www.municipalidaddeantofagasta.cl//sitemap.xml
305[#] Detecting robots.txt file
306[!] robots.txt File Found: http://www.municipalidaddeantofagasta.cl//robots.txt
307[#] Detecting GNU Mailman
308[!] GNU Mailman App Detected: http://www.municipalidaddeantofagasta.cl//mailman/admin
309[!] version: 2.1.29
310--------------------------------------------------
311[+] Crawling Url Parameter On: http://www.municipalidaddeantofagasta.cl/
312--------------------------------------------------
313[#] Searching Html Form !
314[-] No Html Form Found!?
315--------------------------------------------------
316[-] No DOM Paramter Found!?
317--------------------------------------------------
318[-] No internal Dynamic Parameter Found!?
319--------------------------------------------------
320[-] No external Dynamic Paramter Found!?
321--------------------------------------------------
322[-] No Internal Link Found!?
323--------------------------------------------------
324[-] No External Link Found!?
325--------------------------------------------------
326[#] Mapping Subdomain..
327[!] Found 7 Subdomain
328- webdisk.municipalidaddeantofagasta.cl
329- cpanel.municipalidaddeantofagasta.cl
330- webmail.municipalidaddeantofagasta.cl
331- omil.municipalidaddeantofagasta.cl
332- www.omil.municipalidaddeantofagasta.cl
333- whm.municipalidaddeantofagasta.cl
334- ns.municipalidaddeantofagasta.cl
335--------------------------------------------------
336[!] Done At 2019-12-14 14:54:17.266818
337#######################################################################################################################################
338Trying "municipalidaddeantofagasta.cl"
339;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25495
340;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
341
342;; QUESTION SECTION:
343;municipalidaddeantofagasta.cl. IN ANY
344
345;; ANSWER SECTION:
346municipalidaddeantofagasta.cl. 600 IN MX 0 municipalidaddeantofagasta.cl.
347municipalidaddeantofagasta.cl. 600 IN A 190.113.1.104
348municipalidaddeantofagasta.cl. 600 IN SOA ns170.tecnoera.com. spcp.tecnoera.com. 2019041500 3600 1800 1209600 86400
349municipalidaddeantofagasta.cl. 600 IN TXT "v=spf1 ip4:190.113.1.104 +a +mx ~all"
350municipalidaddeantofagasta.cl. 600 IN NS ns170.tecnoera.com.
351municipalidaddeantofagasta.cl. 600 IN NS ns171.tecnoera.com.
352
353;; ADDITIONAL SECTION:
354municipalidaddeantofagasta.cl. 600 IN A 190.113.1.104
355
356Received 237 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 176 ms
357#####################################################################################################################################
358[*] Processing domain municipalidaddeantofagasta.cl
359[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
360[+] Getting nameservers
361190.113.1.104 - ns170.tecnoera.com
362190.113.1.105 - ns171.tecnoera.com
363[-] Zone transfer failed
364
365[+] TXT records found
366"v=spf1 ip4:190.113.1.104 +a +mx ~all"
367
368[+] MX records found, added to target list
3690 municipalidaddeantofagasta.cl.
370
371[*] Scanning municipalidaddeantofagasta.cl for A records
372190.113.1.104 - municipalidaddeantofagasta.cl
373cloudflare-resolve-to.municipalidaddeantofagasta.cl 190.113.1.104 - cpanel.municipalidaddeantofagasta.cl
374enterpriseregistration.municipalidaddeantofagasta.cl 190.113.1.104 - ftp.municipalidaddeantofagasta.cl
375190.113.1.104 - mail.municipalidaddeantofagasta.cl
376190.113.1.104 - ns.municipalidaddeantofagasta.cl
377190.113.1.104 - webdisk.municipalidaddeantofagasta.cl
378190.113.1.104 - webmail.municipalidaddeantofagasta.cl
379190.113.1.104 - whm.municipalidaddeantofagasta.cl
380190.113.1.104 - www.municipalidaddeantofagasta.cl
381190.113.1.104 - www2.municipalidaddeantofagasta.cl
382######################################################################################################################################
383 AVAILABLE PLUGINS
384 -----------------
385
386 OpenSslCipherSuitesPlugin
387 RobotPlugin
388 HttpHeadersPlugin
389 CompressionPlugin
390 OpenSslCcsInjectionPlugin
391 SessionRenegotiationPlugin
392 SessionResumptionPlugin
393 CertificateInfoPlugin
394 FallbackScsvPlugin
395 HeartbleedPlugin
396 EarlyDataPlugin
397
398
399
400 CHECKING HOST(S) AVAILABILITY
401 -----------------------------
402
403 190.113.1.104:443 => 190.113.1.104
404
405
406
407
408 SCAN RESULTS FOR 190.113.1.104:443 - 190.113.1.104
409 --------------------------------------------------
410
411 * TLSV1_1 Cipher Suites:
412 Server rejected all cipher suites.
413
414 * TLSV1 Cipher Suites:
415 Server rejected all cipher suites.
416
417 * Certificate Information:
418 Content
419 SHA1 Fingerprint: 7a44f4ffa300a83c8c6c2a306acb773c8e055d8c
420 Common Name: muniantofagasta.cl
421 Issuer: muniantofagasta.cl
422 Serial Number: 4788488509
423 Not Before: 2018-04-27 18:28:03
424 Not After: 2019-04-27 18:28:03
425 Signature Algorithm: sha256
426 Public Key Algorithm: RSA
427 Key Size: 2048
428 Exponent: 65537 (0x10001)
429 DNS Subject Alternative Names: ['muniantofagasta.cl', 'mail.muniantofagasta.cl', 'www.muniantofagasta.cl']
430
431 Trust
432 Hostname Validation: FAILED - Certificate does NOT match 190.113.1.104
433 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: self signed certificate
434 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: self signed certificate
435 Java CA Store (jdk-12.0.1): FAILED - Certificate is NOT Trusted: self signed certificate
436 Mozilla CA Store (2019-03-14): FAILED - Certificate is NOT Trusted: self signed certificate
437 Windows CA Store (2019-05-27): FAILED - Certificate is NOT Trusted: self signed certificate
438 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
439 Received Chain: muniantofagasta.cl
440 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
441 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
442 Received Chain Order: OK - Order is valid
443 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
444
445 Extensions
446 OCSP Must-Staple: NOT SUPPORTED - Extension not found
447 Certificate Transparency: NOT SUPPORTED - Extension not found
448
449 OCSP Stapling
450 NOT SUPPORTED - Server did not send back an OCSP response
451
452 * Deflate Compression:
453 OK - Compression disabled
454
455 * TLS 1.2 Session Resumption Support:
456 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
457 With TLS Tickets: OK - Supported
458
459 * OpenSSL CCS Injection:
460 OK - Not vulnerable to OpenSSL CCS injection
461
462 * SSLV3 Cipher Suites:
463 Server rejected all cipher suites.
464
465 * TLSV1_2 Cipher Suites:
466 Forward Secrecy OK - Supported
467 RC4 OK - Not Supported
468
469 Preferred:
470 None - Server followed client cipher suite preference.
471 Accepted:
472 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
473 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
474 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
475 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
476
477 * SSLV2 Cipher Suites:
478 Server rejected all cipher suites.
479
480 * ROBOT Attack:
481 OK - Not vulnerable, RSA cipher suites not supported
482
483 * Downgrade Attacks:
484 TLS_FALLBACK_SCSV: OK - Supported
485
486 * Session Renegotiation:
487 Client-initiated Renegotiation: OK - Rejected
488 Secure Renegotiation: OK - Supported
489
490 * TLSV1_3 Cipher Suites:
491 Server rejected all cipher suites.
492
493 * OpenSSL Heartbleed:
494 OK - Not vulnerable to Heartbleed
495
496
497 SCAN COMPLETED IN 39.82 S
498 -------------------------
499######################################################################################################################################
500
501Domains still to check: 1
502 Checking if the hostname municipalidaddeantofagasta.cl. given is in fact a domain...
503
504Analyzing domain: municipalidaddeantofagasta.cl.
505 Checking NameServers using system default resolver...
506 IP: 190.113.1.105 (Chile)
507 HostName: ns171.tecnoera.com Type: NS
508 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
509 IP: 190.113.1.104 (Chile)
510 HostName: ns170.tecnoera.com Type: NS
511 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
512
513 Checking MailServers using system default resolver...
514 IP: 190.113.1.104 (Chile)
515 HostName: ns170.tecnoera.com Type: NS
516 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
517 HostName: municipalidaddeantofagasta.cl Type: MX
518
519 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
520 No zone transfer found on nameserver 190.113.1.104
521 No zone transfer found on nameserver 190.113.1.105
522
523 Checking SPF record...
524
525 Checking 192 most common hostnames using system default resolver...
526 IP: 190.113.1.104 (Chile)
527 HostName: ns170.tecnoera.com Type: NS
528 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
529 HostName: municipalidaddeantofagasta.cl Type: MX
530 Type: SPF
531 HostName: www.municipalidaddeantofagasta.cl. Type: A
532 IP: 190.113.1.104 (Chile)
533 HostName: ns170.tecnoera.com Type: NS
534 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
535 HostName: municipalidaddeantofagasta.cl Type: MX
536 Type: SPF
537 HostName: www.municipalidaddeantofagasta.cl. Type: A
538 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
539 IP: 190.113.1.104 (Chile)
540 HostName: ns170.tecnoera.com Type: NS
541 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
542 HostName: municipalidaddeantofagasta.cl Type: MX
543 Type: SPF
544 HostName: www.municipalidaddeantofagasta.cl. Type: A
545 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
546 HostName: mail.municipalidaddeantofagasta.cl. Type: A
547 IP: 190.113.1.104 (Chile)
548 HostName: ns170.tecnoera.com Type: NS
549 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
550 HostName: municipalidaddeantofagasta.cl Type: MX
551 Type: SPF
552 HostName: www.municipalidaddeantofagasta.cl. Type: A
553 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
554 HostName: mail.municipalidaddeantofagasta.cl. Type: A
555 HostName: ns.municipalidaddeantofagasta.cl. Type: A
556 IP: 190.113.1.104 (Chile)
557 HostName: ns170.tecnoera.com Type: NS
558 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
559 HostName: municipalidaddeantofagasta.cl Type: MX
560 Type: SPF
561 HostName: www.municipalidaddeantofagasta.cl. Type: A
562 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
563 HostName: mail.municipalidaddeantofagasta.cl. Type: A
564 HostName: ns.municipalidaddeantofagasta.cl. Type: A
565 HostName: webmail.municipalidaddeantofagasta.cl. Type: A
566 IP: 190.113.1.104 (Chile)
567 HostName: ns170.tecnoera.com Type: NS
568 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
569 HostName: municipalidaddeantofagasta.cl Type: MX
570 Type: SPF
571 HostName: www.municipalidaddeantofagasta.cl. Type: A
572 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
573 HostName: mail.municipalidaddeantofagasta.cl. Type: A
574 HostName: ns.municipalidaddeantofagasta.cl. Type: A
575 HostName: webmail.municipalidaddeantofagasta.cl. Type: A
576 HostName: www2.municipalidaddeantofagasta.cl. Type: A
577
578 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
579 Checking netblock 190.113.1.0
580
581 Searching for municipalidaddeantofagasta.cl. emails in Google
582
583 Checking 2 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
584 Host 190.113.1.104 is up (reset ttl 64)
585 Host 190.113.1.105 is up (reset ttl 64)
586
587 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
588 Scanning ip 190.113.1.104 (www2.municipalidaddeantofagasta.cl.):
589 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
590 22/tcp open ssh? syn-ack ttl 42
591 |_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
592 26/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
593 |_smtp-commands: Couldn't establish connection on port 26
594 53/tcp open domain syn-ack ttl 44 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
595 80/tcp open http syn-ack ttl 43 Apache httpd
596 110/tcp open pop3 syn-ack ttl 45 Dovecot pop3d
597 143/tcp open imap syn-ack ttl 43 Dovecot imapd
598 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
599 465/tcp open ssl/smtp syn-ack ttl 45 Exim smtpd 4.92
600 |_smtp-commands: Couldn't establish connection on port 465
601 587/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
602 |_smtp-commands: Couldn't establish connection on port 587
603 993/tcp open imaps? syn-ack ttl 42
604 995/tcp open pop3s? syn-ack ttl 43
605 OS Info: Service Info: Host: app-05-lon-cp3.tecnoera.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
606 Scanning ip 190.113.1.105 (APP-05-LON-CP3.tecnoera.com (PTR)):
607 WebCrawling domain's web servers... up to 50 max links.
608
609 + URL to crawl: http://municipalidaddeantofagasta.cl
610 + Date: 2019-12-14
611
612 + Crawling URL: http://municipalidaddeantofagasta.cl:
613 + Links:
614 + Crawling http://municipalidaddeantofagasta.cl (timed out)
615 + Searching for directories...
616 + Searching open folders...
617
618
619 + URL to crawl: http://www.municipalidaddeantofagasta.cl.
620 + Date: 2019-12-14
621
622 + Crawling URL: http://www.municipalidaddeantofagasta.cl.:
623 + Links:
624 + Crawling http://www.municipalidaddeantofagasta.cl. (timed out)
625 + Searching for directories...
626 + Searching open folders...
627
628
629 + URL to crawl: http://ns.municipalidaddeantofagasta.cl.
630 + Date: 2019-12-14
631
632 + Crawling URL: http://ns.municipalidaddeantofagasta.cl.:
633 + Links:
634 + Crawling http://ns.municipalidaddeantofagasta.cl. (timed out)
635 + Searching for directories...
636 + Searching open folders...
637
638
639 + URL to crawl: http://www2.municipalidaddeantofagasta.cl.
640 + Date: 2019-12-14
641
642 + Crawling URL: http://www2.municipalidaddeantofagasta.cl.:
643 + Links:
644 + Crawling http://www2.municipalidaddeantofagasta.cl. (timed out)
645 + Searching for directories...
646 + Searching open folders...
647
648
649 + URL to crawl: http://ns170.tecnoera.com
650 + Date: 2019-12-14
651
652 + Crawling URL: http://ns170.tecnoera.com:
653 + Links:
654 + Crawling http://ns170.tecnoera.com (timed out)
655 + Searching for directories...
656 + Searching open folders...
657
658
659 + URL to crawl: http://ftp.municipalidaddeantofagasta.cl.
660 + Date: 2019-12-14
661
662 + Crawling URL: http://ftp.municipalidaddeantofagasta.cl.:
663 + Links:
664 + Crawling http://ftp.municipalidaddeantofagasta.cl. (timed out)
665 + Searching for directories...
666 + Searching open folders...
667
668
669 + URL to crawl: http://mail.municipalidaddeantofagasta.cl.
670 + Date: 2019-12-14
671
672 + Crawling URL: http://mail.municipalidaddeantofagasta.cl.:
673 + Links:
674 + Crawling http://mail.municipalidaddeantofagasta.cl. (timed out)
675 + Searching for directories...
676 + Searching open folders...
677
678
679 + URL to crawl: http://webmail.municipalidaddeantofagasta.cl.
680 + Date: 2019-12-14
681
682 + Crawling URL: http://webmail.municipalidaddeantofagasta.cl.:
683 + Links:
684 + Crawling http://webmail.municipalidaddeantofagasta.cl. (timed out)
685 + Searching for directories...
686 + Searching open folders...
687
688
689 + URL to crawl: https://municipalidaddeantofagasta.cl
690 + Date: 2019-12-14
691
692 + Crawling URL: https://municipalidaddeantofagasta.cl:
693 + Links:
694 + Crawling https://municipalidaddeantofagasta.cl (timed out)
695 + Searching for directories...
696 + Searching open folders...
697
698
699 + URL to crawl: https://www.municipalidaddeantofagasta.cl.
700 + Date: 2019-12-14
701
702 + Crawling URL: https://www.municipalidaddeantofagasta.cl.:
703 + Links:
704 + Crawling https://www.municipalidaddeantofagasta.cl. (timed out)
705 + Searching for directories...
706 + Searching open folders...
707
708
709 + URL to crawl: https://ns.municipalidaddeantofagasta.cl.
710 + Date: 2019-12-14
711
712 + Crawling URL: https://ns.municipalidaddeantofagasta.cl.:
713 + Links:
714 + Crawling https://ns.municipalidaddeantofagasta.cl. (timed out)
715 + Searching for directories...
716 + Searching open folders...
717
718
719 + URL to crawl: https://www2.municipalidaddeantofagasta.cl.
720 + Date: 2019-12-14
721
722 + Crawling URL: https://www2.municipalidaddeantofagasta.cl.:
723 + Links:
724 + Crawling https://www2.municipalidaddeantofagasta.cl. (timed out)
725 + Searching for directories...
726 + Searching open folders...
727
728
729 + URL to crawl: https://ns170.tecnoera.com
730 + Date: 2019-12-14
731
732 + Crawling URL: https://ns170.tecnoera.com:
733 + Links:
734 + Crawling https://ns170.tecnoera.com (timed out)
735 + Searching for directories...
736 + Searching open folders...
737
738
739 + URL to crawl: https://ftp.municipalidaddeantofagasta.cl.
740 + Date: 2019-12-14
741
742 + Crawling URL: https://ftp.municipalidaddeantofagasta.cl.:
743 + Links:
744 + Crawling https://ftp.municipalidaddeantofagasta.cl. (timed out)
745 + Searching for directories...
746 + Searching open folders...
747
748
749 + URL to crawl: https://mail.municipalidaddeantofagasta.cl.
750 + Date: 2019-12-14
751
752 + Crawling URL: https://mail.municipalidaddeantofagasta.cl.:
753 + Links:
754 + Crawling https://mail.municipalidaddeantofagasta.cl. (timed out)
755 + Searching for directories...
756 + Searching open folders...
757
758
759 + URL to crawl: https://webmail.municipalidaddeantofagasta.cl.
760 + Date: 2019-12-14
761
762 + Crawling URL: https://webmail.municipalidaddeantofagasta.cl.:
763 + Links:
764 + Crawling https://webmail.municipalidaddeantofagasta.cl. (timed out)
765 + Searching for directories...
766 + Searching open folders...
767
768--Finished--
769Summary information for domain municipalidaddeantofagasta.cl.
770-----------------------------------------
771
772 Domain Ips Information:
773 IP: 190.113.1.104
774 HostName: ns170.tecnoera.com Type: NS
775 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
776 HostName: municipalidaddeantofagasta.cl Type: MX
777 Type: SPF
778 HostName: www.municipalidaddeantofagasta.cl. Type: A
779 HostName: ftp.municipalidaddeantofagasta.cl. Type: A
780 HostName: mail.municipalidaddeantofagasta.cl. Type: A
781 HostName: ns.municipalidaddeantofagasta.cl. Type: A
782 HostName: webmail.municipalidaddeantofagasta.cl. Type: A
783 HostName: www2.municipalidaddeantofagasta.cl. Type: A
784 Country: Chile
785 Is Active: True (reset ttl 64)
786 Port: 21/tcp open ftp syn-ack ttl 43 Pure-FTPd
787 Port: 22/tcp open ssh? syn-ack ttl 42
788 Script Info: |_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
789 Port: 26/tcp open smtp syn-ack ttl 42 Exim smtpd 4.92
790 Script Info: |_smtp-commands: Couldn't establish connection on port 26
791 Port: 53/tcp open domain syn-ack ttl 44 ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
792 Port: 80/tcp open http syn-ack ttl 43 Apache httpd
793 Port: 110/tcp open pop3 syn-ack ttl 45 Dovecot pop3d
794 Port: 143/tcp open imap syn-ack ttl 43 Dovecot imapd
795 Port: 443/tcp open ssl/http syn-ack ttl 44 Apache httpd
796 Port: 465/tcp open ssl/smtp syn-ack ttl 45 Exim smtpd 4.92
797 Script Info: |_smtp-commands: Couldn't establish connection on port 465
798 Port: 587/tcp open smtp syn-ack ttl 44 Exim smtpd 4.92
799 Script Info: |_smtp-commands: Couldn't establish connection on port 587
800 Port: 993/tcp open imaps? syn-ack ttl 42
801 Port: 995/tcp open pop3s? syn-ack ttl 43
802 Os Info: Host: app-05-lon-cp3.tecnoera.com; OS: Linux; CPE: cpe:/o:redhat:enterprise_linux:6
803 IP: 190.113.1.105
804 HostName: ns171.tecnoera.com Type: NS
805 HostName: APP-05-LON-CP3.tecnoera.com Type: PTR
806 Country: Chile
807 Is Active: True (reset ttl 64)
808
809--------------End Summary --------------
810-----------------------------------------
811#######################################################################################################################################
812traceroute to www.municipalidaddeantofagasta.cl (190.113.1.104), 30 hops max, 60 byte packets
813 1 10.247.204.1 (10.247.204.1) 165.795 ms 327.036 ms 327.038 ms
814 2 213.184.122.97 (213.184.122.97) 327.100 ms 327.088 ms 327.216 ms
815 3 bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9) 326.940 ms 326.897 ms 326.894 ms
816 4 bzq-179-124-185.cust.bezeqint.net (212.179.124.185) 326.882 ms 326.868 ms 326.851 ms
817 5 bzq-219-189-126.dsl.bezeqint.net (62.219.189.126) 489.734 ms bzq-179-124-153.cust.bezeqint.net (212.179.124.153) 489.674 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1) 326.795 ms
818 6 bzq-219-189-78.dsl.bezeqint.net (62.219.189.78) 489.701 ms bzq-219-189-17.cablep.bezeqint.net (62.219.189.17) 215.871 ms bzq-219-189-86.dsl.bezeqint.net (62.219.189.86) 211.213 ms
819 7 bzq-161-218.pop.bezeqint.net (212.179.161.218) 411.646 ms et-0-0-19.cr2-fra6.ip4.gtt.net (89.149.133.62) 411.588 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 411.538 ms
820 8 et-0-0-1.cr2-fra6.ip4.gtt.net (213.200.117.138) 411.495 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 411.540 ms *
821 9 et-0-0-1.cr2-fra6.ip4.gtt.net (213.200.117.138) 411.356 ms * 411.330 ms
82210 GBLX-level3-80G.Frankfurt1.Level3.net (4.68.63.50) 411.407 ms * *
82311 GBLX-level3-80G.Frankfurt1.Level3.net (4.68.63.50) 411.283 ms 411.293 ms 225.650 ms
82412 * 190.216.150.18 (190.216.150.18) 607.692 ms *
82513 * 190.216.150.18 (190.216.150.18) 809.039 ms *
82614 190.216.150.18 (190.216.150.18) 808.926 ms 808.915 ms TCN-05-LON-GW-NW-42.TECNOERA.COM (200.24.224.42) 808.870 ms
82715 TCN-05-LON-GW-NW-42.TECNOERA.COM (200.24.224.42) 808.825 ms * *
828#######################################################################################################################################
829----- municipalidaddeantofagasta.cl -----
830
831
832Host's addresses:
833__________________
834
835municipalidaddeantofagasta.cl. 140 IN A 190.113.1.104
836
837
838Name Servers:
839______________
840
841ns170.tecnoera.com. 59 IN A 190.113.1.104
842ns171.tecnoera.com. 60 IN A 190.113.1.105
843
844
845Mail (MX) Servers:
846___________________
847
848municipalidaddeantofagasta.cl. 137 IN A 190.113.1.104
849
850
851
852Scraping municipalidaddeantofagasta.cl subdomains from Google:
853_______________________________________________________________
854
855
856 ---- Google search page: 1 ----
857
858 mail
859
860 ---- Google search page: 2 ----
861
862 mail
863 mail
864 mail
865 mail
866
867 ---- Google search page: 3 ----
868
869 mail
870 mail
871 mail
872 mail
873 mail
874 mail
875 mail
876
877 ---- Google search page: 4 ----
878
879 mail
880 mail
881 mail
882
883
884Google Results:
885________________
886
887mail.municipalidaddeantofagasta.cl. 272 IN CNAME (
888municipalidaddeantofagasta.cl. 272 IN A 190.113.1.104
889
890
891Brute forcing with /usr/share/dnsenum/dns.txt:
892_______________________________________________
893
894ftp.municipalidaddeantofagasta.cl. 190 IN CNAME (
895municipalidaddeantofagasta.cl. 190 IN A 190.113.1.104
896ns.municipalidaddeantofagasta.cl. 105 IN A 190.113.1.104
897webmail.municipalidaddeantofagasta.cl. 99 IN A 190.113.1.104
898www2.municipalidaddeantofagasta.cl. 54 IN A 190.113.1.104
899www.municipalidaddeantofagasta.cl. 600 IN CNAME (
900municipalidaddeantofagasta.cl. 600 IN A 190.113.1.104
901
902
903Launching Whois Queries:
904_________________________
905
906 whois ip result: 190.113.1.0 -> 190.113.0.0/19
907
908
909municipalidaddeantofagasta.cl_____________________________
910
911 190.113.0.0/19
912######################################################################################################################################
913WARNING: Duplicate port number(s) specified. Are you alert enough to be using Nmap? Have some coffee or Jolt(tm).
914Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 16:30 EST
915Nmap scan report for APP-05-LON-CP3.tecnoera.com (190.113.1.104)
916Host is up (0.38s latency).
917Not shown: 482 filtered ports, 3 closed ports
918Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
919PORT STATE SERVICE
92021/tcp open ftp
92122/tcp open ssh
92253/tcp open domain
92380/tcp open http
924110/tcp open pop3
925143/tcp open imap
926443/tcp open https
927465/tcp open smtps
928587/tcp open submission
929993/tcp open imaps
930995/tcp open pop3s
931
932Nmap done: 1 IP address (1 host up) scanned in 13.52 seconds
933######################################################################################################################################
934Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 16:30 EST
935Nmap scan report for APP-05-LON-CP3.tecnoera.com (190.113.1.104)
936Host is up (0.16s latency).
937Not shown: 2 filtered ports
938PORT STATE SERVICE
93953/udp open domain
94067/udp open|filtered dhcps
94168/udp open|filtered dhcpc
94269/udp open|filtered tftp
94388/udp open|filtered kerberos-sec
944123/udp open|filtered ntp
945139/udp open|filtered netbios-ssn
946161/udp open|filtered snmp
947162/udp open|filtered snmptrap
948389/udp open|filtered ldap
949500/udp open|filtered isakmp
950520/udp open|filtered route
9512049/udp open|filtered nfs
952
953Nmap done: 1 IP address (1 host up) scanned in 2.92 seconds
954#####################################################################################################################################
955Starting Nmap 7.80 ( https://nmap.org ) at 2019-12-14 17:01 EST
956Nmap scan report for APP-05-LON-CP3.tecnoera.com (190.113.1.104)
957Host is up (0.27s latency).
958Not shown: 984 filtered ports
959PORT STATE SERVICE VERSION
96020/tcp closed ftp-data
96121/tcp open ftp Pure-FTPd
962| vulscan: VulDB - https://vuldb.com:
963| [102925] Foscam C1 Indoor HD Camera 2.52.2.37 Web Management Interface pureftpd.passwd HTTP Request privilege escalation
964| [57510] Pureftpd Pure-FTPd up to 0.x Memory Consumption denial of service
965| [57504] Pureftpd Pure-FTPd up to 0.x ftp_parser.c Cleartext unknown vulnerability
966|
967| MITRE CVE - https://cve.mitre.org:
968| [CVE-2004-0656] The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
969|
970| SecurityFocus - https://www.securityfocus.com/bid/:
971| [10664] PureFTPd Accept_Client Remote Denial of Service Vulnerability
972|
973| IBM X-Force - https://exchange.xforce.ibmcloud.com:
974| No findings
975|
976| Exploit-DB - https://www.exploit-db.com:
977| No findings
978|
979| OpenVAS (Nessus) - http://www.openvas.org:
980| No findings
981|
982| SecurityTracker - https://www.securitytracker.com:
983| [1010701] PureFTPd Logic Bug in accept_client() Lets Remote Users Crash the FTP Daemon
984| [1008135] (Claim is Retracted) PureFTPd Buffer Overflow in displayrate() Lets Remote Users Crash the Service
985| [1002993] PurePostPro Script Add-on for PureFTPd and MySQL Allows Remote Users to Execute SQL Commands on the Server
986| [1001126] PureFTPd May Allow Remote Users to Deny Service on the Server
987|
988| OSVDB - http://www.osvdb.org:
989| No findings
990|_
99122/tcp open ssh?
99225/tcp closed smtp
99326/tcp open smtp Exim smtpd 4.92
994| vulscan: VulDB - https://vuldb.com:
995| [141327] Exim up to 4.92.1 Backslash privilege escalation
996| [138827] Exim up to 4.92 Expansion Code Execution
997| [135932] Exim up to 4.92 privilege escalation
998| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
999|
1000| MITRE CVE - https://cve.mitre.org:
1001| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
1002| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
1003| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
1004| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
1005| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
1006| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
1007| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
1008| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
1009| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
1010| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
1011| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
1012| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
1013| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
1014| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
1015| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
1016| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
1017|
1018| SecurityFocus - https://www.securityfocus.com/bid/:
1019| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
1020| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
1021| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
1022| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
1023| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
1024| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
1025| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
1026| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
1027| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
1028| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
1029| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
1030| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
1031| [45308] Exim Crafted Header Remote Code Execution Vulnerability
1032| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
1033| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
1034| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
1035| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
1036| [17110] sa-exim Unauthorized File Access Vulnerability
1037| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
1038| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
1039| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
1040| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
1041| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
1042| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
1043| [6314] Exim Internet Mailer Format String Vulnerability
1044| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
1045| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
1046| [2828] Exim Format String Vulnerability
1047| [1859] Exim Buffer Overflow Vulnerability
1048|
1049| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1050| [84758] Exim sender_address parameter command execution
1051| [84015] Exim command execution
1052| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
1053| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
1054| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
1055| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
1056| [67455] Exim DKIM processing code execution
1057| [67299] Exim dkim_exim_verify_finish() format string
1058| [65028] Exim open_log privilege escalation
1059| [63967] Exim config file privilege escalation
1060| [63960] Exim header buffer overflow
1061| [59043] Exim mail directory privilege escalation
1062| [59042] Exim MBX symlink
1063| [52922] ikiwiki teximg plugin information disclosure
1064| [34265] Exim spamd buffer overflow
1065| [25286] Sa-exim greylistclean.cron file deletion
1066| [22687] RHSA-2005:025 updates for exim not installed
1067| [18901] Exim dns_build_reverse buffer overflow
1068| [18764] Exim spa_base64_to_bits function buffer overflow
1069| [18763] Exim host_aton buffer overflow
1070| [16079] Exim require_verify buffer overflow
1071| [16077] Exim header_check_syntax buffer overflow
1072| [16075] Exim sender_verify buffer overflow
1073| [13067] Exim HELO or EHLO command heap overflow
1074| [10761] Exim daemon.c format string
1075| [8194] Exim configuration file -c command-line argument buffer overflow
1076| [7738] Exim allows attacker to hide commands in localhost names using pipes
1077| [6671] Exim "
1078| [1893] Exim MTA allows local users to gain root privileges
1079|
1080| Exploit-DB - https://www.exploit-db.com:
1081| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
1082| [15725] Exim 4.63 Remote Root Exploit
1083| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
1084| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
1085| [796] Exim <= 4.42 Local Root Exploit
1086| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
1087|
1088| OpenVAS (Nessus) - http://www.openvas.org:
1089| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
1090|
1091| SecurityTracker - https://www.securitytracker.com:
1092| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
1093| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
1094| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
1095| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
1096| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
1097| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
1098| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
1099| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
1100| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
1101| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
1102| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
1103| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
1104|
1105| OSVDB - http://www.osvdb.org:
1106| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
1107| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
1108| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
1109| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
1110| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
1111| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
1112| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
1113| [70696] Exim log.c open_log() Function Local Privilege Escalation
1114| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
1115| [69685] Exim string_format Function Remote Overflow
1116| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
1117| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
1118| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
1119| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
1120| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
1121| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
1122| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
1123| [12726] Exim -be Command Line Option host_aton Function Local Overflow
1124| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
1125| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
1126| [10032] libXpm CreateXImage Function Integer Overflow
1127| [7160] Exim .forward :include: Option Privilege Escalation
1128| [6479] Vexim COOKIE Authentication Credential Disclosure
1129| [6478] Vexim Multiple Parameter SQL Injection
1130| [5930] Exim Parenthesis File Name Filter Bypass
1131| [5897] Exim header_syntax Function Remote Overflow
1132| [5896] Exim sender_verify Function Remote Overflow
1133| [5530] Exim Localhost Name Arbitrary Command Execution
1134| [5330] Exim Configuration File Variable Overflow
1135| [1855] Exim Batched SMTP Mail Header Format String
1136|_
113753/tcp open domain ISC BIND 9.8.2rc1 (RedHat Enterprise Linux 6)
1138| vulscan: VulDB - https://vuldb.com:
1139| [93249] ISC BIND up to 9.8.x/9.9.9-P3/9.9.9-S5/9.10.4-P3/9.11.0 DNAME Response db.c denial of service
1140| [93015] ISC BIND up to 9.8.4/9.9.2 Packet Option DNS Packet Crash denial of service
1141| [80354] ISC BIND up to 9.8.8/9.9.8-P2/9.9.8-S3/9.10.3-P2 Address Prefix List apl_42.c denial of service
1142| [77552] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 OpenPGP Key openpgpkey_61.c denial of service
1143| [77551] ISC BIND up to 9.8.8/9.9.7-P2/9.10.2-P3 DNSSEC Key buffer.c denial of service
1144| [13184] ISC BIND 9.8.1-P1 Smoothed Round Trip Time Algorithm DNS spoofing
1145| [9946] ISC BIND 9.8.1-P1 SRTT Algorithm privilege escalation
1146| [4443] ISC BIND up to 9.8.x Recursive Query Processor denial of service
1147| [57895] ISC BIND 9.8.0/9.8.1 Crash denial of service
1148| [4357] ISC BIND up to 9.8.x Negative Caching RRSIG RRsets denial of service
1149| [57404] ISC BIND 9.8.0 denial of service
1150| [135686] Bosch Smart Home Controller up to 9.8 Backup information disclosure
1151| [135684] Bosch Smart Home Controller up to 9.8 JSON-RPC Interface information disclosure
1152| [129940] Adobe Connect up to 9.8.1 Session Token information disclosure
1153| [117535] Synacor Zimbra Collaboration up to 8.6.0 Patch 9/8.7.11 Patch 2/8.8.7 mailboxd Error information disclosure
1154| [11371] Cisco ONS 15454 9.8.0 Controller Card denial of service
1155|
1156| MITRE CVE - https://cve.mitre.org:
1157| [CVE-2013-4854] The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
1158| [CVE-2013-3919] resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
1159| [CVE-2013-2266] libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
1160| [CVE-2012-5689] ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record.
1161| [CVE-2012-5688] ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
1162| [CVE-2012-5166] ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
1163| [CVE-2012-4244] ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
1164| [CVE-2012-1667] ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.
1165| [CVE-2012-1033] The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
1166| [CVE-2011-4313] query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.
1167| [CVE-2011-2465] Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
1168| [CVE-2011-2464] Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.
1169| [CVE-2011-1910] Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.
1170| [CVE-2011-1907] ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.
1171| [CVE-2010-1567] The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.
1172|
1173| SecurityFocus - https://www.securityfocus.com/bid/:
1174| [48264] Aastra 9480i CT Multiple Information Disclosure Vulnerabilities
1175| [61774] ISC BIND 9 SRTT Algorithm Authoritative Server Selection Security Vulnerability
1176| [61479] ISC BIND 9 DNS RDATA Handling CVE-2013-4854 Remote Denial of Service Vulnerability
1177| [58736] ISC BIND 9 'libdns' Remote Denial of Service Vulnerability
1178| [57556] ISC BIND 9 DNS64 CVE-2012-5689 Remote Denial of Service Vulnerability
1179| [56817] ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
1180| [55852] ISC BIND 9 DNS RDATA Handling CVE-2012-5166 Remote Denial of Service Vulnerability
1181| [55522] ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
1182| [54659] ISC BIND 9 TCP Query Remote Denial of Service Vulnerability
1183| [54658] ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability
1184| [53772] ISC BIND 9 DNS Resource Records Handling Remote Denial of Service Vulnerability
1185| [50690] ISC BIND 9 Recursive Queries Remote Denial of Service Vulnerability
1186| [48566] ISC BIND 9 Unspecified Packet Processing Remote Denial of Service Vulnerability
1187| [48565] ISC BIND 9 RPZ Configurations Remote Denial of Service Vulnerabilities
1188| [48007] ISC BIND 9 Large RRSIG RRsets Remote Denial of Service Vulnerability
1189| [47734] ISC BIND 9 RRSIG Query Type Remote Denial of Service Vulnerability
1190| [46491] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
1191| [45385] ISC BIND 9 DNSSEC Validation Remote Denial of Service Vulnerability
1192| [45133] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
1193| [41730] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
1194| [37865] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
1195| [37118] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
1196| [35848] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
1197| [25076] ISC BIND 9 Default ACL Settings Recursive Queries And Cached Content Security Bypass Vulnerability
1198| [25037] ISC BIND 9 Remote Cache Poisoning Vulnerability
1199| [4936] ISC BIND 9 Remote Denial Of Service Vulnerability
1200|
1201| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1202| [85799] Cisco Unified IP Phones 9900 Series directory traversal
1203| [75412] Cisco Unified IP Phones 9900 series RT privilege escalation
1204| [68733] Cisco 9000 Series Aggregation Service Router IPv4 packet denial of service
1205| [9704] Multiple Lucent router UDP port 9 could disclose sensitive information
1206| [9250] BIND 9 dns_message_findtype() denial of service
1207| [1852] BIND prior to 4.9.7 buffer overflow affects Digital Firewall 97 users
1208| [539] Microsoft Windows 95 and Internet Explorer password disclosure
1209| [86004] ISC BIND RDATA denial of service
1210| [84767] ISC BIND denial of service
1211| [83066] ISC BIND denial of service
1212| [81504] ISC BIND AAAA denial of service
1213| [80510] ISC BIND DNS64 denial of service
1214| [79121] ISC BIND queries denial of service
1215| [78479] ISC BIND RDATA denial of service
1216| [77185] ISC BIND TCP queries denial of service
1217| [77184] ISC BIND bad cache denial of service
1218| [76034] ISC BIND rdata denial of service
1219| [73053] ISC BIND cache update policy security bypass
1220| [71332] ISC BIND recursive queries denial of service
1221| [68375] ISC BIND UPDATE denial of service
1222| [68374] ISC BIND Response Policy Zones denial of service
1223| [67665] ISC BIND RRSIG Rrsets denial of service
1224| [67297] ISC BIND RRSIG denial of service
1225| [65554] ISC BIND IXFR transfer denial of service
1226| [63602] ISC BIND allow-query security bypass
1227| [63596] ISC BIND zone data security bypass
1228| [63595] ISC BIND RRSIG denial of service
1229| [62072] ISC BIND DNSSEC query denial of service
1230| [62071] ISC BIND ACL security bypass
1231| [61871] ISC BIND anchors denial of service
1232| [60421] ISC BIND RRSIG denial of service
1233| [56049] ISC BIND out-of-bailiwick weak security
1234| [55937] ISC Bind unspecified cache poisoning
1235| [55753] ISC BIND DNSSEC NSEC/NSEC3 cache poisoning
1236| [54416] ISC BIND DNSSEC cache poisoning
1237| [52073] ISC BIND dns_db_findrdataset() denial of service
1238| [47409] Multiple Mozilla products XBL loadBindingDocument information disclosure
1239| [45234] ISC BIND UDP denial of service
1240| [39670] ISC BIND inet_network buffer overflow
1241| [37233] libgssapi ISC BIND Novell SUSE Linux Enterprise Server GSS-TSIG request denial of service
1242| [37128] RHSA update for ISC BIND RRset denial of service not installed
1243| [37127] RHSA update for ISC BIND named service denial of service not installed
1244| [36275] ISC BIND DNS query spoofing
1245| [35575] ISC BIND query ID cache poisoning
1246| [35571] ISC BIND ACL security bypass
1247| [31838] ISC BIND RRset denial of service
1248| [31799] ISC BIND named service denial of service
1249| [29876] HP Tru64 ypbind core dump information disclosure
1250| [28745] ISC BIND DNSSEC RRset denial of service
1251| [28744] ISC BIND recursive INSIST denial of service
1252| [22041] BEA WebLogic Server and Express LDAP anonymous bind information disclosure
1253| [18836] BIND hostname disclosure
1254| [10624] ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
1255| [10333] ISC BIND SIG null pointer dereference denial of service
1256| [10332] ISC BIND OPT resource record (RR) denial of service
1257| [10304] ISC BIND SIG cached resource records (RR) heap buffer overflow
1258| [7027] Cisco CBOS Web-based configuration utility binds to port 80 by default
1259| [5814] ISC BIND "
1260| [5540] ISC BIND can be remotely crashed by issuing ZXFR requests
1261| [5462] ISC BIND AXFR host command remote buffer overflow
1262|
1263| Exploit-DB - https://www.exploit-db.com:
1264| [17376] Aastra IP Phone 9480i Web Interface Data disclosure Vulnerability
1265| [9300] ISC BIND 9 Remote Dynamic Update Message Denial of Service PoC
1266|
1267| OpenVAS (Nessus) - http://www.openvas.org:
1268| [103090] ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
1269| [103031] ISC BIND 9 < 9.7.2-P2 Multiple Vulnerabilities
1270| [103030] ISC BIND 9 'RRSIG' Record Type Negative Cache Remote Denial of Service Vulnerability
1271| [100717] ISC BIND 9 'RRSIG' Record Type Remote Denial of Service Vulnerability
1272| [100458] ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability
1273| [100362] ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability
1274| [100251] ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
1275| [63208] Fedora Core 9 FEDORA-2009-0350 (bind)
1276| [11226] Oracle 9iAS default error information disclosure
1277|
1278| SecurityTracker - https://www.securitytracker.com:
1279| [1025811] Cisco ASR 9000 Series Router IPv4 Packet Processing Flaw Lets Remote Users Deny Service
1280| [1012995] BIND 9 Validator Assumption Error May Let Remote Users Deny Service
1281| [1005048] Oracle Enterprise Manager Web Service Component of Oracle 9i Application Server Discloses the Web Cache Administrator Password to Local Users
1282| [1003675] Oracle 9iAS Application Server Discloses CGI-BIN Script Source Code to Remote Users
1283| [1001186] Microsoft Windows Me Operating System and Windows 98 with the Plus! 98 Package Disclose Data Compression Passwords
1284| [1028901] (McAfee Issues Advisory for McAfee Email Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1285| [1028900] (McAfee Issues Advisory for McAfee Email and Web Security Appliance) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1286| [1028899] (McAfee Issues Fix for McAfee Web Gateway) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1287| [1028866] (McAfee Issues Fix for McAfee Firewall Enterprise) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1288| [1028854] (NetBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1289| [1028849] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1290| [1028848] (Red Hat Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1291| [1028839] (FreeBSD Issues Fix) ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1292| [1028838] ISC BIND RDATA Processing Bug Lets Remote Users Deny Service
1293| [1028632] ISC BIND RUNTIME_CHECK Error Lets Remote Users Deny Service Against Recursive Resolvers
1294| [1028046] ISC BIND DNS64 and Response Policy Zones (RPZ) Bug Lets Remote Users Deny Service
1295| [1027835] ISC BIND DNS64 Bug Lets Remote Users Deny Service
1296| [1027642] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
1297| [1027529] ISC BIND RDATA Processing Flaw Lets Remote Users Deny Service
1298| [1026647] ISC BIND Cache Update Policy Can Be Bypassed to Allow Revoked Domain Names to Remain Resolvable
1299| [1026335] ISC BIND Invalid Record Caching Flaw Lets Remote Users Deny Service
1300| [1025743] ISC BIND Response Policy Zones DNAME/CNAME Processing Flaw Lets Remote Users Deny Service
1301| [1025742] ISC BIND Packet Processing Flaw Lets Remote Users Deny Service
1302| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
1303| [1003359] BindView NETinventory Discloses Password to Local Users During Auditing
1304| [1001721] BIND Domain Name System Software May Disclose DNS Transactional Signature (TSIG) Keys to Local Users
1305|
1306| OSVDB - http://www.osvdb.org:
1307| [72941] Aastra 9480i IP Phone Multiple Configuration File Direct Request Information Disclosure
1308|_
130980/tcp open http Apache httpd
1310| vulscan: VulDB - https://vuldb.com:
1311| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
1312| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
1313| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
1314| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
1315| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
1316| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
1317| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
1318| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
1319| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
1320| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
1321| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
1322| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
1323| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
1324| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
1325| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
1326| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
1327| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
1328| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
1329| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
1330| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
1331| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
1332| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
1333| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
1334| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
1335| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
1336| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
1337| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
1338| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
1339| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
1340| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
1341| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
1342| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
1343| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1344| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
1345| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
1346| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1347| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
1348| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
1349| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
1350| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
1351| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1352| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
1353| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
1354| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
1355| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
1356| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1357| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
1358| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
1359| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
1360| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1361| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
1362| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
1363| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
1364| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
1365| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
1366| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
1367| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
1368| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
1369| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
1370| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
1371| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
1372| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1373| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
1374| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
1375| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
1376| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1377| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
1378| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
1379| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
1380| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
1381| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
1382| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
1383| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
1384| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
1385| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
1386| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
1387| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
1388| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
1389| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
1390| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
1391| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
1392| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
1393| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
1394| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
1395| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
1396| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
1397| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
1398| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
1399| [136370] Apache Fineract up to 1.2.x sql injection
1400| [136369] Apache Fineract up to 1.2.x sql injection
1401| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
1402| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
1403| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
1404| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
1405| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
1406| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
1407| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
1408| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
1409| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
1410| [134416] Apache Sanselan 0.97-incubator Loop denial of service
1411| [134415] Apache Sanselan 0.97-incubator Hang denial of service
1412| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
1413| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
1414| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1415| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
1416| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
1417| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
1418| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
1419| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
1420| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
1421| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
1422| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
1423| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
1424| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
1425| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
1426| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
1427| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
1428| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
1429| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
1430| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
1431| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
1432| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
1433| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
1434| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
1435| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
1436| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
1437| [131859] Apache Hadoop up to 2.9.1 privilege escalation
1438| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
1439| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
1440| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
1441| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
1442| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
1443| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
1444| [130629] Apache Guacamole Cookie Flag weak encryption
1445| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
1446| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
1447| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
1448| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
1449| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
1450| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
1451| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
1452| [130123] Apache Airflow up to 1.8.2 information disclosure
1453| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
1454| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
1455| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
1456| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
1457| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1458| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1459| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
1460| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
1461| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
1462| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
1463| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
1464| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
1465| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1466| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
1467| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
1468| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
1469| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
1470| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
1471| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1472| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
1473| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
1474| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
1475| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
1476| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
1477| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
1478| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
1479| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
1480| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
1481| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
1482| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
1483| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
1484| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
1485| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
1486| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
1487| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
1488| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
1489| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
1490| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
1491| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
1492| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
1493| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
1494| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
1495| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
1496| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
1497| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
1498| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
1499| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
1500| [127007] Apache Spark Request Code Execution
1501| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
1502| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
1503| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
1504| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
1505| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
1506| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
1507| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
1508| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
1509| [126346] Apache Tomcat Path privilege escalation
1510| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
1511| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
1512| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
1513| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
1514| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
1515| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
1516| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
1517| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
1518| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
1519| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
1520| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
1521| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
1522| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
1523| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
1524| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
1525| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
1526| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
1527| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
1528| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
1529| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
1530| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
1531| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
1532| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
1533| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
1534| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
1535| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
1536| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
1537| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
1538| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
1539| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
1540| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
1541| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
1542| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
1543| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
1544| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
1545| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
1546| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
1547| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
1548| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
1549| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
1550| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
1551| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
1552| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
1553| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
1554| [123197] Apache Sentry up to 2.0.0 privilege escalation
1555| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
1556| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
1557| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
1558| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
1559| [122800] Apache Spark 1.3.0 REST API weak authentication
1560| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
1561| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
1562| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
1563| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
1564| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
1565| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
1566| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
1567| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
1568| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
1569| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
1570| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
1571| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
1572| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
1573| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
1574| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
1575| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
1576| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
1577| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
1578| [121354] Apache CouchDB HTTP API Code Execution
1579| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
1580| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
1581| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
1582| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
1583| [120168] Apache CXF weak authentication
1584| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
1585| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
1586| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
1587| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
1588| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
1589| [119306] Apache MXNet Network Interface privilege escalation
1590| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
1591| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
1592| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
1593| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
1594| [118143] Apache NiFi activemq-client Library Deserialization denial of service
1595| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
1596| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
1597| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
1598| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
1599| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
1600| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
1601| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
1602| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
1603| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
1604| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
1605| [117115] Apache Tika up to 1.17 tika-server command injection
1606| [116929] Apache Fineract getReportType Parameter privilege escalation
1607| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
1608| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
1609| [116926] Apache Fineract REST Parameter privilege escalation
1610| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
1611| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
1612| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
1613| [115883] Apache Hive up to 2.3.2 privilege escalation
1614| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
1615| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
1616| [115518] Apache Ignite 2.3 Deserialization privilege escalation
1617| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
1618| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
1619| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
1620| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
1621| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
1622| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
1623| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
1624| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
1625| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
1626| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
1627| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
1628| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
1629| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
1630| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
1631| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
1632| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
1633| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
1634| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
1635| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
1636| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
1637| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
1638| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
1639| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
1640| [113895] Apache Geode up to 1.3.x Code Execution
1641| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
1642| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
1643| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
1644| [113747] Apache Tomcat Servlets privilege escalation
1645| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
1646| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
1647| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
1648| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
1649| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
1650| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1651| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
1652| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
1653| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
1654| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
1655| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
1656| [112885] Apache Allura up to 1.8.0 File information disclosure
1657| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
1658| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
1659| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
1660| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
1661| [112625] Apache POI up to 3.16 Loop denial of service
1662| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
1663| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
1664| [112339] Apache NiFi 1.5.0 Header privilege escalation
1665| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
1666| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
1667| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
1668| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
1669| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
1670| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
1671| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
1672| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
1673| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
1674| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
1675| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
1676| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
1677| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
1678| [112114] Oracle 9.1 Apache Log4j privilege escalation
1679| [112113] Oracle 9.1 Apache Log4j privilege escalation
1680| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
1681| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
1682| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
1683| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
1684| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
1685| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
1686| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
1687| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
1688| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
1689| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
1690| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
1691| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
1692| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
1693| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
1694| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
1695| [110701] Apache Fineract Query Parameter sql injection
1696| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
1697| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
1698| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
1699| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
1700| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
1701| [110106] Apache CXF Fediz Spring cross site request forgery
1702| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
1703| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
1704| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
1705| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
1706| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
1707| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
1708| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
1709| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
1710| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
1711| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
1712| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
1713| [108938] Apple macOS up to 10.13.1 apache denial of service
1714| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
1715| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
1716| [108935] Apple macOS up to 10.13.1 apache denial of service
1717| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
1718| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
1719| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
1720| [108931] Apple macOS up to 10.13.1 apache denial of service
1721| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
1722| [108929] Apple macOS up to 10.13.1 apache denial of service
1723| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
1724| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
1725| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
1726| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
1727| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
1728| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
1729| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
1730| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
1731| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
1732| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
1733| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
1734| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
1735| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
1736| [108782] Apache Xerces2 XML Service denial of service
1737| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
1738| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
1739| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
1740| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
1741| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
1742| [108629] Apache OFBiz up to 10.04.01 privilege escalation
1743| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
1744| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
1745| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
1746| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
1747| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
1748| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
1749| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
1750| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
1751| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
1752| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
1753| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
1754| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
1755| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
1756| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
1757| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
1758| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
1759| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
1760| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
1761| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
1762| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
1763| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
1764| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
1765| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
1766| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
1767| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
1768| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
1769| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
1770| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
1771| [107639] Apache NiFi 1.4.0 XML External Entity
1772| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
1773| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
1774| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
1775| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
1776| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
1777| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
1778| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
1779| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
1780| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
1781| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
1782| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
1783| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1784| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
1785| [107197] Apache Xerces Jelly Parser XML File XML External Entity
1786| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
1787| [107084] Apache Struts up to 2.3.19 cross site scripting
1788| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
1789| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
1790| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
1791| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
1792| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
1793| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
1794| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
1795| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
1796| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
1797| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
1798| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
1799| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
1800| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1801| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
1802| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
1803| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
1804| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
1805| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
1806| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
1807| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
1808| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
1809| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
1810| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
1811| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
1812| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
1813| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
1814| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
1815| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
1816| [105878] Apache Struts up to 2.3.24.0 privilege escalation
1817| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
1818| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
1819| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
1820| [105643] Apache Pony Mail up to 0.8b weak authentication
1821| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
1822| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
1823| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
1824| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
1825| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
1826| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
1827| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
1828| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
1829| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
1830| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
1831| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
1832| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
1833| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
1834| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
1835| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
1836| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
1837| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
1838| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
1839| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
1840| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
1841| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
1842| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
1843| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
1844| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
1845| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
1846| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
1847| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
1848| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
1849| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
1850| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
1851| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
1852| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
1853| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
1854| [103690] Apache OpenMeetings 1.0.0 sql injection
1855| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
1856| [103688] Apache OpenMeetings 1.0.0 weak encryption
1857| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
1858| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
1859| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
1860| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
1861| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
1862| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
1863| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
1864| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
1865| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
1866| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
1867| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
1868| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
1869| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
1870| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
1871| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
1872| [103352] Apache Solr Node weak authentication
1873| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
1874| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
1875| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
1876| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
1877| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
1878| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
1879| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
1880| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
1881| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
1882| [102536] Apache Ranger up to 0.6 Stored cross site scripting
1883| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
1884| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
1885| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
1886| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
1887| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
1888| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
1889| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
1890| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
1891| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
1892| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
1893| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
1894| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
1895| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
1896| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
1897| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
1898| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
1899| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
1900| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
1901| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
1902| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
1903| [99937] Apache Batik up to 1.8 privilege escalation
1904| [99936] Apache FOP up to 2.1 privilege escalation
1905| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
1906| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
1907| [99930] Apache Traffic Server up to 6.2.0 denial of service
1908| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
1909| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
1910| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
1911| [117569] Apache Hadoop up to 2.7.3 privilege escalation
1912| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
1913| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
1914| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
1915| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
1916| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
1917| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
1918| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
1919| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
1920| [99014] Apache Camel Jackson/JacksonXML privilege escalation
1921| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1922| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
1923| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
1924| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
1925| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
1926| [98605] Apple macOS up to 10.12.3 Apache denial of service
1927| [98604] Apple macOS up to 10.12.3 Apache denial of service
1928| [98603] Apple macOS up to 10.12.3 Apache denial of service
1929| [98602] Apple macOS up to 10.12.3 Apache denial of service
1930| [98601] Apple macOS up to 10.12.3 Apache denial of service
1931| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
1932| [98405] Apache Hadoop up to 0.23.10 privilege escalation
1933| [98199] Apache Camel Validation XML External Entity
1934| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
1935| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
1936| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
1937| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
1938| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
1939| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
1940| [97081] Apache Tomcat HTTPS Request denial of service
1941| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
1942| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
1943| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
1944| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
1945| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
1946| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
1947| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
1948| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
1949| [95311] Apache Storm UI Daemon privilege escalation
1950| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
1951| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
1952| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
1953| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
1954| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
1955| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
1956| [94540] Apache Tika 1.9 tika-server File information disclosure
1957| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
1958| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
1959| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
1960| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
1961| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
1962| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
1963| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
1964| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
1965| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
1966| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
1967| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
1968| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
1969| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
1970| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
1971| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
1972| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
1973| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
1974| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
1975| [93532] Apache Commons Collections Library Java privilege escalation
1976| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
1977| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
1978| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
1979| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
1980| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
1981| [93098] Apache Commons FileUpload privilege escalation
1982| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
1983| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
1984| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
1985| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
1986| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
1987| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
1988| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
1989| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
1990| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
1991| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
1992| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
1993| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
1994| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
1995| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
1996| [92549] Apache Tomcat on Red Hat privilege escalation
1997| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
1998| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
1999| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2000| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2001| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2002| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2003| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2004| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2005| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2006| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2007| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2008| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2009| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2010| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2011| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2012| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2013| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2014| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2015| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2016| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2017| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2018| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2019| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2020| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2021| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2022| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2023| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2024| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2025| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2026| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2027| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2028| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2029| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2030| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2031| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2032| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2033| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2034| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2035| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2036| [90263] Apache Archiva Header denial of service
2037| [90262] Apache Archiva Deserialize privilege escalation
2038| [90261] Apache Archiva XML DTD Connection privilege escalation
2039| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2040| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2041| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2042| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2043| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2044| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2045| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2046| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2047| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2048| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2049| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2050| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2051| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2052| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2053| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2054| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2055| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2056| [87765] Apache James Server 2.3.2 Command privilege escalation
2057| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2058| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2059| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2060| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2061| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2062| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2063| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2064| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2065| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2066| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2067| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2068| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2069| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2070| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2071| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2072| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2073| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2074| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
2075| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2076| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2077| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2078| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2079| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2080| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2081| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2082| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2083| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2084| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2085| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2086| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2087| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2088| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2089| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2090| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2091| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2092| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2093| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2094| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2095| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2096| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2097| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2098| [82076] Apache Ranger up to 0.5.1 privilege escalation
2099| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2100| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2101| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2102| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2103| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2104| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2105| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2106| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2107| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2108| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2109| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2110| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2111| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2112| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2113| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2114| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2115| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2116| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2117| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2118| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2119| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2120| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2121| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2122| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2123| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2124| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2125| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2126| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2127| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2128| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2129| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2130| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2131| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2132| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2133| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2134| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2135| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2136| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2137| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2138| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2139| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2140| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2141| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2142| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2143| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2144| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2145| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2146| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2147| [78989] Apache Ambari up to 2.1.1 Open Redirect
2148| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2149| [78987] Apache Ambari up to 2.0.x cross site scripting
2150| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2151| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2152| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2153| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2154| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2155| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2156| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2157| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2158| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2159| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2160| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2161| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2162| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2163| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2164| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2165| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2166| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2167| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2168| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2169| [76567] Apache Struts 2.3.20 unknown vulnerability
2170| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2171| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2172| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2173| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2174| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2175| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2176| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2177| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2178| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2179| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2180| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2181| [74793] Apache Tomcat File Upload denial of service
2182| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2183| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2184| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2185| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2186| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2187| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2188| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2189| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2190| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2191| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2192| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2193| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2194| [74468] Apache Batik up to 1.6 denial of service
2195| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2196| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2197| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2198| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2199| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2200| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2201| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2202| [73731] Apache XML Security unknown vulnerability
2203| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2204| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2205| [73593] Apache Traffic Server up to 5.1.0 denial of service
2206| [73511] Apache POI up to 3.10 Deadlock denial of service
2207| [73510] Apache Solr up to 4.3.0 cross site scripting
2208| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2209| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2210| [73173] Apache CloudStack Stack-Based unknown vulnerability
2211| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2212| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2213| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2214| [72890] Apache Qpid 0.30 unknown vulnerability
2215| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2216| [72878] Apache Cordova 3.5.0 cross site request forgery
2217| [72877] Apache Cordova 3.5.0 cross site request forgery
2218| [72876] Apache Cordova 3.5.0 cross site request forgery
2219| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2220| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2221| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2222| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2223| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2224| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2225| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2226| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2227| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2228| [71629] Apache Axis2/C spoofing
2229| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2230| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2231| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2232| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2233| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2234| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2235| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2236| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2237| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2238| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2239| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2240| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2241| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2242| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2243| [70809] Apache POI up to 3.11 Crash denial of service
2244| [70808] Apache POI up to 3.10 unknown vulnerability
2245| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2246| [70749] Apache Axis up to 1.4 getCN spoofing
2247| [70701] Apache Traffic Server up to 3.3.5 denial of service
2248| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2249| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2250| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2251| [70661] Apache Subversion up to 1.6.17 denial of service
2252| [70660] Apache Subversion up to 1.6.17 spoofing
2253| [70659] Apache Subversion up to 1.6.17 spoofing
2254| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2255| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2256| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2257| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2258| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2259| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2260| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2261| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2262| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2263| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2264| [69846] Apache HBase up to 0.94.8 information disclosure
2265| [69783] Apache CouchDB up to 1.2.0 memory corruption
2266| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2267| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
2268| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2269| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2270| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
2271| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
2272| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
2273| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
2274| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
2275| [69431] Apache Archiva up to 1.3.6 cross site scripting
2276| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
2277| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
2278| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
2279| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
2280| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
2281| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
2282| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
2283| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
2284| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
2285| [66739] Apache Camel up to 2.12.2 unknown vulnerability
2286| [66738] Apache Camel up to 2.12.2 unknown vulnerability
2287| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
2288| [66695] Apache CouchDB up to 1.2.0 cross site scripting
2289| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
2290| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
2291| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
2292| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
2293| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
2294| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
2295| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
2296| [66356] Apache Wicket up to 6.8.0 information disclosure
2297| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
2298| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
2299| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2300| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
2301| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
2302| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2303| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
2304| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
2305| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
2306| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
2307| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
2308| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
2309| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
2310| [65668] Apache Solr 4.0.0 Updater denial of service
2311| [65665] Apache Solr up to 4.3.0 denial of service
2312| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
2313| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
2314| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
2315| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
2316| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
2317| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
2318| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
2319| [65410] Apache Struts 2.3.15.3 cross site scripting
2320| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
2321| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
2322| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
2323| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
2324| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
2325| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
2326| [65340] Apache Shindig 2.5.0 information disclosure
2327| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
2328| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
2329| [10826] Apache Struts 2 File privilege escalation
2330| [65204] Apache Camel up to 2.10.1 unknown vulnerability
2331| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
2332| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
2333| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
2334| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
2335| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
2336| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
2337| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
2338| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
2339| [64722] Apache XML Security for C++ Heap-based memory corruption
2340| [64719] Apache XML Security for C++ Heap-based memory corruption
2341| [64718] Apache XML Security for C++ verify denial of service
2342| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
2343| [64716] Apache XML Security for C++ spoofing
2344| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
2345| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
2346| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
2347| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
2348| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
2349| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
2350| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
2351| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
2352| [64485] Apache Struts up to 2.2.3.0 privilege escalation
2353| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
2354| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
2355| [64467] Apache Geronimo 3.0 memory corruption
2356| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
2357| [64457] Apache Struts up to 2.2.3.0 cross site scripting
2358| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
2359| [9184] Apache Qpid up to 0.20 SSL misconfiguration
2360| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
2361| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
2362| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
2363| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
2364| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
2365| [8873] Apache Struts 2.3.14 privilege escalation
2366| [8872] Apache Struts 2.3.14 privilege escalation
2367| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
2368| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
2369| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
2370| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
2371| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
2372| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2373| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
2374| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
2375| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
2376| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
2377| [64006] Apache ActiveMQ up to 5.7.0 denial of service
2378| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
2379| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
2380| [8427] Apache Tomcat Session Transaction weak authentication
2381| [63960] Apache Maven 3.0.4 Default Configuration spoofing
2382| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
2383| [63750] Apache qpid up to 0.20 checkAvailable denial of service
2384| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
2385| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
2386| [63747] Apache Rave up to 0.20 User Account information disclosure
2387| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
2388| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
2389| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
2390| [7687] Apache CXF up to 2.7.2 Token weak authentication
2391| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2392| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
2393| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
2394| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
2395| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
2396| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
2397| [63090] Apache Tomcat up to 4.1.24 denial of service
2398| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
2399| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
2400| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
2401| [62833] Apache CXF -/2.6.0 spoofing
2402| [62832] Apache Axis2 up to 1.6.2 spoofing
2403| [62831] Apache Axis up to 1.4 Java Message Service spoofing
2404| [62830] Apache Commons-httpclient 3.0 Payments spoofing
2405| [62826] Apache Libcloud up to 0.11.0 spoofing
2406| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
2407| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
2408| [62661] Apache Axis2 unknown vulnerability
2409| [62658] Apache Axis2 unknown vulnerability
2410| [62467] Apache Qpid up to 0.17 denial of service
2411| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
2412| [6301] Apache HTTP Server mod_pagespeed cross site scripting
2413| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
2414| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
2415| [62035] Apache Struts up to 2.3.4 denial of service
2416| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
2417| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
2418| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
2419| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
2420| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
2421| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
2422| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
2423| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
2424| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
2425| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
2426| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
2427| [61229] Apache Sling up to 2.1.1 denial of service
2428| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
2429| [61094] Apache Roller up to 5.0 cross site scripting
2430| [61093] Apache Roller up to 5.0 cross site request forgery
2431| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
2432| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
2433| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
2434| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
2435| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
2436| [60708] Apache Qpid 0.12 unknown vulnerability
2437| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
2438| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
2439| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
2440| [4882] Apache Wicket up to 1.5.4 directory traversal
2441| [4881] Apache Wicket up to 1.4.19 cross site scripting
2442| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
2443| [60352] Apache Struts up to 2.2.3 memory corruption
2444| [60153] Apache Portable Runtime up to 1.4.3 denial of service
2445| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
2446| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
2447| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
2448| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
2449| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
2450| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
2451| [4571] Apache Struts up to 2.3.1.2 privilege escalation
2452| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
2453| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
2454| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
2455| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
2456| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
2457| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
2458| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
2459| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
2460| [59888] Apache Tomcat up to 6.0.6 denial of service
2461| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
2462| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
2463| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
2464| [59850] Apache Geronimo up to 2.2.1 denial of service
2465| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
2466| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
2467| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
2468| [58413] Apache Tomcat up to 6.0.10 spoofing
2469| [58381] Apache Wicket up to 1.4.17 cross site scripting
2470| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
2471| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
2472| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
2473| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
2474| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2475| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
2476| [57568] Apache Archiva up to 1.3.4 cross site scripting
2477| [57567] Apache Archiva up to 1.3.4 cross site request forgery
2478| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
2479| [4355] Apache HTTP Server APR apr_fnmatch denial of service
2480| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
2481| [57425] Apache Struts up to 2.2.1.1 cross site scripting
2482| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
2483| [57025] Apache Tomcat up to 7.0.11 information disclosure
2484| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
2485| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
2486| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
2487| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
2488| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
2489| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
2490| [56512] Apache Continuum up to 1.4.0 cross site scripting
2491| [4285] Apache Tomcat 5.x JVM getLocale denial of service
2492| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
2493| [4283] Apache Tomcat 5.x ServletContect privilege escalation
2494| [56441] Apache Tomcat up to 7.0.6 denial of service
2495| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
2496| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
2497| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
2498| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
2499| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
2500| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
2501| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
2502| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
2503| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
2504| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
2505| [54693] Apache Traffic Server DNS Cache unknown vulnerability
2506| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
2507| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
2508| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
2509| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
2510| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
2511| [54012] Apache Tomcat up to 6.0.10 denial of service
2512| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
2513| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
2514| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
2515| [52894] Apache Tomcat up to 6.0.7 information disclosure
2516| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
2517| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
2518| [52786] Apache Open For Business Project up to 09.04 cross site scripting
2519| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
2520| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
2521| [52584] Apache CouchDB up to 0.10.1 information disclosure
2522| [51757] Apache HTTP Server 2.0.44 cross site scripting
2523| [51756] Apache HTTP Server 2.0.44 spoofing
2524| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
2525| [51690] Apache Tomcat up to 6.0 directory traversal
2526| [51689] Apache Tomcat up to 6.0 information disclosure
2527| [51688] Apache Tomcat up to 6.0 directory traversal
2528| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
2529| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
2530| [50626] Apache Solr 1.0.0 cross site scripting
2531| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
2532| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
2533| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
2534| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
2535| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
2536| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
2537| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
2538| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
2539| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
2540| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
2541| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
2542| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
2543| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
2544| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
2545| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
2546| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
2547| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
2548| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
2549| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
2550| [47214] Apachefriends xampp 1.6.8 spoofing
2551| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
2552| [47162] Apachefriends XAMPP 1.4.4 weak authentication
2553| [47065] Apache Tomcat 4.1.23 cross site scripting
2554| [46834] Apache Tomcat up to 5.5.20 cross site scripting
2555| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
2556| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
2557| [86625] Apache Struts directory traversal
2558| [44461] Apache Tomcat up to 5.5.0 information disclosure
2559| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
2560| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
2561| [43663] Apache Tomcat up to 6.0.16 directory traversal
2562| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
2563| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
2564| [43516] Apache Tomcat up to 4.1.20 directory traversal
2565| [43509] Apache Tomcat up to 6.0.13 cross site scripting
2566| [42637] Apache Tomcat up to 6.0.16 cross site scripting
2567| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
2568| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
2569| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
2570| [40924] Apache Tomcat up to 6.0.15 information disclosure
2571| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
2572| [40922] Apache Tomcat up to 6.0 information disclosure
2573| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
2574| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
2575| [40656] Apache Tomcat 5.5.20 information disclosure
2576| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
2577| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
2578| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
2579| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
2580| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
2581| [40234] Apache Tomcat up to 6.0.15 directory traversal
2582| [40221] Apache HTTP Server 2.2.6 information disclosure
2583| [40027] David Castro Apache Authcas 0.4 sql injection
2584| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
2585| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
2586| [3414] Apache Tomcat WebDAV Stored privilege escalation
2587| [39489] Apache Jakarta Slide up to 2.1 directory traversal
2588| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
2589| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
2590| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
2591| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
2592| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
2593| [38524] Apache Geronimo 2.0 unknown vulnerability
2594| [3256] Apache Tomcat up to 6.0.13 cross site scripting
2595| [38331] Apache Tomcat 4.1.24 information disclosure
2596| [38330] Apache Tomcat 4.1.24 information disclosure
2597| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
2598| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
2599| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
2600| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
2601| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
2602| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
2603| [37292] Apache Tomcat up to 5.5.1 cross site scripting
2604| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
2605| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
2606| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
2607| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
2608| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
2609| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
2610| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
2611| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
2612| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
2613| [36225] XAMPP Apache Distribution 1.6.0a sql injection
2614| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
2615| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
2616| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
2617| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
2618| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
2619| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
2620| [34252] Apache HTTP Server denial of service
2621| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
2622| [33877] Apache Opentaps 0.9.3 cross site scripting
2623| [33876] Apache Open For Business Project unknown vulnerability
2624| [33875] Apache Open For Business Project cross site scripting
2625| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
2626| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
2627|
2628| MITRE CVE - https://cve.mitre.org:
2629| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
2630| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
2631| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
2632| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
2633| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
2634| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
2635| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
2636| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
2637| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
2638| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
2639| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
2640| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
2641| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
2642| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
2643| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
2644| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
2645| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
2646| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
2647| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
2648| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
2649| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
2650| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
2651| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
2652| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
2653| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
2654| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
2655| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
2656| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
2657| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
2658| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
2659| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2660| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
2661| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
2662| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
2663| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
2664| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
2665| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
2666| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
2667| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
2668| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
2669| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
2670| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2671| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2672| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2673| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
2674| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
2675| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
2676| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
2677| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
2678| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
2679| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
2680| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
2681| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
2682| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
2683| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
2684| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
2685| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
2686| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
2687| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
2688| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
2689| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
2690| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
2691| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
2692| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
2693| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2694| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
2695| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
2696| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
2697| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
2698| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
2699| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
2700| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
2701| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
2702| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
2703| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
2704| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
2705| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
2706| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
2707| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
2708| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
2709| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
2710| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
2711| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
2712| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
2713| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
2714| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
2715| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
2716| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
2717| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
2718| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
2719| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
2720| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
2721| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
2722| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
2723| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
2724| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
2725| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
2726| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
2727| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
2728| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
2729| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
2730| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
2731| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
2732| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
2733| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
2734| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
2735| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
2736| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
2737| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
2738| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
2739| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
2740| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
2741| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
2742| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
2743| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
2744| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
2745| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
2746| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
2747| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
2748| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
2749| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
2750| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
2751| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
2752| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
2753| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2754| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
2755| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
2756| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
2757| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
2758| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
2759| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
2760| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
2761| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
2762| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
2763| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
2764| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
2765| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
2766| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
2767| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
2768| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
2769| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
2770| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
2771| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
2772| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
2773| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
2774| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
2775| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
2776| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
2777| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
2778| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
2779| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
2780| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
2781| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
2782| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
2783| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
2784| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
2785| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
2786| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
2787| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
2788| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
2789| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
2790| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
2791| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
2792| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2793| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
2794| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
2795| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
2796| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
2797| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
2798| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
2799| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
2800| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
2801| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
2802| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
2803| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
2804| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
2805| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
2806| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
2807| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
2808| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2809| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
2810| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
2811| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
2812| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
2813| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
2814| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
2815| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
2816| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
2817| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
2818| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
2819| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
2820| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
2821| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
2822| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
2823| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
2824| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
2825| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
2826| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
2827| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
2828| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
2829| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
2830| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
2831| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
2832| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
2833| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
2834| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
2835| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
2836| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
2837| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
2838| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
2839| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
2840| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
2841| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
2842| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
2843| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
2844| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
2845| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
2846| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
2847| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
2848| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
2849| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2850| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
2851| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
2852| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
2853| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
2854| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
2855| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
2856| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
2857| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
2858| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
2859| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
2860| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
2861| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
2862| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
2863| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
2864| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
2865| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
2866| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
2867| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
2868| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
2869| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
2870| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
2871| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
2872| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
2873| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
2874| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
2875| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
2876| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
2877| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
2878| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
2879| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
2880| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
2881| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
2882| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
2883| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
2884| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
2885| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
2886| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
2887| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
2888| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
2889| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
2890| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
2891| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
2892| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
2893| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
2894| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
2895| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
2896| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
2897| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
2898| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
2899| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
2900| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
2901| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
2902| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
2903| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
2904| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
2905| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
2906| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
2907| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
2908| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
2909| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
2910| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
2911| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
2912| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
2913| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
2914| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
2915| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
2916| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
2917| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
2918| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
2919| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
2920| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
2921| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
2922| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2923| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
2924| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
2925| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
2926| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
2927| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
2928| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
2929| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
2930| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
2931| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
2932| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
2933| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
2934| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2935| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
2936| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
2937| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
2938| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
2939| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
2940| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
2941| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
2942| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
2943| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
2944| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
2945| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
2946| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
2947| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
2948| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2949| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
2950| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
2951| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
2952| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
2953| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
2954| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
2955| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
2956| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
2957| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
2958| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
2959| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
2960| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
2961| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
2962| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
2963| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
2964| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
2965| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
2966| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
2967| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
2968| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
2969| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
2970| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
2971| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
2972| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
2973| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
2974| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
2975| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
2976| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
2977| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
2978| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
2979| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
2980| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
2981| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2982| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
2983| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
2984| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
2985| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
2986| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
2987| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
2988| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
2989| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
2990| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
2991| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
2992| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
2993| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
2994| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
2995| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
2996| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
2997| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
2998| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
2999| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3000| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3001| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3002| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3003| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3004| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3005| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3006| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3007| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3008| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3009| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3010| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3011| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3012| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3013| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3014| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3015| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3016| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3017| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3018| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3019| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3020| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3021| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3022| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3023| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3024| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3025| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3026| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3027| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3028| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3029| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3030| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3031| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3032| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3033| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3034| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3035| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3036| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3037| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3038| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3039| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3040| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3041| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3042| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3043| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3044| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3045| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3046| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3047| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3048| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3049| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3050| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3051| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3052| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3053| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3054| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3055| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3056| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3057| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3058| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3059| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3060| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3061| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3062| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3063| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3064| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3065| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3066| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3067| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3068| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3069| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3070| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3071| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3072| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3073| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3074| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3075| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3076| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3077| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3078| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3079| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3080| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3081| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3082| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3083| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3084| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3085| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3086| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3087| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3088| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3089| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3090| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3091| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3092| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3093| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3094| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3095| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3096| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3097| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3098| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3099| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3100| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3101| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3102| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3103| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3104| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3105| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3106| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3107| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3108| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3109| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3110| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3111| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3112| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3113| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3114| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3115| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3116| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3117| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3118| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3119| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3120| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3121| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3122| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3123| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3124| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3125| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3126| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3127| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3128| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3129| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3130| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3131| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3132| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3133| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3134| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3135| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3136| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3137| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3138| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3139| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3140| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3141| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3142| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3143| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3144| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3145| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3146| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3147| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3148| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3149| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3150| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3151| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3152| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3153| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3154| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3155| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3156| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3157| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3158| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3159| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3160| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3161| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3162| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3163| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3164| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3165| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3166| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3167| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3168| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3169| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3170| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3171| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3172| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3173| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3174| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3175| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3176| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3177| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3178| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3179| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3180| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3181| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3182| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3183| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3184| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3185| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3186| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3187| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3188| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3189| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3190| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3191| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3192| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3193| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3194| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3195| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3196| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3197| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3198| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3199| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3200| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3201| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3202| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3203| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3204| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3205| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3206| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3207| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3208| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3209| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3210| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3211| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3212| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3213| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3214| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3215| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3216| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3217| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3218| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3219| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3220| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3221| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3222| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3223| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3224| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3225| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3226| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3227| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3228| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3229| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3230| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3231| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3232| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3233| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3234| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3235| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3236| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3237| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3238|
3239| SecurityFocus - https://www.securityfocus.com/bid/:
3240| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3241| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3242| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3243| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3244| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3245| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3246| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3247| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3248| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3249| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3250| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3251| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3252| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3253| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3254| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3255| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3256| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3257| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3258| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3259| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3260| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3261| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3262| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3263| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
3264| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
3265| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
3266| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
3267| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
3268| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
3269| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
3270| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
3271| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
3272| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
3273| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
3274| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
3275| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
3276| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
3277| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
3278| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
3279| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
3280| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
3281| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
3282| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
3283| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
3284| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
3285| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
3286| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
3287| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
3288| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
3289| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
3290| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
3291| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
3292| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
3293| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
3294| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
3295| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
3296| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
3297| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
3298| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
3299| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
3300| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
3301| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
3302| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
3303| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
3304| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
3305| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
3306| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
3307| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
3308| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
3309| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
3310| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
3311| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
3312| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
3313| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
3314| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
3315| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
3316| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
3317| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
3318| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
3319| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
3320| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
3321| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
3322| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
3323| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
3324| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
3325| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
3326| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
3327| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
3328| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
3329| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
3330| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
3331| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
3332| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
3333| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
3334| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
3335| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
3336| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
3337| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
3338| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
3339| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
3340| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
3341| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
3342| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
3343| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
3344| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
3345| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
3346| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
3347| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
3348| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
3349| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
3350| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
3351| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
3352| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
3353| [100447] Apache2Triad Multiple Security Vulnerabilities
3354| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
3355| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
3356| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
3357| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
3358| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
3359| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
3360| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
3361| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
3362| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
3363| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
3364| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
3365| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
3366| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
3367| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
3368| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
3369| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
3370| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
3371| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
3372| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
3373| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
3374| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
3375| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
3376| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
3377| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
3378| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
3379| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
3380| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
3381| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
3382| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
3383| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
3384| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
3385| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
3386| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
3387| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
3388| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
3389| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
3390| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
3391| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
3392| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
3393| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
3394| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
3395| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
3396| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
3397| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
3398| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
3399| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
3400| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
3401| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
3402| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
3403| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
3404| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
3405| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
3406| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
3407| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
3408| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
3409| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
3410| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
3411| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
3412| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
3413| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
3414| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
3415| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
3416| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
3417| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
3418| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
3419| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
3420| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
3421| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
3422| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
3423| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
3424| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
3425| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
3426| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
3427| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
3428| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
3429| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
3430| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
3431| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
3432| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
3433| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
3434| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
3435| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
3436| [95675] Apache Struts Remote Code Execution Vulnerability
3437| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
3438| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
3439| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
3440| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
3441| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
3442| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
3443| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
3444| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
3445| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
3446| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
3447| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
3448| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
3449| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
3450| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
3451| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
3452| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
3453| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
3454| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
3455| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
3456| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
3457| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
3458| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
3459| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
3460| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
3461| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
3462| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
3463| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
3464| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
3465| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
3466| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
3467| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
3468| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
3469| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
3470| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
3471| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
3472| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
3473| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
3474| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
3475| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
3476| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
3477| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
3478| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
3479| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
3480| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
3481| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
3482| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
3483| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
3484| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
3485| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
3486| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
3487| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
3488| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
3489| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
3490| [91736] Apache XML-RPC Multiple Security Vulnerabilities
3491| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
3492| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
3493| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
3494| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
3495| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
3496| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
3497| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
3498| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
3499| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
3500| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
3501| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
3502| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
3503| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
3504| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
3505| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
3506| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
3507| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
3508| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
3509| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
3510| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
3511| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
3512| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
3513| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
3514| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
3515| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
3516| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
3517| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
3518| [90482] Apache CVE-2004-1387 Local Security Vulnerability
3519| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
3520| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
3521| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
3522| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
3523| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
3524| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
3525| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
3526| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
3527| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
3528| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
3529| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
3530| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
3531| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
3532| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
3533| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
3534| [86399] Apache CVE-2007-1743 Local Security Vulnerability
3535| [86397] Apache CVE-2007-1742 Local Security Vulnerability
3536| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
3537| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
3538| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
3539| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
3540| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
3541| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
3542| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
3543| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
3544| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
3545| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
3546| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
3547| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
3548| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
3549| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
3550| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
3551| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
3552| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
3553| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
3554| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
3555| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
3556| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
3557| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
3558| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
3559| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
3560| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
3561| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
3562| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
3563| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
3564| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
3565| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
3566| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
3567| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
3568| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
3569| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
3570| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
3571| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
3572| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
3573| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
3574| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
3575| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
3576| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
3577| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
3578| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
3579| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
3580| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
3581| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
3582| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
3583| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
3584| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
3585| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
3586| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
3587| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
3588| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
3589| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
3590| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
3591| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
3592| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
3593| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
3594| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
3595| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
3596| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
3597| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
3598| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
3599| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
3600| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
3601| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
3602| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
3603| [76933] Apache James Server Unspecified Command Execution Vulnerability
3604| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
3605| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
3606| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
3607| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
3608| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
3609| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
3610| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
3611| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
3612| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
3613| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
3614| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
3615| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
3616| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
3617| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
3618| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
3619| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
3620| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
3621| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
3622| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
3623| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
3624| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
3625| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
3626| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
3627| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
3628| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
3629| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
3630| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
3631| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
3632| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
3633| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
3634| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
3635| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
3636| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
3637| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
3638| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
3639| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
3640| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
3641| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
3642| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
3643| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
3644| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
3645| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
3646| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
3647| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
3648| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
3649| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
3650| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
3651| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
3652| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
3653| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
3654| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
3655| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
3656| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
3657| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
3658| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
3659| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
3660| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
3661| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
3662| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
3663| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
3664| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
3665| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
3666| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
3667| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
3668| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
3669| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
3670| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
3671| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
3672| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
3673| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
3674| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
3675| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
3676| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
3677| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
3678| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
3679| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
3680| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
3681| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
3682| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
3683| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
3684| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
3685| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
3686| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
3687| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
3688| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
3689| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
3690| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
3691| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
3692| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
3693| [68229] Apache Harmony PRNG Entropy Weakness
3694| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
3695| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
3696| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
3697| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
3698| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
3699| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
3700| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
3701| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
3702| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
3703| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
3704| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
3705| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
3706| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
3707| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
3708| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
3709| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
3710| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
3711| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
3712| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
3713| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
3714| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
3715| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
3716| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
3717| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
3718| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
3719| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
3720| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
3721| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
3722| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
3723| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
3724| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
3725| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
3726| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
3727| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
3728| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
3729| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
3730| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
3731| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
3732| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
3733| [64780] Apache CloudStack Unauthorized Access Vulnerability
3734| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
3735| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
3736| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
3737| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
3738| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
3739| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
3740| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
3741| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
3742| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
3743| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
3744| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
3745| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3746| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
3747| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
3748| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
3749| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
3750| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
3751| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
3752| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
3753| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
3754| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
3755| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
3756| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
3757| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
3758| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
3759| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
3760| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
3761| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
3762| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
3763| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
3764| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
3765| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
3766| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
3767| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
3768| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
3769| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
3770| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
3771| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
3772| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
3773| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
3774| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
3775| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
3776| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
3777| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
3778| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
3779| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
3780| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
3781| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
3782| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
3783| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
3784| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
3785| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
3786| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
3787| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
3788| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
3789| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
3790| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
3791| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
3792| [59670] Apache VCL Multiple Input Validation Vulnerabilities
3793| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
3794| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
3795| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
3796| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
3797| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
3798| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
3799| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
3800| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
3801| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
3802| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
3803| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
3804| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
3805| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
3806| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
3807| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
3808| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
3809| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
3810| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
3811| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
3812| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
3813| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
3814| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
3815| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
3816| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
3817| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
3818| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
3819| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
3820| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
3821| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
3822| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
3823| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
3824| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
3825| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
3826| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
3827| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
3828| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
3829| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
3830| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
3831| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
3832| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
3833| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
3834| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
3835| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
3836| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
3837| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
3838| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
3839| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
3840| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
3841| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
3842| [54798] Apache Libcloud Man In The Middle Vulnerability
3843| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
3844| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
3845| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
3846| [54189] Apache Roller Cross Site Request Forgery Vulnerability
3847| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
3848| [53880] Apache CXF Child Policies Security Bypass Vulnerability
3849| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
3850| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
3851| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
3852| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
3853| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
3854| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
3855| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
3856| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
3857| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
3858| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
3859| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
3860| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
3861| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
3862| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
3863| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
3864| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
3865| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
3866| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
3867| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
3868| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
3869| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3870| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
3871| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
3872| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
3873| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
3874| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
3875| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
3876| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
3877| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
3878| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
3879| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
3880| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
3881| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
3882| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
3883| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
3884| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
3885| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
3886| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
3887| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
3888| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
3889| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
3890| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
3891| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
3892| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
3893| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
3894| [49290] Apache Wicket Cross Site Scripting Vulnerability
3895| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
3896| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
3897| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
3898| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
3899| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
3900| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
3901| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
3902| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3903| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
3904| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
3905| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
3906| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
3907| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
3908| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
3909| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
3910| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
3911| [46953] Apache MPM-ITK Module Security Weakness
3912| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
3913| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
3914| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
3915| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
3916| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
3917| [46166] Apache Tomcat JVM Denial of Service Vulnerability
3918| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
3919| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
3920| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
3921| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
3922| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
3923| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
3924| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
3925| [44616] Apache Shiro Directory Traversal Vulnerability
3926| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
3927| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
3928| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
3929| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
3930| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
3931| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
3932| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
3933| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
3934| [42492] Apache CXF XML DTD Processing Security Vulnerability
3935| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
3936| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
3937| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
3938| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
3939| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
3940| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
3941| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
3942| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
3943| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
3944| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
3945| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
3946| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
3947| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
3948| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
3949| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
3950| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
3951| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
3952| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
3953| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
3954| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
3955| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
3956| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
3957| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
3958| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
3959| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
3960| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
3961| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
3962| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
3963| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
3964| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
3965| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
3966| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
3967| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
3968| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
3969| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
3970| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
3971| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
3972| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
3973| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
3974| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
3975| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
3976| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
3977| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
3978| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
3979| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
3980| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
3981| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
3982| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
3983| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
3984| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
3985| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
3986| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
3987| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
3988| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
3989| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
3990| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
3991| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
3992| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
3993| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
3994| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
3995| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
3996| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
3997| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
3998| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
3999| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4000| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4001| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4002| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4003| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4004| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4005| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4006| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4007| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4008| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4009| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4010| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4011| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4012| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4013| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4014| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4015| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4016| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4017| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4018| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4019| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4020| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4021| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4022| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4023| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4024| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4025| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4026| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4027| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4028| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4029| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4030| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4031| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4032| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4033| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4034| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4035| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4036| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4037| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4038| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4039| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4040| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4041| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4042| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4043| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4044| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4045| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4046| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4047| [20527] Apache Mod_TCL Remote Format String Vulnerability
4048| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4049| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4050| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4051| [19106] Apache Tomcat Information Disclosure Vulnerability
4052| [18138] Apache James SMTP Denial Of Service Vulnerability
4053| [17342] Apache Struts Multiple Remote Vulnerabilities
4054| [17095] Apache Log4Net Denial Of Service Vulnerability
4055| [16916] Apache mod_python FileSession Code Execution Vulnerability
4056| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4057| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4058| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4059| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4060| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4061| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4062| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4063| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4064| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4065| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4066| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4067| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4068| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4069| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4070| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4071| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4072| [14106] Apache HTTP Request Smuggling Vulnerability
4073| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4074| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4075| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4076| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4077| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4078| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4079| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4080| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4081| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4082| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4083| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4084| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4085| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4086| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4087| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4088| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4089| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4090| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4091| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4092| [11094] Apache mod_ssl Denial Of Service Vulnerability
4093| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4094| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4095| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4096| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4097| [10478] ClueCentral Apache Suexec Patch Security Weakness
4098| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4099| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4100| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4101| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4102| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4103| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4104| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4105| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4106| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4107| [9733] Apache Cygwin Directory Traversal Vulnerability
4108| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4109| [9590] Apache-SSL Client Certificate Forging Vulnerability
4110| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4111| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4112| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4113| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4114| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4115| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4116| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4117| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4118| [8898] Red Hat Apache Directory Index Default Configuration Error
4119| [8883] Apache Cocoon Directory Traversal Vulnerability
4120| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4121| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4122| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4123| [8707] Apache htpasswd Password Entropy Weakness
4124| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4125| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4126| [8226] Apache HTTP Server Multiple Vulnerabilities
4127| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4128| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4129| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4130| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4131| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4132| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4133| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4134| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4135| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4136| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4137| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4138| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4139| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4140| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4141| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4142| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4143| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4144| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4145| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4146| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4147| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4148| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4149| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4150| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4151| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4152| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4153| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4154| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4155| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4156| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4157| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4158| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4159| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4160| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4161| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4162| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4163| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4164| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4165| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4166| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4167| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4168| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4169| [5485] Apache 2.0 Path Disclosure Vulnerability
4170| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4171| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4172| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4173| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4174| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4175| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4176| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4177| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4178| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4179| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4180| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4181| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4182| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4183| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4184| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4185| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4186| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4187| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4188| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4189| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4190| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4191| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4192| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4193| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4194| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4195| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4196| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4197| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4198| [3596] Apache Split-Logfile File Append Vulnerability
4199| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4200| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4201| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4202| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4203| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4204| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4205| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4206| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4207| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4208| [3169] Apache Server Address Disclosure Vulnerability
4209| [3009] Apache Possible Directory Index Disclosure Vulnerability
4210| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4211| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4212| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4213| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4214| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4215| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4216| [2216] Apache Web Server DoS Vulnerability
4217| [2182] Apache /tmp File Race Vulnerability
4218| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4219| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4220| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4221| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4222| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4223| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4224| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4225| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4226| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4227| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4228| [1457] Apache::ASP source.asp Example Script Vulnerability
4229| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4230| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4231|
4232| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4233| [86258] Apache CloudStack text fields cross-site scripting
4234| [85983] Apache Subversion mod_dav_svn module denial of service
4235| [85875] Apache OFBiz UEL code execution
4236| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4237| [85871] Apache HTTP Server mod_session_dbd unspecified
4238| [85756] Apache Struts OGNL expression command execution
4239| [85755] Apache Struts DefaultActionMapper class open redirect
4240| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4241| [85574] Apache HTTP Server mod_dav denial of service
4242| [85573] Apache Struts Showcase App OGNL code execution
4243| [85496] Apache CXF denial of service
4244| [85423] Apache Geronimo RMI classloader code execution
4245| [85326] Apache Santuario XML Security for C++ buffer overflow
4246| [85323] Apache Santuario XML Security for Java spoofing
4247| [85319] Apache Qpid Python client SSL spoofing
4248| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4249| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4250| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4251| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4252| [84952] Apache Tomcat CVE-2012-3544 denial of service
4253| [84763] Apache Struts CVE-2013-2135 security bypass
4254| [84762] Apache Struts CVE-2013-2134 security bypass
4255| [84719] Apache Subversion CVE-2013-2088 command execution
4256| [84718] Apache Subversion CVE-2013-2112 denial of service
4257| [84717] Apache Subversion CVE-2013-1968 denial of service
4258| [84577] Apache Tomcat security bypass
4259| [84576] Apache Tomcat symlink
4260| [84543] Apache Struts CVE-2013-2115 security bypass
4261| [84542] Apache Struts CVE-2013-1966 security bypass
4262| [84154] Apache Tomcat session hijacking
4263| [84144] Apache Tomcat denial of service
4264| [84143] Apache Tomcat information disclosure
4265| [84111] Apache HTTP Server command execution
4266| [84043] Apache Virtual Computing Lab cross-site scripting
4267| [84042] Apache Virtual Computing Lab cross-site scripting
4268| [83782] Apache CloudStack information disclosure
4269| [83781] Apache CloudStack security bypass
4270| [83720] Apache ActiveMQ cross-site scripting
4271| [83719] Apache ActiveMQ denial of service
4272| [83718] Apache ActiveMQ denial of service
4273| [83263] Apache Subversion denial of service
4274| [83262] Apache Subversion denial of service
4275| [83261] Apache Subversion denial of service
4276| [83259] Apache Subversion denial of service
4277| [83035] Apache mod_ruid2 security bypass
4278| [82852] Apache Qpid federation_tag security bypass
4279| [82851] Apache Qpid qpid::framing::Buffer denial of service
4280| [82758] Apache Rave User RPC API information disclosure
4281| [82663] Apache Subversion svn_fs_file_length() denial of service
4282| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
4283| [82641] Apache Qpid AMQP denial of service
4284| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
4285| [82618] Apache Commons FileUpload symlink
4286| [82360] Apache HTTP Server manager interface cross-site scripting
4287| [82359] Apache HTTP Server hostnames cross-site scripting
4288| [82338] Apache Tomcat log/logdir information disclosure
4289| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
4290| [82268] Apache OpenJPA deserialization command execution
4291| [81981] Apache CXF UsernameTokens security bypass
4292| [81980] Apache CXF WS-Security security bypass
4293| [81398] Apache OFBiz cross-site scripting
4294| [81240] Apache CouchDB directory traversal
4295| [81226] Apache CouchDB JSONP code execution
4296| [81225] Apache CouchDB Futon user interface cross-site scripting
4297| [81211] Apache Axis2/C SSL spoofing
4298| [81167] Apache CloudStack DeployVM information disclosure
4299| [81166] Apache CloudStack AddHost API information disclosure
4300| [81165] Apache CloudStack createSSHKeyPair API information disclosure
4301| [80518] Apache Tomcat cross-site request forgery security bypass
4302| [80517] Apache Tomcat FormAuthenticator security bypass
4303| [80516] Apache Tomcat NIO denial of service
4304| [80408] Apache Tomcat replay-countermeasure security bypass
4305| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
4306| [80317] Apache Tomcat slowloris denial of service
4307| [79984] Apache Commons HttpClient SSL spoofing
4308| [79983] Apache CXF SSL spoofing
4309| [79830] Apache Axis2/Java SSL spoofing
4310| [79829] Apache Axis SSL spoofing
4311| [79809] Apache Tomcat DIGEST security bypass
4312| [79806] Apache Tomcat parseHeaders() denial of service
4313| [79540] Apache OFBiz unspecified
4314| [79487] Apache Axis2 SAML security bypass
4315| [79212] Apache Cloudstack code execution
4316| [78734] Apache CXF SOAP Action security bypass
4317| [78730] Apache Qpid broker denial of service
4318| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
4319| [78563] Apache mod_pagespeed module unspecified cross-site scripting
4320| [78562] Apache mod_pagespeed module security bypass
4321| [78454] Apache Axis2 security bypass
4322| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
4323| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
4324| [78321] Apache Wicket unspecified cross-site scripting
4325| [78183] Apache Struts parameters denial of service
4326| [78182] Apache Struts cross-site request forgery
4327| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
4328| [77987] mod_rpaf module for Apache denial of service
4329| [77958] Apache Struts skill name code execution
4330| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
4331| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
4332| [77568] Apache Qpid broker security bypass
4333| [77421] Apache Libcloud spoofing
4334| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
4335| [77046] Oracle Solaris Apache HTTP Server information disclosure
4336| [76837] Apache Hadoop information disclosure
4337| [76802] Apache Sling CopyFrom denial of service
4338| [76692] Apache Hadoop symlink
4339| [76535] Apache Roller console cross-site request forgery
4340| [76534] Apache Roller weblog cross-site scripting
4341| [76152] Apache CXF elements security bypass
4342| [76151] Apache CXF child policies security bypass
4343| [75983] MapServer for Windows Apache file include
4344| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
4345| [75558] Apache POI denial of service
4346| [75545] PHP apache_request_headers() buffer overflow
4347| [75302] Apache Qpid SASL security bypass
4348| [75211] Debian GNU/Linux apache 2 cross-site scripting
4349| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
4350| [74871] Apache OFBiz FlexibleStringExpander code execution
4351| [74870] Apache OFBiz multiple cross-site scripting
4352| [74750] Apache Hadoop unspecified spoofing
4353| [74319] Apache Struts XSLTResult.java file upload
4354| [74313] Apache Traffic Server header buffer overflow
4355| [74276] Apache Wicket directory traversal
4356| [74273] Apache Wicket unspecified cross-site scripting
4357| [74181] Apache HTTP Server mod_fcgid module denial of service
4358| [73690] Apache Struts OGNL code execution
4359| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
4360| [73100] Apache MyFaces in directory traversal
4361| [73096] Apache APR hash denial of service
4362| [73052] Apache Struts name cross-site scripting
4363| [73030] Apache CXF UsernameToken security bypass
4364| [72888] Apache Struts lastName cross-site scripting
4365| [72758] Apache HTTP Server httpOnly information disclosure
4366| [72757] Apache HTTP Server MPM denial of service
4367| [72585] Apache Struts ParameterInterceptor security bypass
4368| [72438] Apache Tomcat Digest security bypass
4369| [72437] Apache Tomcat Digest security bypass
4370| [72436] Apache Tomcat DIGEST security bypass
4371| [72425] Apache Tomcat parameter denial of service
4372| [72422] Apache Tomcat request object information disclosure
4373| [72377] Apache HTTP Server scoreboard security bypass
4374| [72345] Apache HTTP Server HTTP request denial of service
4375| [72229] Apache Struts ExceptionDelegator command execution
4376| [72089] Apache Struts ParameterInterceptor directory traversal
4377| [72088] Apache Struts CookieInterceptor command execution
4378| [72047] Apache Geronimo hash denial of service
4379| [72016] Apache Tomcat hash denial of service
4380| [71711] Apache Struts OGNL expression code execution
4381| [71654] Apache Struts interfaces security bypass
4382| [71620] Apache ActiveMQ failover denial of service
4383| [71617] Apache HTTP Server mod_proxy module information disclosure
4384| [71508] Apache MyFaces EL security bypass
4385| [71445] Apache HTTP Server mod_proxy security bypass
4386| [71203] Apache Tomcat servlets privilege escalation
4387| [71181] Apache HTTP Server ap_pregsub() denial of service
4388| [71093] Apache HTTP Server ap_pregsub() buffer overflow
4389| [70336] Apache HTTP Server mod_proxy information disclosure
4390| [69804] Apache HTTP Server mod_proxy_ajp denial of service
4391| [69472] Apache Tomcat AJP security bypass
4392| [69396] Apache HTTP Server ByteRange filter denial of service
4393| [69394] Apache Wicket multi window support cross-site scripting
4394| [69176] Apache Tomcat XML information disclosure
4395| [69161] Apache Tomcat jsvc information disclosure
4396| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
4397| [68541] Apache Tomcat sendfile information disclosure
4398| [68420] Apache XML Security denial of service
4399| [68238] Apache Tomcat JMX information disclosure
4400| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
4401| [67804] Apache Subversion control rules information disclosure
4402| [67803] Apache Subversion control rules denial of service
4403| [67802] Apache Subversion baselined denial of service
4404| [67672] Apache Archiva multiple cross-site scripting
4405| [67671] Apache Archiva multiple cross-site request forgery
4406| [67564] Apache APR apr_fnmatch() denial of service
4407| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
4408| [67515] Apache Tomcat annotations security bypass
4409| [67480] Apache Struts s:submit information disclosure
4410| [67414] Apache APR apr_fnmatch() denial of service
4411| [67356] Apache Struts javatemplates cross-site scripting
4412| [67354] Apache Struts Xwork cross-site scripting
4413| [66676] Apache Tomcat HTTP BIO information disclosure
4414| [66675] Apache Tomcat web.xml security bypass
4415| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
4416| [66241] Apache HttpComponents information disclosure
4417| [66154] Apache Tomcat ServletSecurity security bypass
4418| [65971] Apache Tomcat ServletSecurity security bypass
4419| [65876] Apache Subversion mod_dav_svn denial of service
4420| [65343] Apache Continuum unspecified cross-site scripting
4421| [65162] Apache Tomcat NIO connector denial of service
4422| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
4423| [65160] Apache Tomcat HTML Manager interface cross-site scripting
4424| [65159] Apache Tomcat ServletContect security bypass
4425| [65050] Apache CouchDB web-based administration UI cross-site scripting
4426| [64773] Oracle HTTP Server Apache Plugin unauthorized access
4427| [64473] Apache Subversion blame -g denial of service
4428| [64472] Apache Subversion walk() denial of service
4429| [64407] Apache Axis2 CVE-2010-0219 code execution
4430| [63926] Apache Archiva password privilege escalation
4431| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
4432| [63493] Apache Archiva credentials cross-site request forgery
4433| [63477] Apache Tomcat HttpOnly session hijacking
4434| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
4435| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
4436| [62959] Apache Shiro filters security bypass
4437| [62790] Apache Perl cgi module denial of service
4438| [62576] Apache Qpid exchange denial of service
4439| [62575] Apache Qpid AMQP denial of service
4440| [62354] Apache Qpid SSL denial of service
4441| [62235] Apache APR-util apr_brigade_split_line() denial of service
4442| [62181] Apache XML-RPC SAX Parser information disclosure
4443| [61721] Apache Traffic Server cache poisoning
4444| [61202] Apache Derby BUILTIN authentication functionality information disclosure
4445| [61186] Apache CouchDB Futon cross-site request forgery
4446| [61169] Apache CXF DTD denial of service
4447| [61070] Apache Jackrabbit search.jsp SQL injection
4448| [61006] Apache SLMS Quoting cross-site request forgery
4449| [60962] Apache Tomcat time cross-site scripting
4450| [60883] Apache mod_proxy_http information disclosure
4451| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
4452| [60264] Apache Tomcat Transfer-Encoding denial of service
4453| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
4454| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
4455| [59413] Apache mod_proxy_http timeout information disclosure
4456| [59058] Apache MyFaces unencrypted view state cross-site scripting
4457| [58827] Apache Axis2 xsd file include
4458| [58790] Apache Axis2 modules cross-site scripting
4459| [58299] Apache ActiveMQ queueBrowse cross-site scripting
4460| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
4461| [58056] Apache ActiveMQ .jsp source code disclosure
4462| [58055] Apache Tomcat realm name information disclosure
4463| [58046] Apache HTTP Server mod_auth_shadow security bypass
4464| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
4465| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
4466| [57429] Apache CouchDB algorithms information disclosure
4467| [57398] Apache ActiveMQ Web console cross-site request forgery
4468| [57397] Apache ActiveMQ createDestination.action cross-site scripting
4469| [56653] Apache HTTP Server DNS spoofing
4470| [56652] Apache HTTP Server DNS cross-site scripting
4471| [56625] Apache HTTP Server request header information disclosure
4472| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
4473| [56623] Apache HTTP Server mod_proxy_ajp denial of service
4474| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
4475| [55857] Apache Tomcat WAR files directory traversal
4476| [55856] Apache Tomcat autoDeploy attribute security bypass
4477| [55855] Apache Tomcat WAR directory traversal
4478| [55210] Intuit component for Joomla! Apache information disclosure
4479| [54533] Apache Tomcat 404 error page cross-site scripting
4480| [54182] Apache Tomcat admin default password
4481| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
4482| [53666] Apache HTTP Server Solaris pollset support denial of service
4483| [53650] Apache HTTP Server HTTP basic-auth module security bypass
4484| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
4485| [53041] mod_proxy_ftp module for Apache denial of service
4486| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
4487| [51953] Apache Tomcat Path Disclosure
4488| [51952] Apache Tomcat Path Traversal
4489| [51951] Apache stronghold-status Information Disclosure
4490| [51950] Apache stronghold-info Information Disclosure
4491| [51949] Apache PHP Source Code Disclosure
4492| [51948] Apache Multiviews Attack
4493| [51946] Apache JServ Environment Status Information Disclosure
4494| [51945] Apache error_log Information Disclosure
4495| [51944] Apache Default Installation Page Pattern Found
4496| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
4497| [51942] Apache AXIS XML External Entity File Retrieval
4498| [51941] Apache AXIS Sample Servlet Information Leak
4499| [51940] Apache access_log Information Disclosure
4500| [51626] Apache mod_deflate denial of service
4501| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
4502| [51365] Apache Tomcat RequestDispatcher security bypass
4503| [51273] Apache HTTP Server Incomplete Request denial of service
4504| [51195] Apache Tomcat XML information disclosure
4505| [50994] Apache APR-util xml/apr_xml.c denial of service
4506| [50993] Apache APR-util apr_brigade_vprintf denial of service
4507| [50964] Apache APR-util apr_strmatch_precompile() denial of service
4508| [50930] Apache Tomcat j_security_check information disclosure
4509| [50928] Apache Tomcat AJP denial of service
4510| [50884] Apache HTTP Server XML ENTITY denial of service
4511| [50808] Apache HTTP Server AllowOverride privilege escalation
4512| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
4513| [50059] Apache mod_proxy_ajp information disclosure
4514| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
4515| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
4516| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
4517| [49921] Apache ActiveMQ Web interface cross-site scripting
4518| [49898] Apache Geronimo Services/Repository directory traversal
4519| [49725] Apache Tomcat mod_jk module information disclosure
4520| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
4521| [49712] Apache Struts unspecified cross-site scripting
4522| [49213] Apache Tomcat cal2.jsp cross-site scripting
4523| [48934] Apache Tomcat POST doRead method information disclosure
4524| [48211] Apache Tomcat header HTTP request smuggling
4525| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
4526| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
4527| [47709] Apache Roller "
4528| [47104] Novell Netware ApacheAdmin console security bypass
4529| [47086] Apache HTTP Server OS fingerprinting unspecified
4530| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
4531| [45791] Apache Tomcat RemoteFilterValve security bypass
4532| [44435] Oracle WebLogic Apache Connector buffer overflow
4533| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
4534| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
4535| [44156] Apache Tomcat RequestDispatcher directory traversal
4536| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
4537| [43885] Oracle WebLogic Server Apache Connector buffer overflow
4538| [42987] Apache HTTP Server mod_proxy module denial of service
4539| [42915] Apache Tomcat JSP files path disclosure
4540| [42914] Apache Tomcat MS-DOS path disclosure
4541| [42892] Apache Tomcat unspecified unauthorized access
4542| [42816] Apache Tomcat Host Manager cross-site scripting
4543| [42303] Apache 403 error cross-site scripting
4544| [41618] Apache-SSL ExpandCert() authentication bypass
4545| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
4546| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
4547| [40614] Apache mod_jk2 HTTP Host header buffer overflow
4548| [40562] Apache Geronimo init information disclosure
4549| [40478] Novell Web Manager webadmin-apache.conf security bypass
4550| [40411] Apache Tomcat exception handling information disclosure
4551| [40409] Apache Tomcat native (APR based) connector weak security
4552| [40403] Apache Tomcat quotes and %5C cookie information disclosure
4553| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
4554| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
4555| [39867] Apache HTTP Server mod_negotiation cross-site scripting
4556| [39804] Apache Tomcat SingleSignOn information disclosure
4557| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
4558| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
4559| [39608] Apache HTTP Server balancer manager cross-site request forgery
4560| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
4561| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
4562| [39472] Apache HTTP Server mod_status cross-site scripting
4563| [39201] Apache Tomcat JULI logging weak security
4564| [39158] Apache HTTP Server Windows SMB shares information disclosure
4565| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
4566| [38951] Apache::AuthCAS Perl module cookie SQL injection
4567| [38800] Apache HTTP Server 413 error page cross-site scripting
4568| [38211] Apache Geronimo SQLLoginModule authentication bypass
4569| [37243] Apache Tomcat WebDAV directory traversal
4570| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
4571| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
4572| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
4573| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
4574| [36782] Apache Geronimo MEJB unauthorized access
4575| [36586] Apache HTTP Server UTF-7 cross-site scripting
4576| [36468] Apache Geronimo LoginModule security bypass
4577| [36467] Apache Tomcat functions.jsp cross-site scripting
4578| [36402] Apache Tomcat calendar cross-site request forgery
4579| [36354] Apache HTTP Server mod_proxy module denial of service
4580| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
4581| [36336] Apache Derby lock table privilege escalation
4582| [36335] Apache Derby schema privilege escalation
4583| [36006] Apache Tomcat "
4584| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
4585| [35999] Apache Tomcat \"
4586| [35795] Apache Tomcat CookieExample cross-site scripting
4587| [35536] Apache Tomcat SendMailServlet example cross-site scripting
4588| [35384] Apache HTTP Server mod_cache module denial of service
4589| [35097] Apache HTTP Server mod_status module cross-site scripting
4590| [35095] Apache HTTP Server Prefork MPM module denial of service
4591| [34984] Apache HTTP Server recall_headers information disclosure
4592| [34966] Apache HTTP Server MPM content spoofing
4593| [34965] Apache HTTP Server MPM information disclosure
4594| [34963] Apache HTTP Server MPM multiple denial of service
4595| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
4596| [34869] Apache Tomcat JSP example Web application cross-site scripting
4597| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
4598| [34496] Apache Tomcat JK Connector security bypass
4599| [34377] Apache Tomcat hello.jsp cross-site scripting
4600| [34212] Apache Tomcat SSL configuration security bypass
4601| [34210] Apache Tomcat Accept-Language cross-site scripting
4602| [34209] Apache Tomcat calendar application cross-site scripting
4603| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
4604| [34167] Apache Axis WSDL file path disclosure
4605| [34068] Apache Tomcat AJP connector information disclosure
4606| [33584] Apache HTTP Server suEXEC privilege escalation
4607| [32988] Apache Tomcat proxy module directory traversal
4608| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
4609| [32708] Debian Apache tty privilege escalation
4610| [32441] ApacheStats extract() PHP call unspecified
4611| [32128] Apache Tomcat default account
4612| [31680] Apache Tomcat RequestParamExample cross-site scripting
4613| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
4614| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
4615| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
4616| [30456] Apache mod_auth_kerb off-by-one buffer overflow
4617| [29550] Apache mod_tcl set_var() format string
4618| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
4619| [28357] Apache HTTP Server mod_alias script source information disclosure
4620| [28063] Apache mod_rewrite off-by-one buffer overflow
4621| [27902] Apache Tomcat URL information disclosure
4622| [26786] Apache James SMTP server denial of service
4623| [25680] libapache2 /tmp/svn file upload
4624| [25614] Apache Struts lookupMap cross-site scripting
4625| [25613] Apache Struts ActionForm denial of service
4626| [25612] Apache Struts isCancelled() security bypass
4627| [24965] Apache mod_python FileSession command execution
4628| [24716] Apache James spooler memory leak denial of service
4629| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
4630| [24158] Apache Geronimo jsp-examples cross-site scripting
4631| [24030] Apache auth_ldap module multiple format strings
4632| [24008] Apache mod_ssl custom error message denial of service
4633| [24003] Apache mod_auth_pgsql module multiple syslog format strings
4634| [23612] Apache mod_imap referer field cross-site scripting
4635| [23173] Apache Struts error message cross-site scripting
4636| [22942] Apache Tomcat directory listing denial of service
4637| [22858] Apache Multi-Processing Module code allows denial of service
4638| [22602] RHSA-2005:582 updates for Apache httpd not installed
4639| [22520] Apache mod-auth-shadow "
4640| [22466] ApacheTop symlink
4641| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
4642| [22006] Apache HTTP Server byte-range filter denial of service
4643| [21567] Apache mod_ssl off-by-one buffer overflow
4644| [21195] Apache HTTP Server header HTTP request smuggling
4645| [20383] Apache HTTP Server htdigest buffer overflow
4646| [19681] Apache Tomcat AJP12 request denial of service
4647| [18993] Apache HTTP server check_forensic symlink attack
4648| [18790] Apache Tomcat Manager cross-site scripting
4649| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
4650| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
4651| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
4652| [17961] Apache Web server ServerTokens has not been set
4653| [17930] Apache HTTP Server HTTP GET request denial of service
4654| [17785] Apache mod_include module buffer overflow
4655| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
4656| [17473] Apache HTTP Server Satisfy directive allows access to resources
4657| [17413] Apache htpasswd buffer overflow
4658| [17384] Apache HTTP Server environment variable configuration file buffer overflow
4659| [17382] Apache HTTP Server IPv6 apr_util denial of service
4660| [17366] Apache HTTP Server mod_dav module LOCK denial of service
4661| [17273] Apache HTTP Server speculative mode denial of service
4662| [17200] Apache HTTP Server mod_ssl denial of service
4663| [16890] Apache HTTP Server server-info request has been detected
4664| [16889] Apache HTTP Server server-status request has been detected
4665| [16705] Apache mod_ssl format string attack
4666| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
4667| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
4668| [16230] Apache HTTP Server PHP denial of service
4669| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
4670| [15958] Apache HTTP Server authentication modules memory corruption
4671| [15547] Apache HTTP Server mod_disk_cache local information disclosure
4672| [15540] Apache HTTP Server socket starvation denial of service
4673| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
4674| [15422] Apache HTTP Server mod_access information disclosure
4675| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
4676| [15293] Apache for Cygwin "
4677| [15065] Apache-SSL has a default password
4678| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
4679| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
4680| [14751] Apache Mod_python output filter information disclosure
4681| [14125] Apache HTTP Server mod_userdir module information disclosure
4682| [14075] Apache HTTP Server mod_php file descriptor leak
4683| [13703] Apache HTTP Server account
4684| [13689] Apache HTTP Server configuration allows symlinks
4685| [13688] Apache HTTP Server configuration allows SSI
4686| [13687] Apache HTTP Server Server: header value
4687| [13685] Apache HTTP Server ServerTokens value
4688| [13684] Apache HTTP Server ServerSignature value
4689| [13672] Apache HTTP Server config allows directory autoindexing
4690| [13671] Apache HTTP Server default content
4691| [13670] Apache HTTP Server config file directive references outside content root
4692| [13668] Apache HTTP Server httpd not running in chroot environment
4693| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
4694| [13664] Apache HTTP Server config file contains ScriptAlias entry
4695| [13663] Apache HTTP Server CGI support modules loaded
4696| [13661] Apache HTTP Server config file contains AddHandler entry
4697| [13660] Apache HTTP Server 500 error page not CGI script
4698| [13659] Apache HTTP Server 413 error page not CGI script
4699| [13658] Apache HTTP Server 403 error page not CGI script
4700| [13657] Apache HTTP Server 401 error page not CGI script
4701| [13552] Apache HTTP Server mod_cgid module information disclosure
4702| [13550] Apache GET request directory traversal
4703| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
4704| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
4705| [13429] Apache Tomcat non-HTTP request denial of service
4706| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
4707| [13295] Apache weak password encryption
4708| [13254] Apache Tomcat .jsp cross-site scripting
4709| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
4710| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
4711| [12681] Apache HTTP Server mod_proxy could allow mail relaying
4712| [12662] Apache HTTP Server rotatelogs denial of service
4713| [12554] Apache Tomcat stores password in plain text
4714| [12553] Apache HTTP Server redirects and subrequests denial of service
4715| [12552] Apache HTTP Server FTP proxy server denial of service
4716| [12551] Apache HTTP Server prefork MPM denial of service
4717| [12550] Apache HTTP Server weaker than expected encryption
4718| [12549] Apache HTTP Server type-map file denial of service
4719| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
4720| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
4721| [12091] Apache HTTP Server apr_password_validate denial of service
4722| [12090] Apache HTTP Server apr_psprintf code execution
4723| [11804] Apache HTTP Server mod_access_referer denial of service
4724| [11750] Apache HTTP Server could leak sensitive file descriptors
4725| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
4726| [11703] Apache long slash path allows directory listing
4727| [11695] Apache HTTP Server LF (Line Feed) denial of service
4728| [11694] Apache HTTP Server filestat.c denial of service
4729| [11438] Apache HTTP Server MIME message boundaries information disclosure
4730| [11412] Apache HTTP Server error log terminal escape sequence injection
4731| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
4732| [11195] Apache Tomcat web.xml could be used to read files
4733| [11194] Apache Tomcat URL appended with a null character could list directories
4734| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
4735| [11126] Apache HTTP Server illegal character file disclosure
4736| [11125] Apache HTTP Server DOS device name HTTP POST code execution
4737| [11124] Apache HTTP Server DOS device name denial of service
4738| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
4739| [10938] Apache HTTP Server printenv test CGI cross-site scripting
4740| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
4741| [10575] Apache mod_php module could allow an attacker to take over the httpd process
4742| [10499] Apache HTTP Server WebDAV HTTP POST view source
4743| [10457] Apache HTTP Server mod_ssl "
4744| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
4745| [10414] Apache HTTP Server htdigest multiple buffer overflows
4746| [10413] Apache HTTP Server htdigest temporary file race condition
4747| [10412] Apache HTTP Server htpasswd temporary file race condition
4748| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
4749| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
4750| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
4751| [10280] Apache HTTP Server shared memory scorecard overwrite
4752| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
4753| [10241] Apache HTTP Server Host: header cross-site scripting
4754| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
4755| [10208] Apache HTTP Server mod_dav denial of service
4756| [10206] HP VVOS Apache mod_ssl denial of service
4757| [10200] Apache HTTP Server stderr denial of service
4758| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
4759| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
4760| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
4761| [10098] Slapper worm targets OpenSSL/Apache systems
4762| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
4763| [9875] Apache HTTP Server .var file request could disclose installation path
4764| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
4765| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
4766| [9623] Apache HTTP Server ap_log_rerror() path disclosure
4767| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
4768| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
4769| [9396] Apache Tomcat null character to threads denial of service
4770| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
4771| [9249] Apache HTTP Server chunked encoding heap buffer overflow
4772| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
4773| [8932] Apache Tomcat example class information disclosure
4774| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
4775| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
4776| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
4777| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
4778| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
4779| [8400] Apache HTTP Server mod_frontpage buffer overflows
4780| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
4781| [8308] Apache "
4782| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
4783| [8119] Apache and PHP OPTIONS request reveals "
4784| [8054] Apache is running on the system
4785| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
4786| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
4787| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
4788| [7836] Apache HTTP Server log directory denial of service
4789| [7815] Apache for Windows "
4790| [7810] Apache HTTP request could result in unexpected behavior
4791| [7599] Apache Tomcat reveals installation path
4792| [7494] Apache "
4793| [7419] Apache Web Server could allow remote attackers to overwrite .log files
4794| [7363] Apache Web Server hidden HTTP requests
4795| [7249] Apache mod_proxy denial of service
4796| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
4797| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
4798| [7059] Apache "
4799| [7057] Apache "
4800| [7056] Apache "
4801| [7055] Apache "
4802| [7054] Apache "
4803| [6997] Apache Jakarta Tomcat error message may reveal information
4804| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
4805| [6970] Apache crafted HTTP request could reveal the internal IP address
4806| [6921] Apache long slash path allows directory listing
4807| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
4808| [6527] Apache Web Server for Windows and OS2 denial of service
4809| [6316] Apache Jakarta Tomcat may reveal JSP source code
4810| [6305] Apache Jakarta Tomcat directory traversal
4811| [5926] Linux Apache symbolic link
4812| [5659] Apache Web server discloses files when used with php script
4813| [5310] Apache mod_rewrite allows attacker to view arbitrary files
4814| [5204] Apache WebDAV directory listings
4815| [5197] Apache Web server reveals CGI script source code
4816| [5160] Apache Jakarta Tomcat default installation
4817| [5099] Trustix Secure Linux installs Apache with world writable access
4818| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
4819| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
4820| [4931] Apache source.asp example file allows users to write to files
4821| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
4822| [4205] Apache Jakarta Tomcat delivers file contents
4823| [2084] Apache on Debian by default serves the /usr/doc directory
4824| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
4825| [697] Apache HTTP server beck exploit
4826| [331] Apache cookies buffer overflow
4827|
4828| Exploit-DB - https://www.exploit-db.com:
4829| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
4830| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4831| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4832| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
4833| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
4834| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
4835| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
4836| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
4837| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
4838| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4839| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
4840| [29859] Apache Roller OGNL Injection
4841| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
4842| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
4843| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
4844| [29290] Apache / PHP 5.x Remote Code Execution Exploit
4845| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
4846| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
4847| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
4848| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
4849| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
4850| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
4851| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
4852| [27096] Apache Geronimo 1.0 Error Page XSS
4853| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
4854| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
4855| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
4856| [25986] Plesk Apache Zeroday Remote Exploit
4857| [25980] Apache Struts includeParams Remote Code Execution
4858| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
4859| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
4860| [24874] Apache Struts ParametersInterceptor Remote Code Execution
4861| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
4862| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
4863| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
4864| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
4865| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
4866| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
4867| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
4868| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
4869| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
4870| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
4871| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
4872| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
4873| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
4874| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
4875| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
4876| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
4877| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4878| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
4879| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
4880| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4881| [21719] Apache 2.0 Path Disclosure Vulnerability
4882| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4883| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
4884| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
4885| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
4886| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
4887| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
4888| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
4889| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
4890| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
4891| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
4892| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
4893| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
4894| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
4895| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
4896| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
4897| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
4898| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
4899| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
4900| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
4901| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
4902| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
4903| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
4904| [20558] Apache 1.2 Web Server DoS Vulnerability
4905| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
4906| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
4907| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
4908| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
4909| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
4910| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
4911| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
4912| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
4913| [19231] PHP apache_request_headers Function Buffer Overflow
4914| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
4915| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
4916| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
4917| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
4918| [18442] Apache httpOnly Cookie Disclosure
4919| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
4920| [18221] Apache HTTP Server Denial of Service
4921| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
4922| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
4923| [17691] Apache Struts < 2.2.0 - Remote Command Execution
4924| [16798] Apache mod_jk 1.2.20 Buffer Overflow
4925| [16782] Apache Win32 Chunked Encoding
4926| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
4927| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
4928| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
4929| [15319] Apache 2.2 (Windows) Local Denial of Service
4930| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
4931| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
4932| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
4933| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
4934| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
4935| [12330] Apache OFBiz - Multiple XSS
4936| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
4937| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
4938| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
4939| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
4940| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
4941| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
4942| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
4943| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4944| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4945| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
4946| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
4947| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
4948| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
4949| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
4950| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
4951| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
4952| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
4953| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
4954| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
4955| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
4956| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
4957| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
4958| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
4959| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
4960| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
4961| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
4962| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
4963| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
4964| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
4965| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
4966| [466] htpasswd Apache 1.3.31 - Local Exploit
4967| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
4968| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
4969| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
4970| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
4971| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
4972| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
4973| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
4974| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
4975| [9] Apache HTTP Server 2.x Memory Leak Exploit
4976|
4977| OpenVAS (Nessus) - http://www.openvas.org:
4978| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
4979| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
4980| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4981| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
4982| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
4983| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4984| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4985| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
4986| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
4987| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
4988| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
4989| [900571] Apache APR-Utils Version Detection
4990| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
4991| [900496] Apache Tiles Multiple XSS Vulnerability
4992| [900493] Apache Tiles Version Detection
4993| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
4994| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
4995| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
4996| [870175] RedHat Update for apache RHSA-2008:0004-01
4997| [864591] Fedora Update for apache-poi FEDORA-2012-10835
4998| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
4999| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5000| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5001| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5002| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5003| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5004| [855821] Solaris Update for Apache 1.3 122912-19
5005| [855812] Solaris Update for Apache 1.3 122911-19
5006| [855737] Solaris Update for Apache 1.3 122911-17
5007| [855731] Solaris Update for Apache 1.3 122912-17
5008| [855695] Solaris Update for Apache 1.3 122911-16
5009| [855645] Solaris Update for Apache 1.3 122912-16
5010| [855587] Solaris Update for kernel update and Apache 108529-29
5011| [855566] Solaris Update for Apache 116973-07
5012| [855531] Solaris Update for Apache 116974-07
5013| [855524] Solaris Update for Apache 2 120544-14
5014| [855494] Solaris Update for Apache 1.3 122911-15
5015| [855478] Solaris Update for Apache Security 114145-11
5016| [855472] Solaris Update for Apache Security 113146-12
5017| [855179] Solaris Update for Apache 1.3 122912-15
5018| [855147] Solaris Update for kernel update and Apache 108528-29
5019| [855077] Solaris Update for Apache 2 120543-14
5020| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5021| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5022| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5023| [841209] Ubuntu Update for apache2 USN-1627-1
5024| [840900] Ubuntu Update for apache2 USN-1368-1
5025| [840798] Ubuntu Update for apache2 USN-1259-1
5026| [840734] Ubuntu Update for apache2 USN-1199-1
5027| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5028| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5029| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5030| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5031| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5032| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5033| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5034| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5035| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5036| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5037| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5038| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5039| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5040| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5041| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5042| [835188] HP-UX Update for Apache HPSBUX02308
5043| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5044| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5045| [835172] HP-UX Update for Apache HPSBUX02365
5046| [835168] HP-UX Update for Apache HPSBUX02313
5047| [835148] HP-UX Update for Apache HPSBUX01064
5048| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5049| [835131] HP-UX Update for Apache HPSBUX00256
5050| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5051| [835104] HP-UX Update for Apache HPSBUX00224
5052| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5053| [835101] HP-UX Update for Apache HPSBUX01232
5054| [835080] HP-UX Update for Apache HPSBUX02273
5055| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5056| [835044] HP-UX Update for Apache HPSBUX01019
5057| [835040] HP-UX Update for Apache PHP HPSBUX00207
5058| [835025] HP-UX Update for Apache HPSBUX00197
5059| [835023] HP-UX Update for Apache HPSBUX01022
5060| [835022] HP-UX Update for Apache HPSBUX02292
5061| [835005] HP-UX Update for Apache HPSBUX02262
5062| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5063| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5064| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5065| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5066| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5067| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5068| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5069| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5070| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5071| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5072| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5073| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5074| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5075| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5076| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5077| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5078| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5079| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5080| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5081| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5082| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5083| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5084| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5085| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5086| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5087| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5088| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5089| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5090| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5091| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5092| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5093| [801942] Apache Archiva Multiple Vulnerabilities
5094| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5095| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5096| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5097| [801284] Apache Derby Information Disclosure Vulnerability
5098| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5099| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5100| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5101| [800680] Apache APR Version Detection
5102| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5103| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5104| [800677] Apache Roller Version Detection
5105| [800279] Apache mod_jk Module Version Detection
5106| [800278] Apache Struts Cross Site Scripting Vulnerability
5107| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5108| [800276] Apache Struts Version Detection
5109| [800271] Apache Struts Directory Traversal Vulnerability
5110| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5111| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5112| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5113| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5114| [103074] Apache Continuum Cross Site Scripting Vulnerability
5115| [103073] Apache Continuum Detection
5116| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5117| [101023] Apache Open For Business Weak Password security check
5118| [101020] Apache Open For Business HTML injection vulnerability
5119| [101019] Apache Open For Business service detection
5120| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5121| [100923] Apache Archiva Detection
5122| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5123| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5124| [100813] Apache Axis2 Detection
5125| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5126| [100795] Apache Derby Detection
5127| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5128| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5129| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5130| [100514] Apache Multiple Security Vulnerabilities
5131| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5132| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5133| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5134| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5135| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5136| [72612] FreeBSD Ports: apache22
5137| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5138| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5139| [71512] FreeBSD Ports: apache
5140| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5141| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5142| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5143| [70737] FreeBSD Ports: apache
5144| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5145| [70600] FreeBSD Ports: apache
5146| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5147| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5148| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5149| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5150| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5151| [67868] FreeBSD Ports: apache
5152| [66816] FreeBSD Ports: apache
5153| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5154| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5155| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5156| [66081] SLES11: Security update for Apache 2
5157| [66074] SLES10: Security update for Apache 2
5158| [66070] SLES9: Security update for Apache 2
5159| [65998] SLES10: Security update for apache2-mod_python
5160| [65893] SLES10: Security update for Apache 2
5161| [65888] SLES10: Security update for Apache 2
5162| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5163| [65510] SLES9: Security update for Apache 2
5164| [65472] SLES9: Security update for Apache
5165| [65467] SLES9: Security update for Apache
5166| [65450] SLES9: Security update for apache2
5167| [65390] SLES9: Security update for Apache2
5168| [65363] SLES9: Security update for Apache2
5169| [65309] SLES9: Security update for Apache and mod_ssl
5170| [65296] SLES9: Security update for webdav apache module
5171| [65283] SLES9: Security update for Apache2
5172| [65249] SLES9: Security update for Apache 2
5173| [65230] SLES9: Security update for Apache 2
5174| [65228] SLES9: Security update for Apache 2
5175| [65212] SLES9: Security update for apache2-mod_python
5176| [65209] SLES9: Security update for apache2-worker
5177| [65207] SLES9: Security update for Apache 2
5178| [65168] SLES9: Security update for apache2-mod_python
5179| [65142] SLES9: Security update for Apache2
5180| [65136] SLES9: Security update for Apache 2
5181| [65132] SLES9: Security update for apache
5182| [65131] SLES9: Security update for Apache 2 oes/CORE
5183| [65113] SLES9: Security update for apache2
5184| [65072] SLES9: Security update for apache and mod_ssl
5185| [65017] SLES9: Security update for Apache 2
5186| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5187| [64783] FreeBSD Ports: apache
5188| [64774] Ubuntu USN-802-2 (apache2)
5189| [64653] Ubuntu USN-813-2 (apache2)
5190| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5191| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5192| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5193| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5194| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5195| [64443] Ubuntu USN-802-1 (apache2)
5196| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5197| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5198| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5199| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5200| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5201| [64201] Ubuntu USN-787-1 (apache2)
5202| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5203| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5204| [63565] FreeBSD Ports: apache
5205| [63562] Ubuntu USN-731-1 (apache2)
5206| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5207| [61185] FreeBSD Ports: apache
5208| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5209| [60387] Slackware Advisory SSA:2008-045-02 apache
5210| [58826] FreeBSD Ports: apache-tomcat
5211| [58825] FreeBSD Ports: apache-tomcat
5212| [58804] FreeBSD Ports: apache
5213| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5214| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5215| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5216| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5217| [57335] Debian Security Advisory DSA 1167-1 (apache)
5218| [57201] Debian Security Advisory DSA 1131-1 (apache)
5219| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5220| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5221| [57145] FreeBSD Ports: apache
5222| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5223| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5224| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5225| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5226| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5227| [56067] FreeBSD Ports: apache
5228| [55803] Slackware Advisory SSA:2005-310-04 apache
5229| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5230| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5231| [55355] FreeBSD Ports: apache
5232| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5233| [55261] Debian Security Advisory DSA 805-1 (apache2)
5234| [55259] Debian Security Advisory DSA 803-1 (apache)
5235| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5236| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5237| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5238| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5239| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5240| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5241| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5242| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5243| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5244| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5245| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5246| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5247| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5248| [54439] FreeBSD Ports: apache
5249| [53931] Slackware Advisory SSA:2004-133-01 apache
5250| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5251| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5252| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5253| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5254| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5255| [53848] Debian Security Advisory DSA 131-1 (apache)
5256| [53784] Debian Security Advisory DSA 021-1 (apache)
5257| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5258| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5259| [53735] Debian Security Advisory DSA 187-1 (apache)
5260| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5261| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5262| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5263| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
5264| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
5265| [53282] Debian Security Advisory DSA 594-1 (apache)
5266| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
5267| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
5268| [53215] Debian Security Advisory DSA 525-1 (apache)
5269| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
5270| [52529] FreeBSD Ports: apache+ssl
5271| [52501] FreeBSD Ports: apache
5272| [52461] FreeBSD Ports: apache
5273| [52390] FreeBSD Ports: apache
5274| [52389] FreeBSD Ports: apache
5275| [52388] FreeBSD Ports: apache
5276| [52383] FreeBSD Ports: apache
5277| [52339] FreeBSD Ports: apache+mod_ssl
5278| [52331] FreeBSD Ports: apache
5279| [52329] FreeBSD Ports: ru-apache+mod_ssl
5280| [52314] FreeBSD Ports: apache
5281| [52310] FreeBSD Ports: apache
5282| [15588] Detect Apache HTTPS
5283| [15555] Apache mod_proxy content-length buffer overflow
5284| [15554] Apache mod_include priviledge escalation
5285| [14771] Apache <= 1.3.33 htpasswd local overflow
5286| [14177] Apache mod_access rule bypass
5287| [13644] Apache mod_rootme Backdoor
5288| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
5289| [12280] Apache Connection Blocking Denial of Service
5290| [12239] Apache Error Log Escape Sequence Injection
5291| [12123] Apache Tomcat source.jsp malformed request information disclosure
5292| [12085] Apache Tomcat servlet/JSP container default files
5293| [11438] Apache Tomcat Directory Listing and File disclosure
5294| [11204] Apache Tomcat Default Accounts
5295| [11092] Apache 2.0.39 Win32 directory traversal
5296| [11046] Apache Tomcat TroubleShooter Servlet Installed
5297| [11042] Apache Tomcat DOS Device Name XSS
5298| [11041] Apache Tomcat /servlet Cross Site Scripting
5299| [10938] Apache Remote Command Execution via .bat files
5300| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
5301| [10773] MacOS X Finder reveals contents of Apache Web files
5302| [10766] Apache UserDir Sensitive Information Disclosure
5303| [10756] MacOS X Finder reveals contents of Apache Web directories
5304| [10752] Apache Auth Module SQL Insertion Attack
5305| [10704] Apache Directory Listing
5306| [10678] Apache /server-info accessible
5307| [10677] Apache /server-status accessible
5308| [10440] Check for Apache Multiple / vulnerability
5309|
5310| SecurityTracker - https://www.securitytracker.com:
5311| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
5312| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
5313| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
5314| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
5315| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5316| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5317| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5318| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
5319| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
5320| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
5321| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
5322| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
5323| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
5324| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
5325| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
5326| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
5327| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
5328| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
5329| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
5330| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
5331| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
5332| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
5333| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
5334| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
5335| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
5336| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5337| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
5338| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
5339| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
5340| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
5341| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
5342| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
5343| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
5344| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
5345| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
5346| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
5347| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
5348| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
5349| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
5350| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
5351| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
5352| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
5353| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
5354| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
5355| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
5356| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
5357| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
5358| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
5359| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
5360| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
5361| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
5362| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
5363| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
5364| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
5365| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
5366| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
5367| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
5368| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
5369| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
5370| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
5371| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
5372| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
5373| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
5374| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
5375| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
5376| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
5377| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
5378| [1024096] Apache mod_proxy_http May Return Results for a Different Request
5379| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
5380| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
5381| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
5382| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
5383| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
5384| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
5385| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
5386| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
5387| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
5388| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
5389| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
5390| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
5391| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
5392| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5393| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
5394| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
5395| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
5396| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
5397| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
5398| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
5399| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
5400| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
5401| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
5402| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
5403| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
5404| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
5405| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
5406| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
5407| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
5408| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
5409| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
5410| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
5411| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
5412| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
5413| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
5414| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
5415| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
5416| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
5417| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
5418| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
5419| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
5420| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
5421| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
5422| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
5423| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
5424| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
5425| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
5426| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
5427| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
5428| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
5429| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
5430| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
5431| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
5432| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
5433| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
5434| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
5435| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
5436| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
5437| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
5438| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
5439| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
5440| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
5441| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
5442| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
5443| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
5444| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
5445| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
5446| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
5447| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
5448| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
5449| [1008920] Apache mod_digest May Validate Replayed Client Responses
5450| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
5451| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
5452| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
5453| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
5454| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
5455| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
5456| [1008030] Apache mod_rewrite Contains a Buffer Overflow
5457| [1008029] Apache mod_alias Contains a Buffer Overflow
5458| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
5459| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
5460| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
5461| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
5462| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
5463| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
5464| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
5465| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
5466| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
5467| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
5468| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
5469| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
5470| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
5471| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
5472| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
5473| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
5474| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
5475| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
5476| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
5477| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
5478| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
5479| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
5480| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
5481| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
5482| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
5483| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
5484| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
5485| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
5486| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
5487| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
5488| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
5489| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
5490| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
5491| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
5492| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
5493| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
5494| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
5495| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
5496| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5497| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
5498| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
5499| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
5500| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
5501| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
5502| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
5503| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
5504| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
5505| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
5506| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
5507| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
5508| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
5509| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
5510| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
5511| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
5512| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
5513| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
5514|
5515| OSVDB - http://www.osvdb.org:
5516| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
5517| [96077] Apache CloudStack Global Settings Multiple Field XSS
5518| [96076] Apache CloudStack Instances Menu Display Name Field XSS
5519| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
5520| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
5521| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
5522| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
5523| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
5524| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
5525| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
5526| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
5527| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
5528| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5529| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
5530| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
5531| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
5532| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
5533| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
5534| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
5535| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
5536| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
5537| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
5538| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
5539| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
5540| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
5541| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
5542| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
5543| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
5544| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
5545| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
5546| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
5547| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
5548| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
5549| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
5550| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
5551| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
5552| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
5553| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
5554| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
5555| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
5556| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
5557| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
5558| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
5559| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
5560| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
5561| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
5562| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
5563| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
5564| [94279] Apache Qpid CA Certificate Validation Bypass
5565| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
5566| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
5567| [94042] Apache Axis JAX-WS Java Unspecified Exposure
5568| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
5569| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
5570| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
5571| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
5572| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
5573| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
5574| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
5575| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
5576| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
5577| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
5578| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
5579| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
5580| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
5581| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
5582| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
5583| [93541] Apache Solr json.wrf Callback XSS
5584| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
5585| [93521] Apache jUDDI Security API Token Session Persistence Weakness
5586| [93520] Apache CloudStack Default SSL Key Weakness
5587| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
5588| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
5589| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
5590| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
5591| [93515] Apache HBase table.jsp name Parameter XSS
5592| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
5593| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
5594| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
5595| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
5596| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
5597| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
5598| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
5599| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
5600| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
5601| [93252] Apache Tomcat FORM Authenticator Session Fixation
5602| [93172] Apache Camel camel/endpoints/ Endpoint XSS
5603| [93171] Apache Sling HtmlResponse Error Message XSS
5604| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
5605| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
5606| [93168] Apache Click ErrorReport.java id Parameter XSS
5607| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
5608| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
5609| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
5610| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
5611| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
5612| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
5613| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
5614| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
5615| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
5616| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
5617| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
5618| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
5619| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
5620| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
5621| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
5622| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
5623| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
5624| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
5625| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
5626| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
5627| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
5628| [93144] Apache Solr Admin Command Execution CSRF
5629| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
5630| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
5631| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
5632| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
5633| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
5634| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
5635| [92748] Apache CloudStack VM Console Access Restriction Bypass
5636| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
5637| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
5638| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
5639| [92706] Apache ActiveMQ Debug Log Rendering XSS
5640| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
5641| [92270] Apache Tomcat Unspecified CSRF
5642| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
5643| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
5644| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
5645| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
5646| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
5647| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
5648| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
5649| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
5650| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
5651| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
5652| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
5653| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
5654| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
5655| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
5656| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
5657| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
5658| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
5659| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
5660| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
5661| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
5662| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
5663| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
5664| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
5665| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
5666| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
5667| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
5668| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
5669| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
5670| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
5671| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
5672| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
5673| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
5674| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
5675| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
5676| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
5677| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
5678| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
5679| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
5680| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
5681| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
5682| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
5683| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
5684| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
5685| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
5686| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
5687| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
5688| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
5689| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
5690| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
5691| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
5692| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
5693| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
5694| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
5695| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
5696| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
5697| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
5698| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
5699| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
5700| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
5701| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
5702| [86901] Apache Tomcat Error Message Path Disclosure
5703| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
5704| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
5705| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
5706| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
5707| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
5708| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
5709| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
5710| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
5711| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
5712| [85430] Apache mod_pagespeed Module Unspecified XSS
5713| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
5714| [85249] Apache Wicket Unspecified XSS
5715| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
5716| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
5717| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
5718| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
5719| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
5720| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
5721| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
5722| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
5723| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
5724| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
5725| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
5726| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
5727| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
5728| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
5729| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
5730| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
5731| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
5732| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
5733| [83339] Apache Roller Blogger Roll Unspecified XSS
5734| [83270] Apache Roller Unspecified Admin Action CSRF
5735| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
5736| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
5737| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
5738| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
5739| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
5740| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
5741| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
5742| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
5743| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
5744| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
5745| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
5746| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
5747| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
5748| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
5749| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
5750| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
5751| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
5752| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
5753| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
5754| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
5755| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
5756| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
5757| [80300] Apache Wicket wicket:pageMapName Parameter XSS
5758| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
5759| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
5760| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
5761| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
5762| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
5763| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
5764| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
5765| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
5766| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
5767| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
5768| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
5769| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
5770| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
5771| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
5772| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
5773| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
5774| [78331] Apache Tomcat Request Object Recycling Information Disclosure
5775| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
5776| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
5777| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
5778| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
5779| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
5780| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
5781| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
5782| [77593] Apache Struts Conversion Error OGNL Expression Injection
5783| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
5784| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
5785| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
5786| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
5787| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
5788| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
5789| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
5790| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
5791| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
5792| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
5793| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
5794| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
5795| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
5796| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
5797| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
5798| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
5799| [74725] Apache Wicket Multi Window Support Unspecified XSS
5800| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
5801| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
5802| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
5803| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
5804| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
5805| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
5806| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
5807| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
5808| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
5809| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
5810| [73644] Apache XML Security Signature Key Parsing Overflow DoS
5811| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
5812| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
5813| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
5814| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
5815| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
5816| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
5817| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
5818| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
5819| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
5820| [73154] Apache Archiva Multiple Unspecified CSRF
5821| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
5822| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
5823| [72238] Apache Struts Action / Method Names <
5824| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
5825| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
5826| [71557] Apache Tomcat HTML Manager Multiple XSS
5827| [71075] Apache Archiva User Management Page XSS
5828| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
5829| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
5830| [70924] Apache Continuum Multiple Admin Function CSRF
5831| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
5832| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
5833| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
5834| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
5835| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
5836| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
5837| [69520] Apache Archiva Administrator Credential Manipulation CSRF
5838| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
5839| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
5840| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
5841| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
5842| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
5843| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
5844| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
5845| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
5846| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
5847| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
5848| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
5849| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
5850| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
5851| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
5852| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
5853| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
5854| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
5855| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
5856| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
5857| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
5858| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
5859| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
5860| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
5861| [65054] Apache ActiveMQ Jetty Error Handler XSS
5862| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
5863| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
5864| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
5865| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
5866| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
5867| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
5868| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
5869| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
5870| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
5871| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
5872| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
5873| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
5874| [63895] Apache HTTP Server mod_headers Unspecified Issue
5875| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
5876| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
5877| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
5878| [63140] Apache Thrift Service Malformed Data Remote DoS
5879| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
5880| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
5881| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
5882| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
5883| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
5884| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
5885| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
5886| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
5887| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
5888| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
5889| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
5890| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
5891| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
5892| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
5893| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
5894| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
5895| [60678] Apache Roller Comment Email Notification Manipulation DoS
5896| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
5897| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
5898| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
5899| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
5900| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
5901| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
5902| [60232] PHP on Apache php.exe Direct Request Remote DoS
5903| [60176] Apache Tomcat Windows Installer Admin Default Password
5904| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
5905| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
5906| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
5907| [59944] Apache Hadoop jobhistory.jsp XSS
5908| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
5909| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
5910| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
5911| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
5912| [59019] Apache mod_python Cookie Salting Weakness
5913| [59018] Apache Harmony Error Message Handling Overflow
5914| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
5915| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
5916| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
5917| [59010] Apache Solr get-file.jsp XSS
5918| [59009] Apache Solr action.jsp XSS
5919| [59008] Apache Solr analysis.jsp XSS
5920| [59007] Apache Solr schema.jsp Multiple Parameter XSS
5921| [59006] Apache Beehive select / checkbox Tag XSS
5922| [59005] Apache Beehive jpfScopeID Global Parameter XSS
5923| [59004] Apache Beehive Error Message XSS
5924| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
5925| [59002] Apache Jetspeed default-page.psml URI XSS
5926| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
5927| [59000] Apache CXF Unsigned Message Policy Bypass
5928| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
5929| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
5930| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
5931| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
5932| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
5933| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
5934| [58993] Apache Hadoop browseBlock.jsp XSS
5935| [58991] Apache Hadoop browseDirectory.jsp XSS
5936| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
5937| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
5938| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
5939| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
5940| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
5941| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
5942| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
5943| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
5944| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
5945| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
5946| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
5947| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
5948| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
5949| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
5950| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
5951| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
5952| [58974] Apache Sling /apps Script User Session Management Access Weakness
5953| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
5954| [58931] Apache Geronimo Cookie Parameters Validation Weakness
5955| [58930] Apache Xalan-C++ XPath Handling Remote DoS
5956| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
5957| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
5958| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
5959| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
5960| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
5961| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
5962| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
5963| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
5964| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
5965| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
5966| [58805] Apache Derby Unauthenticated Database / Admin Access
5967| [58804] Apache Wicket Header Contribution Unspecified Issue
5968| [58803] Apache Wicket Session Fixation
5969| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
5970| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
5971| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
5972| [58799] Apache Tapestry Logging Cleartext Password Disclosure
5973| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
5974| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
5975| [58796] Apache Jetspeed Unsalted Password Storage Weakness
5976| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
5977| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
5978| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
5979| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
5980| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
5981| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
5982| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
5983| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
5984| [58775] Apache JSPWiki preview.jsp action Parameter XSS
5985| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
5986| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
5987| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
5988| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
5989| [58770] Apache JSPWiki Group.jsp group Parameter XSS
5990| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
5991| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
5992| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
5993| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
5994| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
5995| [58763] Apache JSPWiki Include Tag Multiple Script XSS
5996| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
5997| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
5998| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
5999| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6000| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6001| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6002| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6003| [58755] Apache Harmony DRLVM Non-public Class Member Access
6004| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6005| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6006| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6007| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6008| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6009| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6010| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6011| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6012| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6013| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6014| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6015| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6016| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6017| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6018| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6019| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6020| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6021| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6022| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6023| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6024| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6025| [58724] Apache Roller Logout Functionality Failure Session Persistence
6026| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6027| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6028| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6029| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6030| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6031| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6032| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6033| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6034| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6035| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6036| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6037| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6038| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6039| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6040| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6041| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6042| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6043| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6044| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6045| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6046| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6047| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6048| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6049| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6050| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6051| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6052| [58687] Apache Axis Invalid wsdl Request XSS
6053| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6054| [58685] Apache Velocity Template Designer Privileged Code Execution
6055| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6056| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6057| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6058| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6059| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6060| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6061| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6062| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6063| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6064| [58667] Apache Roller Database Cleartext Passwords Disclosure
6065| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6066| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6067| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6068| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6069| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6070| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6071| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6072| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6073| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6074| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6075| [56984] Apache Xerces2 Java Malformed XML Input DoS
6076| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6077| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6078| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6079| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6080| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6081| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6082| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6083| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6084| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6085| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6086| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6087| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6088| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6089| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6090| [55056] Apache Tomcat Cross-application TLD File Manipulation
6091| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6092| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6093| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6094| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6095| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6096| [54589] Apache Jserv Nonexistent JSP Request XSS
6097| [54122] Apache Struts s:a / s:url Tag href Element XSS
6098| [54093] Apache ActiveMQ Web Console JMS Message XSS
6099| [53932] Apache Geronimo Multiple Admin Function CSRF
6100| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6101| [53930] Apache Geronimo /console/portal/ URI XSS
6102| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6103| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6104| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6105| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6106| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6107| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6108| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6109| [53380] Apache Struts Unspecified XSS
6110| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6111| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6112| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6113| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6114| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6115| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6116| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6117| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6118| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6119| [51151] Apache Roller Search Function q Parameter XSS
6120| [50482] PHP with Apache php_value Order Unspecified Issue
6121| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6122| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6123| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6124| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6125| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6126| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6127| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6128| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6129| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6130| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6131| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6132| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6133| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6134| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6135| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6136| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6137| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6138| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6139| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6140| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6141| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6142| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6143| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6144| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6145| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6146| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6147| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6148| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6149| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6150| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6151| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6152| [43452] Apache Tomcat HTTP Request Smuggling
6153| [43309] Apache Geronimo LoginModule Login Method Bypass
6154| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6155| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6156| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6157| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6158| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6159| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6160| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6161| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6162| [42091] Apache Maven Site Plugin Installation Permission Weakness
6163| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6164| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6165| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6166| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6167| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6168| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6169| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6170| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6171| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6172| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6173| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6174| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6175| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6176| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6177| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6178| [40262] Apache HTTP Server mod_status refresh XSS
6179| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6180| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6181| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6182| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6183| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6184| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6185| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6186| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6187| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6188| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6189| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6190| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6191| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6192| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6193| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6194| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6195| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6196| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6197| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6198| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6199| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6200| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6201| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6202| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6203| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6204| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6205| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6206| [36079] Apache Tomcat Manager Uploaded Filename XSS
6207| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6208| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6209| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6210| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6211| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6212| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6213| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6214| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6215| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6216| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6217| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6218| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6219| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6220| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6221| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6222| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6223| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6224| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6225| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6226| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6227| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6228| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6229| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6230| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6231| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6232| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6233| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6234| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6235| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6236| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6237| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6238| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6239| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6240| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6241| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6242| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6243| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6244| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6245| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6246| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6247| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6248| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6249| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6250| [24365] Apache Struts Multiple Function Error Message XSS
6251| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6252| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6253| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6254| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6255| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6256| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6257| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6258| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6259| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6260| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6261| [22459] Apache Geronimo Error Page XSS
6262| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6263| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
6264| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
6265| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
6266| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
6267| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
6268| [21021] Apache Struts Error Message XSS
6269| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
6270| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
6271| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
6272| [20439] Apache Tomcat Directory Listing Saturation DoS
6273| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
6274| [20285] Apache HTTP Server Log File Control Character Injection
6275| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
6276| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
6277| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
6278| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
6279| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
6280| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
6281| [19821] Apache Tomcat Malformed Post Request Information Disclosure
6282| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
6283| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
6284| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
6285| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
6286| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
6287| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
6288| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
6289| [18233] Apache HTTP Server htdigest user Variable Overfow
6290| [17738] Apache HTTP Server HTTP Request Smuggling
6291| [16586] Apache HTTP Server Win32 GET Overflow DoS
6292| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
6293| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
6294| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
6295| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
6296| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
6297| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
6298| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
6299| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
6300| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
6301| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
6302| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
6303| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
6304| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
6305| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
6306| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
6307| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
6308| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
6309| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
6310| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
6311| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
6312| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
6313| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
6314| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
6315| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
6316| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
6317| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
6318| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
6319| [13304] Apache Tomcat realPath.jsp Path Disclosure
6320| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
6321| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
6322| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
6323| [12848] Apache HTTP Server htdigest realm Variable Overflow
6324| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
6325| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
6326| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
6327| [12557] Apache HTTP Server prefork MPM accept Error DoS
6328| [12233] Apache Tomcat MS-DOS Device Name Request DoS
6329| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
6330| [12231] Apache Tomcat web.xml Arbitrary File Access
6331| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
6332| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
6333| [12178] Apache Jakarta Lucene results.jsp XSS
6334| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
6335| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
6336| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
6337| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
6338| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
6339| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
6340| [10471] Apache Xerces-C++ XML Parser DoS
6341| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
6342| [10068] Apache HTTP Server htpasswd Local Overflow
6343| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
6344| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
6345| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
6346| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
6347| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
6348| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
6349| [9717] Apache HTTP Server mod_cookies Cookie Overflow
6350| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
6351| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
6352| [9714] Apache Authentication Module Threaded MPM DoS
6353| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
6354| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
6355| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
6356| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
6357| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
6358| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
6359| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
6360| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
6361| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
6362| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
6363| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
6364| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
6365| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
6366| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
6367| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
6368| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
6369| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
6370| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
6371| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
6372| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
6373| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
6374| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
6375| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
6376| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
6377| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
6378| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
6379| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
6380| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
6381| [9208] Apache Tomcat .jsp Encoded Newline XSS
6382| [9204] Apache Tomcat ROOT Application XSS
6383| [9203] Apache Tomcat examples Application XSS
6384| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
6385| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
6386| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
6387| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
6388| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
6389| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
6390| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
6391| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
6392| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
6393| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
6394| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
6395| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
6396| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
6397| [7611] Apache HTTP Server mod_alias Local Overflow
6398| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
6399| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
6400| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
6401| [6882] Apache mod_python Malformed Query String Variant DoS
6402| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
6403| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
6404| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
6405| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
6406| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
6407| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
6408| [5526] Apache Tomcat Long .JSP URI Path Disclosure
6409| [5278] Apache Tomcat web.xml Restriction Bypass
6410| [5051] Apache Tomcat Null Character DoS
6411| [4973] Apache Tomcat servlet Mapping XSS
6412| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
6413| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
6414| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
6415| [4568] mod_survey For Apache ENV Tags SQL Injection
6416| [4553] Apache HTTP Server ApacheBench Overflow DoS
6417| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
6418| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
6419| [4383] Apache HTTP Server Socket Race Condition DoS
6420| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
6421| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
6422| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
6423| [4231] Apache Cocoon Error Page Server Path Disclosure
6424| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
6425| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
6426| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
6427| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
6428| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
6429| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
6430| [3322] mod_php for Apache HTTP Server Process Hijack
6431| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
6432| [2885] Apache mod_python Malformed Query String DoS
6433| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
6434| [2733] Apache HTTP Server mod_rewrite Local Overflow
6435| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
6436| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
6437| [2149] Apache::Gallery Privilege Escalation
6438| [2107] Apache HTTP Server mod_ssl Host: Header XSS
6439| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
6440| [1833] Apache HTTP Server Multiple Slash GET Request DoS
6441| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
6442| [872] Apache Tomcat Multiple Default Accounts
6443| [862] Apache HTTP Server SSI Error Page XSS
6444| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
6445| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
6446| [845] Apache Tomcat MSDOS Device XSS
6447| [844] Apache Tomcat Java Servlet Error Page XSS
6448| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
6449| [838] Apache HTTP Server Chunked Encoding Remote Overflow
6450| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
6451| [775] Apache mod_python Module Importing Privilege Function Execution
6452| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
6453| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
6454| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
6455| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
6456| [637] Apache HTTP Server UserDir Directive Username Enumeration
6457| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
6458| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
6459| [562] Apache HTTP Server mod_info /server-info Information Disclosure
6460| [561] Apache Web Servers mod_status /server-status Information Disclosure
6461| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
6462| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
6463| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
6464| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
6465| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
6466| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
6467| [376] Apache Tomcat contextAdmin Arbitrary File Access
6468| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
6469| [222] Apache HTTP Server test-cgi Arbitrary File Access
6470| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
6471| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
6472|_
6473110/tcp open pop3 Dovecot pop3d
6474| vulscan: VulDB - https://vuldb.com:
6475| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
6476| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
6477| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
6478| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
6479| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
6480| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
6481| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
6482| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
6483| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
6484| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
6485| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
6486| [69835] Dovecot 2.2.0/2.2.1 denial of service
6487| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
6488| [65684] Dovecot up to 2.2.6 unknown vulnerability
6489| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
6490| [63692] Dovecot up to 2.0.15 spoofing
6491| [7062] Dovecot 2.1.10 mail-search.c denial of service
6492| [57517] Dovecot up to 2.0.12 Login directory traversal
6493| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
6494| [57515] Dovecot up to 2.0.12 Crash denial of service
6495| [54944] Dovecot up to 1.2.14 denial of service
6496| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
6497| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
6498| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
6499| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
6500| [53277] Dovecot up to 1.2.10 denial of service
6501| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
6502| [45256] Dovecot up to 1.1.5 directory traversal
6503| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
6504| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6505| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6506| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
6507| [40356] Dovecot 1.0.9 Cache unknown vulnerability
6508| [38222] Dovecot 1.0.2 directory traversal
6509| [36376] Dovecot up to 1.0.x directory traversal
6510| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
6511|
6512| MITRE CVE - https://cve.mitre.org:
6513| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
6514| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
6515| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
6516| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
6517| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
6518| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
6519| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
6520| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6521| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6522| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
6523| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
6524| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
6525| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
6526| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
6527| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
6528| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
6529| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
6530| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
6531| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
6532| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
6533| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
6534| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
6535| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
6536| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
6537| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
6538| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
6539| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
6540| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
6541| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
6542| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
6543| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
6544| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
6545| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
6546| [CVE-2002-0925] Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier.
6547| [CVE-2001-0143] vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
6548| [CVE-2000-1197] POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable names, which allows local users to cause a denial of service (lack of mail access) for other users by creating lock files for other mail boxes.
6549| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
6550|
6551| SecurityFocus - https://www.securityfocus.com/bid/:
6552| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
6553| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
6554| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
6555| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
6556| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
6557| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
6558| [67306] Dovecot Denial of Service Vulnerability
6559| [67219] akpop3d 'pszQuery' Remote Memory Corruption Vulnerability
6560| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
6561| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
6562| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
6563| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
6564| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
6565| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
6566| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
6567| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
6568| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
6569| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
6570| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
6571| [39838] tpop3d Remote Denial of Service Vulnerability
6572| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
6573| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
6574| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
6575| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
6576| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
6577| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
6578| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
6579| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
6580| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
6581| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
6582| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
6583| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
6584| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
6585| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
6586| [17961] Dovecot Remote Information Disclosure Vulnerability
6587| [16672] Dovecot Double Free Denial of Service Vulnerability
6588| [8495] akpop3d User Name SQL Injection Vulnerability
6589| [8473] Vpop3d Remote Denial Of Service Vulnerability
6590| [3990] ZPop3D Bad Login Logging Failure Vulnerability
6591| [2781] DynFX MailServer POP3d Denial of Service Vulnerability
6592|
6593| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6594| [86382] Dovecot POP3 Service denial of service
6595| [84396] Dovecot IMAP APPEND denial of service
6596| [80453] Dovecot mail-search.c denial of service
6597| [71354] Dovecot SSL Common Name (CN) weak security
6598| [67675] Dovecot script-login security bypass
6599| [67674] Dovecot script-login directory traversal
6600| [67589] Dovecot header name denial of service
6601| [63267] Apple Mac OS X Dovecot information disclosure
6602| [62340] Dovecot mailbox security bypass
6603| [62339] Dovecot IMAP or POP3 denial of service
6604| [62256] Dovecot mailbox security bypass
6605| [62255] Dovecot ACL entry security bypass
6606| [60639] Dovecot ACL plugin weak security
6607| [57267] Apple Mac OS X Dovecot Kerberos security bypass
6608| [56763] Dovecot header denial of service
6609| [54363] Dovecot base_dir privilege escalation
6610| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
6611| [46323] Dovecot dovecot.conf information disclosure
6612| [46227] Dovecot message parsing denial of service
6613| [45669] Dovecot ACL mailbox security bypass
6614| [45667] Dovecot ACL plugin rights security bypass
6615| [41085] Dovecot TAB characters authentication bypass
6616| [41009] Dovecot mail_extra_groups option unauthorized access
6617| [39342] Dovecot LDAP auth cache configuration security bypass
6618| [35767] Dovecot ACL plugin security bypass
6619| [34082] Dovecot mbox-storage.c directory traversal
6620| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
6621| [26578] Cyrus IMAP pop3d buffer overflow
6622| [26536] Dovecot IMAP LIST information disclosure
6623| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
6624| [24709] Dovecot APPEND command denial of service
6625| [13018] akpop3d authentication code SQL injection
6626| [7345] Slackware Linux imapd and ipop3d core dump
6627| [6269] imap, ipop2d and ipop3d buffer overflows
6628| [5923] Linuxconf vpop3d symbolic link
6629| [4918] IPOP3D, Buffer overflow attack
6630| [1560] IPOP3D, user login successful
6631| [1559] IPOP3D user login to remote host successful
6632| [1525] IPOP3D, user logout
6633| [1524] IPOP3D, user auto-logout
6634| [1523] IPOP3D, user login failure
6635| [1522] IPOP3D, brute force attack
6636| [1521] IPOP3D, user kiss of death logout
6637| [418] pop3d mktemp creates insecure temporary files
6638|
6639| Exploit-DB - https://www.exploit-db.com:
6640| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
6641| [23053] Vpop3d Remote Denial of Service Vulnerability
6642| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
6643| [11893] tPop3d 1.5.3 DoS
6644| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
6645| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
6646| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
6647| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
6648|
6649| OpenVAS (Nessus) - http://www.openvas.org:
6650| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
6651| [901025] Dovecot Version Detection
6652| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
6653| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
6654| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
6655| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
6656| [870607] RedHat Update for dovecot RHSA-2011:0600-01
6657| [870471] RedHat Update for dovecot RHSA-2011:1187-01
6658| [870153] RedHat Update for dovecot RHSA-2008:0297-02
6659| [863272] Fedora Update for dovecot FEDORA-2011-7612
6660| [863115] Fedora Update for dovecot FEDORA-2011-7258
6661| [861525] Fedora Update for dovecot FEDORA-2007-664
6662| [861394] Fedora Update for dovecot FEDORA-2007-493
6663| [861333] Fedora Update for dovecot FEDORA-2007-1485
6664| [860845] Fedora Update for dovecot FEDORA-2008-9202
6665| [860663] Fedora Update for dovecot FEDORA-2008-2475
6666| [860169] Fedora Update for dovecot FEDORA-2008-2464
6667| [860089] Fedora Update for dovecot FEDORA-2008-9232
6668| [840950] Ubuntu Update for dovecot USN-1295-1
6669| [840668] Ubuntu Update for dovecot USN-1143-1
6670| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
6671| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
6672| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
6673| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
6674| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
6675| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
6676| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
6677| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
6678| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
6679| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
6680| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
6681| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
6682| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
6683| [70259] FreeBSD Ports: dovecot
6684| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
6685| [66522] FreeBSD Ports: dovecot
6686| [65010] Ubuntu USN-838-1 (dovecot)
6687| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
6688| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
6689| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
6690| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
6691| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
6692| [62854] FreeBSD Ports: dovecot-managesieve
6693| [61916] FreeBSD Ports: dovecot
6694| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
6695| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
6696| [60528] FreeBSD Ports: dovecot
6697| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
6698| [60089] FreeBSD Ports: dovecot
6699| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
6700| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
6701|
6702| SecurityTracker - https://www.securitytracker.com:
6703| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
6704| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
6705| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
6706|
6707| OSVDB - http://www.osvdb.org:
6708| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
6709| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
6710| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
6711| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
6712| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
6713| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
6714| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
6715| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
6716| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
6717| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
6718| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
6719| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
6720| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
6721| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
6722| [66113] Dovecot Mail Root Directory Creation Permission Weakness
6723| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
6724| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
6725| [66110] Dovecot Multiple Unspecified Buffer Overflows
6726| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
6727| [64783] Dovecot E-mail Message Header Unspecified DoS
6728| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
6729| [62796] Dovecot mbox Format Email Header Handling DoS
6730| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
6731| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
6732| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
6733| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
6734| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
6735| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
6736| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
6737| [43137] Dovecot mail_extra_groups Symlink File Manipulation
6738| [42979] Dovecot passdbs Argument Injection Authentication Bypass
6739| [39876] Dovecot LDAP Auth Cache Security Bypass
6740| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
6741| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
6742| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
6743| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
6744| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
6745| [23281] Dovecot imap/pop3-login dovecot-auth DoS
6746| [23280] Dovecot Malformed APPEND Command DoS
6747| [14459] mmmail mmpop3d USER Command mmsyslog Function Format String
6748| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
6749| [5857] Linux pop3d Arbitrary Mail File Access
6750| [2471] akpop3d username SQL Injection
6751|_
6752139/tcp closed netbios-ssn
6753143/tcp open imap Dovecot imapd
6754| vulscan: VulDB - https://vuldb.com:
6755| [139289] cPanel up to 68.0.14 dovecot-xaps-plugin Format privilege escalation
6756| [134480] Dovecot up to 2.3.5.2 Submission-Login Crash denial of service
6757| [134479] Dovecot up to 2.3.5.2 IMAP Server Crash denial of service
6758| [134024] Dovecot up to 2.3.5.1 JSON Encoder Username Crash denial of service
6759| [132543] Dovecot up to 2.2.36.0/2.3.4.0 Certificate Impersonation weak authentication
6760| [119762] Dovecot up to 2.2.28 dict Authentication var_expand() denial of service
6761| [114012] Dovecot up to 2.2.33 TLS SNI Restart denial of service
6762| [114009] Dovecot SMTP Delivery Email Message Out-of-Bounds memory corruption
6763| [112447] Dovecot up to 2.2.33/2.3.0 SASL Auth Memory Leak denial of service
6764| [106837] Dovecot up to 2.2.16 ssl-proxy-openssl.c ssl-proxy-opensslc denial of service
6765| [97052] Dovecot up to 2.2.26 auth-policy Unset Crash denial of service
6766| [69835] Dovecot 2.2.0/2.2.1 denial of service
6767| [13348] Dovecot up to 1.2.15/2.1.15 IMAP4/POP3 SSL/TLS Handshake denial of service
6768| [65684] Dovecot up to 2.2.6 unknown vulnerability
6769| [9807] Dovecot up to 1.2.7 on Exim Input Sanitizer privilege escalation
6770| [63692] Dovecot up to 2.0.15 spoofing
6771| [7062] Dovecot 2.1.10 mail-search.c denial of service
6772| [59792] Cyrus IMAPd 2.4.11 weak authentication
6773| [57517] Dovecot up to 2.0.12 Login directory traversal
6774| [57516] Dovecot up to 2.0.12 Access Restriction directory traversal
6775| [57515] Dovecot up to 2.0.12 Crash denial of service
6776| [54944] Dovecot up to 1.2.14 denial of service
6777| [54943] Dovecot up to 1.2.14 Access Restriction Symlink privilege escalation
6778| [54942] Dovecot up to 2.0.4 Access Restriction denial of service
6779| [54941] Dovecot up to 2.0.4 Access Restriction unknown vulnerability
6780| [54840] Dovecot up to 1.2.12 AGate unknown vulnerability
6781| [53277] Dovecot up to 1.2.10 denial of service
6782| [50082] Dovecot up to 1.1.6 Stack-based memory corruption
6783| [45256] Dovecot up to 1.1.5 directory traversal
6784| [44846] Dovecot 1.1.4/1.1.5 IMAP Client Crash denial of service
6785| [44546] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6786| [44545] Dovecot up to 1.0.x Access Restriction unknown vulnerability
6787| [41430] Dovecot 1.0.12/1.1 Locking unknown vulnerability
6788| [40356] Dovecot 1.0.9 Cache unknown vulnerability
6789| [38222] Dovecot 1.0.2 directory traversal
6790| [37927] Ipswitch Ipswitch Collaboration Suite up to 2006.1 IMAP Service imapd32.exe memory corruption
6791| [36376] Dovecot up to 1.0.x directory traversal
6792| [35759] Atrium MERCUR IMAPD IMAP4 mcrimap4.exe memory corruption
6793| [33332] Timo Sirainen Dovecot up to 1.0test53 Off-By-One memory corruption
6794|
6795| MITRE CVE - https://cve.mitre.org:
6796| [CVE-2009-2632] Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
6797| [CVE-2011-4318] Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname.
6798| [CVE-2011-3481] The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
6799| [CVE-2011-3372] imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
6800| [CVE-2011-2167] script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
6801| [CVE-2011-2166] script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
6802| [CVE-2011-1929] lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.
6803| [CVE-2010-4011] Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
6804| [CVE-2010-3780] Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
6805| [CVE-2010-3779] Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.
6806| [CVE-2010-3707] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6807| [CVE-2010-3706] plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.
6808| [CVE-2010-3304] The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
6809| [CVE-2010-0745] Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.
6810| [CVE-2010-0535] Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
6811| [CVE-2010-0433] The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
6812| [CVE-2009-3897] Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.
6813| [CVE-2009-3235] Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.
6814| [CVE-2008-5301] Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
6815| [CVE-2008-4907] The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."
6816| [CVE-2008-4870] dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
6817| [CVE-2008-4578] The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
6818| [CVE-2008-4577] The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
6819| [CVE-2008-1218] Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
6820| [CVE-2008-1199] Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
6821| [CVE-2007-6598] Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
6822| [CVE-2007-5794] Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot with the wrong mailboxes being returned, but other applications might also be affected.
6823| [CVE-2007-5740] The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.
6824| [CVE-2007-5018] Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote authenticated users to execute arbitrary code via a long argument in a SEARCH ON command. NOTE: this issue might overlap with CVE-2004-1211.
6825| [CVE-2007-4211] The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
6826| [CVE-2007-3925] Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.
6827| [CVE-2007-2231] Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
6828| [CVE-2007-2173] Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
6829| [CVE-2007-1579] Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
6830| [CVE-2007-1578] Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
6831| [CVE-2007-0618] Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
6832| [CVE-2006-6762] The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
6833| [CVE-2006-6761] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
6834| [CVE-2006-6425] Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
6835| [CVE-2006-6424] Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow
6836| [CVE-2006-5973] Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
6837| [CVE-2006-2502] Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
6838| [CVE-2006-2414] Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
6839| [CVE-2006-0730] Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.
6840| [CVE-2005-2278] Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
6841| [CVE-2005-1256] Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.
6842| [CVE-2005-1249] The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (CPU consumption) via an LSUB command with a large number of null characters, which causes an infinite loop.
6843| [CVE-2005-1015] Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
6844| [CVE-2005-0546] Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
6845| [CVE-2003-1322] Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command.
6846| [CVE-2002-1782] The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.
6847| [CVE-2002-1604] Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.
6848| [CVE-2002-0997] Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
6849| [CVE-2002-0379] Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
6850| [CVE-2001-0691] Buffer overflows in Washington University imapd 2000a through 2000c could allow local users without shell access to execute code as themselves in certain configurations.
6851| [CVE-2000-0284] Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
6852| [CVE-1999-1557] Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.
6853| [CVE-1999-1445] Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with shadowing enabled, and possibly other operating systems, allows remote attackers to cause a core dump via a short sequence of USER and PASS commands that do not provide valid usernames or passwords.
6854| [CVE-1999-1224] IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
6855|
6856| SecurityFocus - https://www.securityfocus.com/bid/:
6857| [103201] Dovecot CVE-2017-14461 Out-Of-Bounds Read Information Disclosure Vulnerability
6858| [97536] Dovecot CVE-2017-2669 Denial of Service Vulnerability
6859| [94639] Dovecot Auth Component CVE-2016-8652 Denial of Service Vulnerability
6860| [91175] Dovecot CVE-2016-4982 Local Information Disclosure Vulnerability
6861| [84736] Dovecot CVE-2008-4870 Local Security Vulnerability
6862| [84478] imapd CVE-1999-1224 Denial-Of-Service Vulnerability
6863| [74335] Dovecot 'ssl-proxy-openssl.c' Remote Denial of Service Vulnerability
6864| [67306] Dovecot Denial of Service Vulnerability
6865| [65650] Eudora WorldMail imapd 'UID' Command Buffer Overflow Vulnerability
6866| [63367] Dovecot Checkpassword Authentication Protocol Local Authentication Bypass Vulnerability
6867| [61763] RETIRED: Dovecot 'LIST' Command Denial of Service Vulnerability
6868| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
6869| [60052] Dovecot 'APPEND' Parameter Denial of Service Vulnerability
6870| [56759] RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
6871| [51403] Eudora WorldMail imapd 'LIST' Command Buffer Overflow Vulnerability
6872| [50709] Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
6873| [49949] Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
6874| [48003] Dovecot 'script-login' Multiple Security Bypass Vulnerabilities
6875| [47930] Dovecot Header Name NULL Character Denial of Service Vulnerability
6876| [44874] Apple Mac OS X Dovecot (CVE-2010-4011) Memory Corruption Vulnerability
6877| [43690] Dovecot Access Control List (ACL) Multiple Remote Vulnerabilities
6878| [41964] Dovecot Access Control List (ACL) Plugin Security Bypass Weakness
6879| [39258] Dovecot Service Control Access List Security Bypass Vulnerability
6880| [37084] Dovecot Insecure 'base_dir' Permissions Local Privilege Escalation Vulnerability
6881| [36377] Dovecot Sieve Plugin Multiple Unspecified Buffer Overflow Vulnerabilities
6882| [32582] Dovecot ManageSieve Service '.sieve' Files Directory Traversal Vulnerability
6883| [31997] Dovecot Invalid Message Address Parsing Denial of Service Vulnerability
6884| [31587] Dovecot ACL Plugin Multiple Security Bypass Vulnerabilities
6885| [28181] Dovecot 'Tab' Character Password Check Security Bypass Vulnerability
6886| [28092] Dovecot 'mail_extra_groups' Insecure Settings Local Unauthorized Access Vulnerability
6887| [27093] Dovecot Authentication Cache Security Bypass Vulnerability
6888| [26270] Perdition IMAPD __STR_VWRITE Remote Format String Vulnerability
6889| [25733] Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
6890| [25182] Dovecot ACL Plugin Security Bypass Vulnerability
6891| [23552] Dovecot Zlib Plugin Remote Information Disclosure Vulnerability
6892| [23058] Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
6893| [22262] IBM AIX Pop3D/Pop3DS/IMapD/IMapDS Authentication Bypass Vulnerability
6894| [21183] Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability
6895| [18056] Cyrus IMAPD POP3D Remote Buffer Overflow Vulnerability
6896| [17961] Dovecot Remote Information Disclosure Vulnerability
6897| [16672] Dovecot Double Free Denial of Service Vulnerability
6898| [15980] Qualcomm WorldMail IMAPD Buffer Overflow Vulnerability
6899| [15753] Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability
6900| [12636] Cyrus IMAPD Multiple Remote Buffer Overflow Vulnerabilities
6901| [11738] Cyrus IMAPD Multiple Remote Unspecified Vulnerabilities
6902| [11729] Cyrus IMAPD Multiple Remote Vulnerabilities
6903| [6298] Cyrus IMAPD Pre-Login Heap Corruption Vulnerability
6904| [4713] Wu-imapd Partial Mailbox Attribute Remote Buffer Overflow Vulnerability
6905| [2856] Imapd 'Local' Buffer Overflow Vulnerabilities
6906| [1110] Univ. Of Washington imapd Buffer Overflow Vulnerabilities
6907| [502] NT IMail Imapd Buffer Overflow DoS Vulnerability
6908| [130] imapd Buffer Overflow Vulnerability
6909|
6910| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6911| [86382] Dovecot POP3 Service denial of service
6912| [84396] Dovecot IMAP APPEND denial of service
6913| [80453] Dovecot mail-search.c denial of service
6914| [71354] Dovecot SSL Common Name (CN) weak security
6915| [70325] Cyrus IMAPd NNTP security bypass
6916| [67675] Dovecot script-login security bypass
6917| [67674] Dovecot script-login directory traversal
6918| [67589] Dovecot header name denial of service
6919| [63267] Apple Mac OS X Dovecot information disclosure
6920| [62340] Dovecot mailbox security bypass
6921| [62339] Dovecot IMAP or POP3 denial of service
6922| [62256] Dovecot mailbox security bypass
6923| [62255] Dovecot ACL entry security bypass
6924| [60639] Dovecot ACL plugin weak security
6925| [57267] Apple Mac OS X Dovecot Kerberos security bypass
6926| [56763] Dovecot header denial of service
6927| [54363] Dovecot base_dir privilege escalation
6928| [53248] CMU Sieve plugin for Dovecot unspecified buffer overflow
6929| [47526] UW-imapd rfc822_output_char() denial of service
6930| [46323] Dovecot dovecot.conf information disclosure
6931| [46227] Dovecot message parsing denial of service
6932| [45669] Dovecot ACL mailbox security bypass
6933| [45667] Dovecot ACL plugin rights security bypass
6934| [41085] Dovecot TAB characters authentication bypass
6935| [41009] Dovecot mail_extra_groups option unauthorized access
6936| [39342] Dovecot LDAP auth cache configuration security bypass
6937| [35767] Dovecot ACL plugin security bypass
6938| [34082] Dovecot mbox-storage.c directory traversal
6939| [30433] Dovecot IMAP/POP3 server dovecot.index.cache buffer overflow
6940| [26536] Dovecot IMAP LIST information disclosure
6941| [24710] Dovecot dovecot-auth and imap/pop3-login denial of service
6942| [24709] Dovecot APPEND command denial of service
6943| [22629] RHSA-2005:408 updates for cyrus-imapd not installed
6944| [19460] Cyrus IMAP imapd buffer overflow
6945| [19455] Cyrus IMAP imapd extension off-by-one buffer overflow
6946| [18492] Novell NetMail IMAPD 101_mEna buffer overflow
6947| [10803] UW IMAP (wu-imapd) authenticated user buffer overflow
6948| [9238] UW IMAP (wu-imapd) could allow a remote attacker to access arbitrary files
6949| [9055] UW IMAP (wu-imapd) partial mailbox attributes to request buffer overflow
6950| [7345] Slackware Linux imapd and ipop3d core dump
6951| [573] Imapd denial of service
6952|
6953| Exploit-DB - https://www.exploit-db.com:
6954| [30724] Perdition 1.17 IMAPD __STR_VWRITE Remote Format String Vulnerability
6955| [25297] Dovecot with Exim sender_address Parameter - Remote Command Execution
6956| [22061] Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 Pre-Login Heap Corruption Vulnerability
6957| [21443] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (2)
6958| [21442] Wu-imapd 2000/2001 Partial Mailbox Attribute Remote Buffer Overflow Vulnerability (1)
6959| [19849] UoW imapd 10.234/12.264 COPY Buffer Overflow (meta)
6960| [19848] UoW imapd 10.234/12.264 LSUB Buffer Overflow (meta)
6961| [19847] UoW imapd 10.234/12.264 Buffer Overflow Vulnerabilities
6962| [19377] Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability
6963| [19107] Netscape Messaging Server 3.55,University of Washington imapd 10.234 Buffer Overflow Vulnerability
6964| [18354] WorldMail imapd 3.0 SEH overflow (egg hunter)
6965| [16836] Cyrus IMAPD pop3d popsubfolders USER Buffer Overflow
6966| [16485] MailEnable IMAPD 1.54 - STATUS Request Buffer Overflow
6967| [16482] MDaemon 9.6.4 IMAPD FETCH Buffer Overflow
6968| [16480] MailEnable IMAPD W3C Logging Buffer Overflow
6969| [16477] Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
6970| [16475] MailEnable IMAPD (2.35) Login Request Buffer Overflow
6971| [16474] Qualcomm WorldMail 3.0 IMAPD LIST Buffer Overflow
6972| [5257] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit
6973| [4429] Mercury/32 4.52 IMAPD SEARCH command Post-Auth Overflow Exploit
6974| [3627] IPSwitch IMail Server <= 8.20 IMAPD Remote Buffer Overflow Exploit
6975| [3527] Mercur IMAPD 5.00.14 Remote Denial of Service Exploit (win32)
6976| [2185] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (3)
6977| [2053] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)
6978| [1813] Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit
6979| [1380] Eudora Qualcomm WorldMail 3.0 (IMAPd) Remote Overflow Exploit
6980| [1332] MailEnable 1.54 Pro Universal IMAPD W3C Logging BoF Exploit
6981| [1327] FTGate4 Groupware Mail Server 4.1 (imapd) Remote Buffer Overflow PoC
6982| [1151] MDaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow Exploit
6983| [1124] IPSwitch IMail Server <= 8.15 IMAPD Remote Root Exploit
6984| [915] MailEnable Enterprise 1.x Imapd Remote Exploit
6985| [903] Cyrus imapd 2.2.4 - 2.2.8 (imapmagicplus) Remote Exploit
6986| [340] Linux imapd Remote Overflow File Retrieve Exploit
6987|
6988| OpenVAS (Nessus) - http://www.openvas.org:
6989| [901026] Dovecot Sieve Plugin Multiple Buffer Overflow Vulnerabilities
6990| [901025] Dovecot Version Detection
6991| [881425] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 x86_64
6992| [881403] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 x86_64
6993| [881402] CentOS Update for dovecot CESA-2011:1187 centos5 x86_64
6994| [881397] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 x86_64
6995| [881370] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 x86_64
6996| [881358] CentOS Update for dovecot CESA-2011:1187 centos4 x86_64
6997| [881318] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 x86_64
6998| [881255] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 x86_64
6999| [881050] CentOS Update for cyrus-imapd CESA-2011:1508 centos5 i386
7000| [881049] CentOS Update for cyrus-imapd CESA-2011:1508 centos4 i386
7001| [881007] CentOS Update for cyrus-imapd CESA-2011:1317 centos5 i386
7002| [880980] CentOS Update for dovecot CESA-2011:1187 centos5 i386
7003| [880978] CentOS Update for cyrus-imapd CESA-2011:1317 centos4 i386
7004| [880967] CentOS Update for dovecot CESA-2011:1187 centos4 i386
7005| [880958] CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386
7006| [880905] CentOS Update for cyrus-imapd CESA-2009:1459 centos4 i386
7007| [880864] CentOS Update for cyrus-imapd CESA-2009:1459 centos5 i386
7008| [880826] CentOS Update for cyrus-imapd CESA-2009:1116 centos5 i386
7009| [880536] CentOS Update for cyrus-imapd CESA-2011:0859 centos5 i386
7010| [870607] RedHat Update for dovecot RHSA-2011:0600-01
7011| [870520] RedHat Update for cyrus-imapd RHSA-2011:1508-01
7012| [870489] RedHat Update for cyrus-imapd RHSA-2011:1317-01
7013| [870471] RedHat Update for dovecot RHSA-2011:1187-01
7014| [870443] RedHat Update for cyrus-imapd RHSA-2011:0859-01
7015| [870153] RedHat Update for dovecot RHSA-2008:0297-02
7016| [864075] Fedora Update for cyrus-imapd FEDORA-2011-13832
7017| [863585] Fedora Update for cyrus-imapd FEDORA-2011-13869
7018| [863579] Fedora Update for cyrus-imapd FEDORA-2011-13860
7019| [863281] Fedora Update for cyrus-imapd FEDORA-2011-7193
7020| [863273] Fedora Update for cyrus-imapd FEDORA-2011-7217
7021| [863272] Fedora Update for dovecot FEDORA-2011-7612
7022| [863115] Fedora Update for dovecot FEDORA-2011-7258
7023| [861525] Fedora Update for dovecot FEDORA-2007-664
7024| [861394] Fedora Update for dovecot FEDORA-2007-493
7025| [861333] Fedora Update for dovecot FEDORA-2007-1485
7026| [860845] Fedora Update for dovecot FEDORA-2008-9202
7027| [860663] Fedora Update for dovecot FEDORA-2008-2475
7028| [860169] Fedora Update for dovecot FEDORA-2008-2464
7029| [860089] Fedora Update for dovecot FEDORA-2008-9232
7030| [840950] Ubuntu Update for dovecot USN-1295-1
7031| [840668] Ubuntu Update for dovecot USN-1143-1
7032| [840583] Ubuntu Update for dovecot vulnerabilities USN-1059-1
7033| [840335] Ubuntu Update for dovecot vulnerabilities USN-593-1
7034| [840290] Ubuntu Update for dovecot vulnerability USN-567-1
7035| [840234] Ubuntu Update for dovecot vulnerability USN-666-1
7036| [840072] Ubuntu Update for dovecot vulnerability USN-487-1
7037| [831590] Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
7038| [831468] Mandriva Update for cyrus-imapd MDVSA-2011:149 (cyrus-imapd)
7039| [831410] Mandriva Update for cyrus-imapd MDVSA-2011:100 (cyrus-imapd)
7040| [831405] Mandriva Update for dovecot MDVSA-2011:101 (dovecot)
7041| [831230] Mandriva Update for dovecot MDVSA-2010:217 (dovecot)
7042| [831207] Mandriva Update for cyrus-imapd MDVA-2010:208 (cyrus-imapd)
7043| [831197] Mandriva Update for dovecot MDVSA-2010:196 (dovecot)
7044| [831054] Mandriva Update for dovecot MDVSA-2010:104 (dovecot)
7045| [830496] Mandriva Update for dovecot MDVSA-2008:232 (dovecot)
7046| [801055] Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability
7047| [800149] UW-imapd tmail and dmail BOF Vulnerabilities (Linux)
7048| [800030] Dovecot ACL Plugin Security Bypass Vulnerabilities
7049| [70767] Gentoo Security Advisory GLSA 201110-04 (Dovecot)
7050| [70696] Debian Security Advisory DSA 2377-1 (cyrus-imapd-2.2)
7051| [70407] Debian Security Advisory DSA 2318-1 (cyrus-imapd-2.2)
7052| [70259] FreeBSD Ports: dovecot
7053| [69965] Debian Security Advisory DSA 2258-1 (kolab-cyrus-imapd)
7054| [69959] Debian Security Advisory DSA 2252-1 (dovecot)
7055| [69740] Debian Security Advisory DSA 2242-1 (cyrus-imapd-2.2)
7056| [66522] FreeBSD Ports: dovecot
7057| [66416] Mandriva Security Advisory MDVSA-2009:229-1 (cyrus-imapd)
7058| [66233] SLES10: Security update for Cyrus IMAPD
7059| [66226] SLES11: Security update for Cyrus IMAPD
7060| [66222] SLES9: Security update for Cyrus IMAPD
7061| [65938] SLES10: Security update for Cyrus IMAPD
7062| [65723] SLES11: Security update for Cyrus IMAPD
7063| [65523] SLES9: Security update for Cyrus IMAPD
7064| [65479] SLES9: Security update for cyrus-imapd
7065| [65094] SLES9: Security update for cyrus-imapd
7066| [65010] Ubuntu USN-838-1 (dovecot)
7067| [64989] CentOS Security Advisory CESA-2009:1459 (cyrus-imapd)
7068| [64978] Debian Security Advisory DSA 1892-1 (dovecot)
7069| [64977] Debian Security Advisory DSA 1893-1 (cyrus-imapd-2.2 kolab-cyrus-imapd)
7070| [64965] Fedora Core 11 FEDORA-2009-9901 (cyrus-imapd)
7071| [64963] Fedora Core 10 FEDORA-2009-9869 (cyrus-imapd)
7072| [64953] Mandrake Security Advisory MDVSA-2009:242-1 (dovecot)
7073| [64952] Mandrake Security Advisory MDVSA-2009:242 (dovecot)
7074| [64898] FreeBSD Ports: cyrus-imapd
7075| [64864] Debian Security Advisory DSA 1881-1 (cyrus-imapd-2.2)
7076| [64861] Fedora Core 10 FEDORA-2009-9559 (dovecot)
7077| [64847] Fedora Core 10 FEDORA-2009-9428 (cyrus-imapd)
7078| [64846] Fedora Core 11 FEDORA-2009-9417 (cyrus-imapd)
7079| [64838] Mandrake Security Advisory MDVSA-2009:229 (cyrus-imapd)
7080| [64271] CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
7081| [62965] Gentoo Security Advisory GLSA 200812-16 (dovecot)
7082| [62854] FreeBSD Ports: dovecot-managesieve
7083| [61916] FreeBSD Ports: dovecot
7084| [60588] Gentoo Security Advisory GLSA 200803-25 (dovecot)
7085| [60568] Debian Security Advisory DSA 1516-1 (dovecot)
7086| [60528] FreeBSD Ports: dovecot
7087| [60134] Debian Security Advisory DSA 1457-1 (dovecot)
7088| [60089] FreeBSD Ports: dovecot
7089| [58578] Debian Security Advisory DSA 1359-1 (dovecot)
7090| [56834] Debian Security Advisory DSA 1080-1 (dovecot)
7091| [55807] Slackware Advisory SSA:2005-310-06 imapd
7092| [54861] Gentoo Security Advisory GLSA 200502-29 (cyrus-imapd)
7093| [54755] Gentoo Security Advisory GLSA 200411-34 (cyrus-imapd)
7094| [53739] Debian Security Advisory DSA 215-1 (cyrus-imapd)
7095| [53288] Debian Security Advisory DSA 597-1 (cyrus-imapd)
7096| [52297] FreeBSD Ports: cyrus-imapd
7097| [52296] FreeBSD Ports: cyrus-imapd
7098| [52295] FreeBSD Ports: cyrus-imapd
7099| [52294] FreeBSD Ports: cyrus-imapd
7100| [52172] FreeBSD Ports: cyrus-imapd
7101|
7102| SecurityTracker - https://www.securitytracker.com:
7103| [1028585] Dovecot APPEND Parameter Processing Flaw Lets Remote Authenticated Users Deny Service
7104| [1024740] Mac OS X Server Dovecot Memory Aliasing Bug May Cause Mail to Be Delivered to the Wrong User
7105| [1017288] Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code
7106| [1013278] Cyrus IMAPd Buffer Overflows in Annotate Extension, Cached Header, and Fetchnews May Let Remote Users Execute Arbitrary Code
7107|
7108| OSVDB - http://www.osvdb.org:
7109| [96172] Dovecot POP3 Service Terminated LIST Command Remote DoS
7110| [93525] Dovecot IMAP APPEND Command Malformed Parameter Parsing Remote DoS
7111| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
7112| [88058] Dovecot lib-storage/mail-search.c Multiple Keyword Search Handling Remote DoS
7113| [78304] Eudora WorldMail imapd SEH LIST Command Parsing Remote Overflow
7114| [77185] Dovecot SSL Certificate Common Name Field MitM Spoofing Weakness
7115| [75445] Cyrus IMAP Server imapd index.c index_get_ids Function References Header NULL Dereference Remote DoS
7116| [74515] Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access
7117| [74514] Dovecot script-login User / Group Configuration Settings Remote Access Restriction Bypass
7118| [72495] Dovecot lib-mail/message-header-parser.c Mail Header Name NULL Character Handling Remote DoS
7119| [69260] Apple Mac OS X Server Dovecot Memory Aliasing Mail Delivery Issue
7120| [68516] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition User Private Namespace Mailbox Access Restriction Remote Bypass
7121| [68515] Dovecot plugins/acl/acl-backend-vfile.c ACL Permission Addition Specific Entry Order Mailbox Access Restriction Remote Bypass
7122| [68513] Dovecot Non-public Namespace Mailbox ACL Manipulation Access Restriction Remote Bypass
7123| [68512] Dovecot IMAP / POP3 Session Disconnect Master Process Outage Remote DoS
7124| [66625] Dovecot ACL Plugin INBOX ACL Copying Weakness Restriction Bypass
7125| [66113] Dovecot Mail Root Directory Creation Permission Weakness
7126| [66112] Dovecot Installation base_dir Parent Directory Permission Weakness
7127| [66111] Dovecot SEARCH Functionality str_find_init() Function Overflow
7128| [66110] Dovecot Multiple Unspecified Buffer Overflows
7129| [66108] Dovecot Malformed Message Body Processing Unspecified Functions Remote DoS
7130| [64783] Dovecot E-mail Message Header Unspecified DoS
7131| [63372] Apple Mac OS X Dovecot Kerberos Authentication SACL Restriction Bypass
7132| [62796] Dovecot mbox Format Email Header Handling DoS
7133| [60316] Dovecot base_dir Directory Permission Weakness Local Privilege Escalation
7134| [58103] Dovecot CMU Sieve Plugin Script Handling Multiple Overflows
7135| [57843] Cyrus IMAP Server (cyrus-imapd) SIEVE Script Component (sieve/script.c) Crafted Script Handling Overflow
7136| [57681] UoW imap Server (uw-imapd) Arbitrary Remote File Access
7137| [52906] UW-imapd c-client Initial Request Remote Format String
7138| [52905] UW-imapd c-client Library RFC822BUFFER Routines rfc822_output_char Function Off-by-one
7139| [52456] UW-imapd on Debian Linux LOGIN Command Remote DoS
7140| [50253] Dovecot dovecot.conf Permission Weakness Local ssl_key_password Parameter Disclosure
7141| [49918] Dovecot ManageSieve Script Name Handling Traversal Arbitrary File Manipulation
7142| [49485] UW-imapd dmail Utility Mailbox Name Handling Overflow
7143| [49484] UW-imapd tmail Utility Mailbox Name Handling Overflow
7144| [49429] Dovecot Message Parsing Feature Crafted Email Header Handling Remote DoS
7145| [49099] Dovecot ACL Plugin k Right Mailbox Creation Restriction Bypass
7146| [49098] Dovecot ACL Plugin Negative Access Rights Bypass
7147| [43137] Dovecot mail_extra_groups Symlink File Manipulation
7148| [42979] Dovecot passdbs Argument Injection Authentication Bypass
7149| [42004] Perdition Mail Retrieval Proxy IMAPD IMAP Tag Remote Format String Arbitrary Code Execution
7150| [39876] Dovecot LDAP Auth Cache Security Bypass
7151| [39670] Mercury Mail Transport System IMAPD SEARCH Command Remote Overflow
7152| [39386] Dovecot ACL Plugin Insert Right APPEND / COPY Command Unauthorized Flag Manipulation
7153| [35489] Dovecot index/mbox/mbox-storage.c Traversal Arbitrary Gzip File Access
7154| [31362] Novell NetMail IMAP Daemon (IMAPD) APPEND Command Remote Overflow
7155| [31361] Novell NetMail IMAP Daemon (IMAPD) APPEND Command DoS
7156| [31360] Novell NetMail IMAP Daemon (IMAPD) SUBSCRIBE Command Remote Overflow
7157| [30524] Dovecot IMAP/POP3 Server dovecot.index.cache Handling Overflow
7158| [25853] Cyrus IMAPD pop3d USER Command Remote Overflow
7159| [25727] Dovecot Multiple Command Traversal Arbitrary Directory Listing
7160| [23281] Dovecot imap/pop3-login dovecot-auth DoS
7161| [23280] Dovecot Malformed APPEND Command DoS
7162| [18179] HP Tru64 UNIX imapd NLSPATH Environment Variable Local Overflow
7163| [13242] UW-imapd CRAM-MD5 Authentication Bypass
7164| [12385] Novell NetMail IMAPD 101_mEna Script Remote Overflow
7165| [12042] UoW imapd Multiple Unspecified Overflows
7166| [12037] UoW imapd (UW-IMAP) Multiple Command Remote Overflows
7167| [12033] Slackware Linux imapd/ipop3d Malformed USER/PASS Sequence DoS
7168| [911] UoW imapd AUTHENTICATE Command Remote Overflow
7169| [790] UoW imap Server (uw-imapd) BODY Request Remote Overflow
7170| [519] UoW imapd SIGABRT Signal Forced Crash Information Disclosure
7171|_
7172443/tcp open ssl/http Apache httpd
7173| vulscan: VulDB - https://vuldb.com:
7174| [141649] Apache OFBiz up to 16.11.05 Form Widget Freemarker Markup Code Execution
7175| [141648] Apache OFBiz up to 16.11.05 Application Stored cross site scripting
7176| [140386] Apache Commons Beanutils 1.9.2 BeanIntrospector unknown vulnerability
7177| [139708] Apache Ranger up to 1.2.0 Policy Import cross site scripting
7178| [139540] cPanel up to 60.0.24 Apache HTTP Server Key information disclosure
7179| [139386] Apache Tike up to 1.21 RecursiveParserWrapper Stack-based memory corruption
7180| [139385] Apache Tika 1.19/1.20/1.21 SAXParsers Hang denial of service
7181| [139384] Apache Tika up to 1.21 RecursiveParserWrapper ZIP File denial of service
7182| [139261] Apache Solr 8.2.0 DataImportHandler Parameter unknown vulnerability
7183| [139259] cPanel up to 68.0.26 WHM Apache Includes Editor information disclosure
7184| [139256] cPanel up to 68.0.26 WHM Apache Configuration Include Editor cross site scripting
7185| [139239] cPanel up to 70.0.22 Apache HTTP Server Log information disclosure
7186| [139141] Apache ActiveMQ Client up to 5.15.4 ActiveMQConnection.java ActiveMQConnection denial of service
7187| [139130] cPanel up to 73.x Apache HTTP Server Injection privilege escalation
7188| [138914] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 VM sql injection
7189| [138913] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Block Argument privilege escalation
7190| [138912] Venustech Apache VCL 2.1/2.2/2.3/2.4/2.5 Cookie sql injection
7191| [138816] Apache Storm up to 1.2.2 Logviewer Daemon Log information disclosure
7192| [138815] Apache Storm up to 1.2.2 UI Daemon Deserialization privilege escalation
7193| [138164] Oracle 2.7.0.1 Apache Log4j unknown vulnerability
7194| [138155] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Tomcat unknown vulnerability
7195| [138151] Oracle Transportation Management 6.3.7 Apache Tomcat unknown vulnerability
7196| [138149] Oracle Agile Engineering Data Management 6.2.0/6.2.1 Apache Commons FileUpload unknown vulnerability
7197| [138131] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Tomcat unknown vulnerability
7198| [138129] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7199| [138123] Oracle Retail Order Management System 5.0 Apache Struts 1 unknown vulnerability
7200| [138122] Oracle Retail Order Broker 5.2/15.0 Apache Tomcat unknown vulnerability
7201| [138121] Oracle Retail Order Broker 5.2/15.0 Apache CXF unknown vulnerability
7202| [138112] Oracle Retail Integration Bus 15.0/16.0 Apache Commons FileUpload unknown vulnerability
7203| [138111] Oracle MICROS Retail XBRi Loss Prevention 10.8.0/10.8.1/10.8.2/10.8.3 Apache Commons FileUpload unknown vulnerability
7204| [138103] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56/8.57 Apache WSS4J information disclosure
7205| [138053] Oracle JD Edwards EnterpriseOne Tools 9.2 Apache Log4j unknown vulnerability
7206| [138036] Oracle Insurance Rules Palette 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7207| [138035] Oracle Insurance Policy Administration J2EE 10.0/10.1/10.2/11.0 Apache Commons FileUpload unknown vulnerability
7208| [138034] Oracle Insurance Calculation Engine 9.7/10.0/10.1/10.2 Apache Commons FileUpload unknown vulnerability
7209| [138028] Oracle Identity Manager 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7210| [138020] Oracle BI Publisher 11.1.1.9.0 Apache Tomcat unknown vulnerability
7211| [138019] Oracle BI Publisher (formerly XML Publisher) 11.1.1.9.0 Apache Tomcat unknown vulnerability
7212| [138017] Oracle Outside In Technology 8.5.4 Apache Commons FileUpload unknown vulnerability
7213| [138013] Oracle Outside In Technology 8.5.4 Apache Tomcat unknown vulnerability
7214| [138012] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7215| [138009] Oracle Outside In Technology 8.5.4 Apache HTTP Server unknown vulnerability
7216| [138008] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Struts 1 denial of service
7217| [138007] Oracle WebCenter Sites 12.2.1.3.0 Apache Tomcat denial of service
7218| [138006] Oracle Enterprise Repository 12.1.3.0.0 Apache CXF denial of service
7219| [138000] Oracle WebCenter Sites 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7220| [137999] Oracle WebLogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7221| [137995] Oracle Hospitality Simphony 18.2.1 Apache WSS4J information disclosure
7222| [137987] Oracle FLEXCUBE Universal Banking up to 12.0.3/12.4.0/14.2.0 Apache Log4j unknown vulnerability
7223| [137981] Oracle Insurance IFRS 17 Analyzer 8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7224| [137980] Oracle Insurance Data Foundation 8.0.4/8.0.5/8.0.6/8.0.7 Apache Commons FileUpload unknown vulnerability
7225| [137979] Oracle 8.0.8 Apache Commons FileUpload unknown vulnerability
7226| [137973] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Batik unknown vulnerability
7227| [137970] Oracle Financial Services Profitability Management 8.0.4/8.0.5/8.0.6/8.0.7 Apache ActiveMQ unknown vulnerability
7228| [137967] Oracle up to 8.0.7 Apache httpd unknown vulnerability
7229| [137966] Oracle 8.0.7/8.0.8 Apache Groovy unknown vulnerability
7230| [137965] Oracle Financial Services Liquidity Risk Management 8.0.1/8.0.2/8.0.4/8.0.5/8.0.6 Apache Commons FileUpload unknown vulnerability
7231| [137964] Oracle 8.0.4/8.0.5/8.0.6/8.0.7 Apache Log4j unknown vulnerability
7232| [137933] Oracle Banking Platform up to 2.7.1 Apache Tika unknown vulnerability
7233| [137926] Oracle Enterprise Manager for Fusion Middleware 13.2/13.3 Apache Commons FileUpload information disclosure
7234| [137924] Oracle Enterprise Manager Base Platform 12.1.0.5.0/13.2.0.0.0/13.3.0.0.0 Apache Commons FileUpload unknown vulnerability
7235| [137914] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7236| [137913] Oracle E-Business Suite up to 12.2.8 Apache ActiveMQ unknown vulnerability
7237| [137911] Oracle E-Business Suite up to 12.2.8 Apache HTTP Server unknown vulnerability
7238| [137910] Oracle E-Business Suite up to 12.2.8 Apache CXF information disclosure
7239| [137909] Oracle E-Business Suite up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7240| [137905] Oracle Primavera Gateway 15.2/16.2/17.12/18.8 Apache Tika denial of service
7241| [137901] Oracle Primavera Unifier up to 18.8 Apache HTTP Server unknown vulnerability
7242| [137895] Oracle Instant Messaging Server 10.0.1.2.0 Apache Tika information disclosure
7243| [137894] Oracle EAGLE (Software) 46.5/46.6/46.7 Apache Tomcat information disclosure
7244| [137892] Oracle Online Mediation Controller 6.1 Apache Batik denial of service
7245| [137891] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Tomcat unknown vulnerability
7246| [137885] Oracle Diameter Signaling Router (DSR) 8.0/8.1/8.2 Apache cxf unknown vulnerability
7247| [137882] Oracle Unified 8.0.0.2.0 Apache Commons FileUpload unknown vulnerability
7248| [137881] Oracle Online Mediation Controller 6.1 Apache Commons FileUpload unknown vulnerability
7249| [137880] Oracle Interactive Session Recorder 6.0/6.1/6.2 Apache Log4j unknown vulnerability
7250| [137879] Oracle Convergence 3.0.2 Apache Commons FileUpload unknown vulnerability
7251| [137876] Oracle Application Session Controller 3.7.1/3.8.0 Apache Commons FileUpload unknown vulnerability
7252| [137829] Apache Roller 5.2.3 Math Comment Authenticator Reflected cross site scripting
7253| [137736] Apache Kafka 0.11.0.0/2.1.0 ACL Validation Request privilege escalation
7254| [136858] MakerBot Replicator 5G Printer Apache HTTP Server information disclosure
7255| [136849] Analogic Poste.io 2.1.6 on Apache RoundCube logs/ information disclosure
7256| [136822] Apache Tomcat up to 8.5.40/9.0.19 Incomplete Fix CVE-2019-0199 Resource Exhaustion denial of service
7257| [136808] Apache Geode up to 1.8.0 Secure Mode privilege escalation
7258| [136646] Apache Allura up to 1.10.x Dropdown Selector Stored cross site scripting
7259| [136374] Apache HTTP Server up to 2.4.38 Slash Regular Expression unknown vulnerability
7260| [136373] Apache HTTP Server 2.4.34/2.4.35/2.4.36/2.4.37/2.4.38 HTTP2 Request Crash denial of service
7261| [136372] Apache HTTP Server up to 2.4.38 HTTP2 Request unknown vulnerability
7262| [136370] Apache Fineract up to 1.2.x sql injection
7263| [136369] Apache Fineract up to 1.2.x sql injection
7264| [135731] Apache Hadoop up to 2.8.4/2.9.1/3.1.0 yarn privilege escalation
7265| [135664] Apache Tomcat up to 7.0.93/8.5.39/9.0.0.17 SSI printenv Command cross site scripting
7266| [135663] Apache Camel up to 2.23.x JSON-lib Library XML Data XML External Entity
7267| [135661] Apache Roller up to 5.2.1/5.2.0 XML-RPC Interface XML File Server-Side Request Forgery
7268| [135402] Apache Zookeeper up to 3.4.13/3.5.0-alpha to 3.5.4-beta getACL() information disclosure
7269| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7270| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7271| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7272| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7273| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7274| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7275| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7276| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7277| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7278| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7279| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7280| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7281| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7282| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7283| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7284| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7285| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7286| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7287| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7288| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7289| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7290| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7291| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7292| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7293| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7294| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7295| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7296| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7297| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7298| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7299| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7300| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7301| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7302| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7303| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7304| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7305| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7306| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7307| [130629] Apache Guacamole Cookie Flag weak encryption
7308| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7309| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7310| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7311| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7312| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7313| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7314| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7315| [130123] Apache Airflow up to 1.8.2 information disclosure
7316| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7317| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7318| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7319| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7320| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7321| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7322| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7323| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7324| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7325| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7326| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7327| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7328| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7329| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7330| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7331| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7332| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7333| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7334| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7335| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7336| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7337| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7338| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7339| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7340| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7341| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7342| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7343| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7344| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7345| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7346| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7347| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7348| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7349| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7350| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7351| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7352| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7353| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7354| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7355| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7356| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7357| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7358| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7359| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7360| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7361| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7362| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7363| [127007] Apache Spark Request Code Execution
7364| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7365| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7366| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7367| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7368| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7369| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7370| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7371| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7372| [126346] Apache Tomcat Path privilege escalation
7373| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7374| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7375| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7376| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7377| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7378| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7379| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7380| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7381| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7382| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7383| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7384| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7385| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7386| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7387| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7388| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7389| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7390| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7391| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7392| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7393| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7394| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7395| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7396| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7397| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7398| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7399| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7400| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7401| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7402| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7403| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7404| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7405| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7406| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7407| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7408| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7409| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7410| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7411| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7412| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7413| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7414| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7415| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7416| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7417| [123197] Apache Sentry up to 2.0.0 privilege escalation
7418| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7419| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7420| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7421| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7422| [122800] Apache Spark 1.3.0 REST API weak authentication
7423| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7424| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7425| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7426| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7427| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7428| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7429| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7430| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7431| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7432| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7433| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7434| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7435| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7436| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7437| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7438| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7439| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7440| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7441| [121354] Apache CouchDB HTTP API Code Execution
7442| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7443| [121143] Apache Storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7444| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7445| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7446| [120168] Apache CXF weak authentication
7447| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7448| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7449| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7450| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7451| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7452| [119306] Apache MXNet Network Interface privilege escalation
7453| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7454| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7455| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7456| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7457| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7458| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7459| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7460| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7461| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7462| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7463| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7464| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7465| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7466| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7467| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7468| [117115] Apache Tika up to 1.17 tika-server command injection
7469| [116929] Apache Fineract getReportType Parameter privilege escalation
7470| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7471| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7472| [116926] Apache Fineract REST Parameter privilege escalation
7473| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7474| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7475| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7476| [115883] Apache Hive up to 2.3.2 privilege escalation
7477| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7478| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7479| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7480| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7481| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7482| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7483| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7484| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7485| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7486| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7487| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7488| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7489| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7490| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7491| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7492| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7493| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7494| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7495| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7496| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7497| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7498| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7499| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7500| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7501| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7502| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7503| [113895] Apache Geode up to 1.3.x Code Execution
7504| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7505| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7506| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7507| [113747] Apache Tomcat Servlets privilege escalation
7508| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7509| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7510| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7511| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7512| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7513| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7514| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7515| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7516| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7517| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7518| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7519| [112885] Apache Allura up to 1.8.0 File information disclosure
7520| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7521| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7522| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7523| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7524| [112625] Apache POI up to 3.16 Loop denial of service
7525| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7526| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7527| [112339] Apache NiFi 1.5.0 Header privilege escalation
7528| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7529| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7530| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7531| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7532| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7533| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7534| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7535| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7536| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7537| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7538| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7539| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7540| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7541| [112114] Oracle 9.1 Apache Log4j privilege escalation
7542| [112113] Oracle 9.1 Apache Log4j privilege escalation
7543| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7544| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7545| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7546| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7547| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7548| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7549| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7550| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7551| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7552| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7553| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7554| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7555| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7556| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7557| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7558| [110701] Apache Fineract Query Parameter sql injection
7559| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7560| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7561| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7562| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7563| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7564| [110106] Apache CXF Fediz Spring cross site request forgery
7565| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7566| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7567| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7568| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7569| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7570| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7571| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7572| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7573| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7574| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7575| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7576| [108938] Apple macOS up to 10.13.1 apache denial of service
7577| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7578| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7579| [108935] Apple macOS up to 10.13.1 apache denial of service
7580| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7581| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7582| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7583| [108931] Apple macOS up to 10.13.1 apache denial of service
7584| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7585| [108929] Apple macOS up to 10.13.1 apache denial of service
7586| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7587| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7588| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7589| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7590| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7591| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7592| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7593| [108790] Apache Storm 0.9.0.1 Log Viewer directory traversal
7594| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7595| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7596| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7597| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7598| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7599| [108782] Apache Xerces2 XML Service denial of service
7600| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7601| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7602| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7603| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7604| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7605| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7606| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7607| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7608| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7609| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7610| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7611| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7612| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7613| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7614| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7615| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7616| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7617| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7618| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7619| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7620| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7621| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7622| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7623| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7624| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7625| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7626| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7627| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7628| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7629| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7630| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7631| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7632| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7633| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7634| [107639] Apache NiFi 1.4.0 XML External Entity
7635| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7636| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7637| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7638| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7639| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7640| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7641| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7642| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7643| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7644| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7645| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7646| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7647| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7648| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7649| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7650| [107084] Apache Struts up to 2.3.19 cross site scripting
7651| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7652| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7653| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7654| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7655| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7656| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7657| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7658| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7659| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7660| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7661| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7662| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7663| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7664| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7665| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7666| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7667| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7668| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7669| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7670| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7671| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7672| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7673| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7674| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7675| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7676| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7677| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7678| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7679| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7680| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7681| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7682| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7683| [105643] Apache Pony Mail up to 0.8b weak authentication
7684| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7685| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7686| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7687| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7688| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7689| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7690| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7691| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7692| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7693| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7694| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7695| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7696| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7697| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7698| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7699| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7700| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7701| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7702| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7703| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7704| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7705| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7706| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7707| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7708| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7709| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7710| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7711| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7712| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7713| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7714| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7715| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7716| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7717| [103690] Apache OpenMeetings 1.0.0 sql injection
7718| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7719| [103688] Apache OpenMeetings 1.0.0 weak encryption
7720| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7721| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7722| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7723| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7724| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7725| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7726| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7727| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7728| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7729| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7730| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7731| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7732| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7733| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7734| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7735| [103352] Apache Solr Node weak authentication
7736| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7737| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7738| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7739| [102697] Apache HTTP Server 2.2.24/2.2.32 HTTP Strict Parsing ap_find_token Request Header memory corruption
7740| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7741| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7742| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7743| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7744| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7745| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7746| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7747| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7748| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7749| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7750| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7751| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7752| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7753| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7754| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7755| [101513] Apache jUDDI 3.1./3.1.2/3.1.3/3.1.4 Logout Open Redirect
7756| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7757| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7758| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7759| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7760| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7761| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7762| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7763| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7764| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7765| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7766| [99937] Apache Batik up to 1.8 privilege escalation
7767| [99936] Apache FOP up to 2.1 privilege escalation
7768| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7769| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7770| [99930] Apache Traffic Server up to 6.2.0 denial of service
7771| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7772| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7773| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7774| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7775| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7776| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7777| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7778| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7779| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7780| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7781| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7782| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7783| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7784| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7785| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7786| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7787| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7788| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7789| [98605] Apple macOS up to 10.12.3 Apache denial of service
7790| [98604] Apple macOS up to 10.12.3 Apache denial of service
7791| [98603] Apple macOS up to 10.12.3 Apache denial of service
7792| [98602] Apple macOS up to 10.12.3 Apache denial of service
7793| [98601] Apple macOS up to 10.12.3 Apache denial of service
7794| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7795| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7796| [98199] Apache Camel Validation XML External Entity
7797| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7798| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7799| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7800| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7801| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7802| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7803| [97081] Apache Tomcat HTTPS Request denial of service
7804| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7805| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7806| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7807| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7808| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7809| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7810| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7811| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7812| [95311] Apache Storm UI Daemon privilege escalation
7813| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7814| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7815| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7816| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7817| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7818| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7819| [94540] Apache Tika 1.9 tika-server File information disclosure
7820| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7821| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7822| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7823| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7824| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7825| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7826| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7827| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7828| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7829| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7830| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7831| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7832| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7833| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7834| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7835| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7836| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7837| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7838| [93532] Apache Commons Collections Library Java privilege escalation
7839| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7840| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7841| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7842| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7843| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7844| [93098] Apache Commons FileUpload privilege escalation
7845| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7846| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7847| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7848| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7849| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7850| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7851| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7852| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7853| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7854| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7855| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7856| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7857| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7858| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7859| [92549] Apache Tomcat on Red Hat privilege escalation
7860| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7861| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7862| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7863| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7864| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7865| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7866| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7867| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7868| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7869| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7870| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7871| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7872| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7873| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7874| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7875| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7876| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7877| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7878| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7879| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7880| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7881| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7882| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7883| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
7884| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
7885| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
7886| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
7887| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
7888| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
7889| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
7890| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
7891| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
7892| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
7893| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
7894| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
7895| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
7896| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
7897| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
7898| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
7899| [90263] Apache Archiva Header denial of service
7900| [90262] Apache Archiva Deserialize privilege escalation
7901| [90261] Apache Archiva XML DTD Connection privilege escalation
7902| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
7903| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
7904| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
7905| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
7906| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7907| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
7908| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
7909| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
7910| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
7911| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
7912| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
7913| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
7914| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
7915| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
7916| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
7917| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
7918| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
7919| [87765] Apache James Server 2.3.2 Command privilege escalation
7920| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
7921| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
7922| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
7923| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
7924| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
7925| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
7926| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
7927| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
7928| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
7929| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7930| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7931| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
7932| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
7933| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
7934| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7935| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
7936| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
7937| [87172] Adobe ColdFusion 11 Update 7/2016/up to 10 Update 18 Apache Commons Collections Library privilege escalation
7938| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
7939| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
7940| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
7941| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
7942| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
7943| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
7944| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
7945| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
7946| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
7947| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
7948| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
7949| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
7950| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
7951| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
7952| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
7953| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
7954| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
7955| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
7956| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
7957| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
7958| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
7959| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
7960| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
7961| [82076] Apache Ranger up to 0.5.1 privilege escalation
7962| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
7963| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
7964| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
7965| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
7966| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
7967| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
7968| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
7969| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
7970| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
7971| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
7972| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
7973| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
7974| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7975| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
7976| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
7977| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
7978| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
7979| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
7980| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
7981| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
7982| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
7983| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
7984| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
7985| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
7986| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
7987| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
7988| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
7989| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
7990| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
7991| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
7992| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
7993| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
7994| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
7995| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
7996| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
7997| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
7998| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
7999| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8000| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8001| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8002| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8003| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8004| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8005| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8006| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8007| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8008| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8009| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8010| [78989] Apache Ambari up to 2.1.1 Open Redirect
8011| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8012| [78987] Apache Ambari up to 2.0.x cross site scripting
8013| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8014| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8015| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8016| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8017| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8018| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8019| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8020| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8021| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8022| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8023| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8024| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8025| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8026| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8027| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8028| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8029| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8030| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8031| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8032| [76567] Apache Struts 2.3.20 unknown vulnerability
8033| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8034| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8035| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8036| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8037| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8038| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8039| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8040| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8041| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8042| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8043| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8044| [74793] Apache Tomcat File Upload denial of service
8045| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8046| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8047| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8048| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8049| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8050| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8051| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8052| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8053| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8054| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8055| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8056| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8057| [74468] Apache Batik up to 1.6 denial of service
8058| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8059| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8060| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8061| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8062| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8063| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8064| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8065| [73731] Apache XML Security unknown vulnerability
8066| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8067| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8068| [73593] Apache Traffic Server up to 5.1.0 denial of service
8069| [73511] Apache POI up to 3.10 Deadlock denial of service
8070| [73510] Apache Solr up to 4.3.0 cross site scripting
8071| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8072| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8073| [73173] Apache CloudStack Stack-Based unknown vulnerability
8074| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8075| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8076| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8077| [72890] Apache Qpid 0.30 unknown vulnerability
8078| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8079| [72878] Apache Cordova 3.5.0 cross site request forgery
8080| [72877] Apache Cordova 3.5.0 cross site request forgery
8081| [72876] Apache Cordova 3.5.0 cross site request forgery
8082| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8083| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8084| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8085| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8086| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8087| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8088| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8089| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8090| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8091| [71629] Apache Axis2/C spoofing
8092| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8093| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8094| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8095| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8096| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8097| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8098| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8099| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8100| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8101| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8102| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8103| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8104| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8105| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8106| [70809] Apache POI up to 3.11 Crash denial of service
8107| [70808] Apache POI up to 3.10 unknown vulnerability
8108| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8109| [70749] Apache Axis up to 1.4 getCN spoofing
8110| [70701] Apache Traffic Server up to 3.3.5 denial of service
8111| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8112| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8113| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8114| [70661] Apache Subversion up to 1.6.17 denial of service
8115| [70660] Apache Subversion up to 1.6.17 spoofing
8116| [70659] Apache Subversion up to 1.6.17 spoofing
8117| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8118| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8119| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8120| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8121| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8122| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8123| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8124| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8125| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8126| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8127| [69846] Apache HBase up to 0.94.8 information disclosure
8128| [69783] Apache CouchDB up to 1.2.0 memory corruption
8129| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8130| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid privilege escalation
8131| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8132| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8133| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8134| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8135| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8136| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8137| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8138| [69431] Apache Archiva up to 1.3.6 cross site scripting
8139| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8140| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8141| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init privilege escalation
8142| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8143| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8144| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8145| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8146| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8147| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8148| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8149| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8150| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8151| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8152| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8153| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8154| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8155| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8156| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8157| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8158| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8159| [66356] Apache Wicket up to 6.8.0 information disclosure
8160| [12209] Apache Tomcat 7.0.0/7.0.50/8.0.0-RC1/8.0.1 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8161| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8162| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8163| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8164| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8165| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8166| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8167| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8168| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8169| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8170| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8171| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8172| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8173| [65668] Apache Solr 4.0.0 Updater denial of service
8174| [65665] Apache Solr up to 4.3.0 denial of service
8175| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8176| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8177| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8178| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8179| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8180| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8181| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8182| [65410] Apache Struts 2.3.15.3 cross site scripting
8183| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8184| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8185| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8186| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8187| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8188| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8189| [65340] Apache Shindig 2.5.0 information disclosure
8190| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8191| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8192| [10826] Apache Struts 2 File privilege escalation
8193| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8194| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8195| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8196| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8197| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file race condition
8198| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8199| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8200| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8201| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8202| [64722] Apache XML Security for C++ Heap-based memory corruption
8203| [64719] Apache XML Security for C++ Heap-based memory corruption
8204| [64718] Apache XML Security for C++ verify denial of service
8205| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8206| [64716] Apache XML Security for C++ spoofing
8207| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8208| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8209| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8210| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8211| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8212| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8213| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8214| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8215| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8216| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8217| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8218| [64467] Apache Geronimo 3.0 memory corruption
8219| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8220| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8221| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8222| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8223| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8224| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8225| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8226| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8227| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8228| [8873] Apache Struts 2.3.14 privilege escalation
8229| [8872] Apache Struts 2.3.14 privilege escalation
8230| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8231| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8232| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8233| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8234| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8235| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8236| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8237| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8238| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8239| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8240| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8241| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8242| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8243| [8427] Apache Tomcat Session Transaction weak authentication
8244| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8245| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8246| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8247| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8248| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8249| [63747] Apache Rave up to 0.20 User Account information disclosure
8250| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8251| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8252| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8253| [7687] Apache CXF up to 2.7.2 Token weak authentication
8254| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8255| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8256| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8257| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8258| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8259| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8260| [63090] Apache Tomcat up to 4.1.24 denial of service
8261| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8262| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8263| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8264| [62833] Apache CXF -/2.6.0 spoofing
8265| [62832] Apache Axis2 up to 1.6.2 spoofing
8266| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8267| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8268| [62826] Apache Libcloud up to 0.11.0 spoofing
8269| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8270| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8271| [62661] Apache Axis2 unknown vulnerability
8272| [62658] Apache Axis2 unknown vulnerability
8273| [62467] Apache Qpid up to 0.17 denial of service
8274| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8275| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8276| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8277| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8278| [62035] Apache Struts up to 2.3.4 denial of service
8279| [61916] Apache QPID 0.5/0.6/0.14/0.16 unknown vulnerability
8280| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8281| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8282| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8283| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8284| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8285| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8286| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8287| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8288| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8289| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8290| [61229] Apache Sling up to 2.1.1 denial of service
8291| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8292| [61094] Apache Roller up to 5.0 cross site scripting
8293| [61093] Apache Roller up to 5.0 cross site request forgery
8294| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8295| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8296| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow File memory corruption
8297| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8298| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8299| [60708] Apache Qpid 0.12 unknown vulnerability
8300| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8301| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8302| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8303| [4882] Apache Wicket up to 1.5.4 directory traversal
8304| [4881] Apache Wicket up to 1.4.19 cross site scripting
8305| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8306| [60352] Apache Struts up to 2.2.3 memory corruption
8307| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8308| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8309| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8310| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8311| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8312| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8313| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8314| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8315| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8316| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8317| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8318| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8319| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8320| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8321| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8322| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8323| [59888] Apache Tomcat up to 6.0.6 denial of service
8324| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8325| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8326| [4512] Apache Struts up to 2.2.3 CookieInterceptor privilege escalation
8327| [59850] Apache Geronimo up to 2.2.1 denial of service
8328| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8329| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8330| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8331| [58413] Apache Tomcat up to 6.0.10 spoofing
8332| [58381] Apache Wicket up to 1.4.17 cross site scripting
8333| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8334| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8335| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8336| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8337| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8338| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8339| [57568] Apache Archiva up to 1.3.4 cross site scripting
8340| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8341| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8342| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8343| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8344| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8345| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8346| [57025] Apache Tomcat up to 7.0.11 information disclosure
8347| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8348| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8349| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8350| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8351| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8352| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8353| [56512] Apache Continuum up to 1.4.0 cross site scripting
8354| [4285] Apache Tomcat 5.x JVM getLocale denial of service
8355| [4284] Apache Tomcat 5.x HTML Manager Infinite Loop cross site scripting
8356| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8357| [56441] Apache Tomcat up to 7.0.6 denial of service
8358| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8359| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8360| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8361| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8362| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8363| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8364| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8365| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8366| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8367| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8368| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8369| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8370| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8371| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8372| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8373| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8374| [54012] Apache Tomcat up to 6.0.10 denial of service
8375| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8376| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8377| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8378| [52894] Apache Tomcat up to 6.0.7 information disclosure
8379| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8380| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8381| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8382| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8383| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8384| [52584] Apache CouchDB up to 0.10.1 information disclosure
8385| [51757] Apache HTTP Server 2.0.44 cross site scripting
8386| [51756] Apache HTTP Server 2.0.44 spoofing
8387| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8388| [51690] Apache Tomcat up to 6.0 directory traversal
8389| [51689] Apache Tomcat up to 6.0 information disclosure
8390| [51688] Apache Tomcat up to 6.0 directory traversal
8391| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8392| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8393| [50626] Apache Solr 1.0.0 cross site scripting
8394| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8395| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8396| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8397| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8398| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8399| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8400| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8401| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8402| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8403| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8404| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8405| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8406| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8407| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
8408| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8409| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8410| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8411| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8412| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8413| [47214] Apachefriends xampp 1.6.8 spoofing
8414| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8415| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8416| [47065] Apache Tomcat 4.1.23 cross site scripting
8417| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8418| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8419| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8420| [86625] Apache Struts directory traversal
8421| [44461] Apache Tomcat up to 5.5.0 information disclosure
8422| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8423| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8424| [43663] Apache Tomcat up to 6.0.16 directory traversal
8425| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8426| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8427| [43516] Apache Tomcat up to 4.1.20 directory traversal
8428| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8429| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8430| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8431| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8432| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8433| [40924] Apache Tomcat up to 6.0.15 information disclosure
8434| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8435| [40922] Apache Tomcat up to 6.0 information disclosure
8436| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8437| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8438| [40656] Apache Tomcat 5.5.20 information disclosure
8439| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8440| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8441| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8442| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8443| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8444| [40234] Apache Tomcat up to 6.0.15 directory traversal
8445| [40221] Apache HTTP Server 2.2.6 information disclosure
8446| [40027] David Castro Apache Authcas 0.4 sql injection
8447| [3495] Apache OpenOffice up to 2.3 Database Document Processor unknown vulnerability
8448| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8449| [3414] Apache Tomcat WebDAV Stored privilege escalation
8450| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8451| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8452| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8453| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8454| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8455| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8456| [38524] Apache Geronimo 2.0 unknown vulnerability
8457| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8458| [38331] Apache Tomcat 4.1.24 information disclosure
8459| [38330] Apache Tomcat 4.1.24 information disclosure
8460| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8461| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8462| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8463| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8464| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8465| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8466| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8467| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8468| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8469| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8470| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8471| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8472| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8473| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8474| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8475| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8476| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8477| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8478| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8479| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8480| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8481| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8482| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8483| [34252] Apache HTTP Server denial of service
8484| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8485| [33877] Apache Opentaps 0.9.3 cross site scripting
8486| [33876] Apache Open For Business Project unknown vulnerability
8487| [33875] Apache Open For Business Project cross site scripting
8488| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid memory corruption
8489| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8490|
8491| MITRE CVE - https://cve.mitre.org:
8492| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8493| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8494| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8495| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8496| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8497| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8498| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8499| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8500| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8501| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8502| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8503| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8504| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8505| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8506| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8507| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8508| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8509| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8510| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8511| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8512| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8513| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8514| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8515| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8516| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8517| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8518| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8519| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8520| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8521| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8522| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8523| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8524| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8525| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8526| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8527| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8528| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8529| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8530| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8531| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8532| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8533| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8534| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8535| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8536| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8537| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8538| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8539| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8540| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8541| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8542| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8543| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8544| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8545| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8546| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8547| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8548| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8549| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8550| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8551| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8552| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8553| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8554| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8555| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8556| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8557| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8558| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8559| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8560| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8561| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8562| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8563| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8564| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8565| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8566| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8567| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8568| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8569| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8570| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8571| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8572| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8573| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8574| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8575| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8576| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8577| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8578| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8579| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8580| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8581| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8582| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8583| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8584| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8585| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8586| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8587| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8588| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8589| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8590| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8591| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8592| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8593| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8594| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8595| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8596| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8597| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8598| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8599| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8600| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8601| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8602| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8603| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8604| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8605| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8606| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8607| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8608| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8609| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8610| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8611| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8612| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8613| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8614| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8615| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8616| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8617| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8618| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8619| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8620| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8621| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8622| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8623| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8624| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8625| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8626| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8627| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8628| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8629| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8630| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8631| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8632| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8633| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8634| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8635| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8636| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8637| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8638| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8639| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8640| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8641| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8642| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8643| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8644| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8645| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8646| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8647| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8648| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8649| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8650| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8651| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8652| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8653| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8654| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8655| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8656| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8657| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8658| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8659| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8660| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8661| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8662| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8663| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8664| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8665| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8666| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8667| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8668| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8669| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8670| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8671| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8672| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8673| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8674| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8675| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8676| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8677| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8678| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8679| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8680| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8681| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8682| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8683| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8684| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8685| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8686| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8687| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8688| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8689| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8690| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8691| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8692| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8693| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8694| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8695| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8696| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8697| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8698| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8699| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8700| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8701| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8702| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8703| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8704| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8705| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8706| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8707| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8708| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8709| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8710| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8711| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8712| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8713| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8714| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8715| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8716| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8717| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8718| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8719| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8720| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8721| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8722| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8723| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8724| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8725| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8726| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8727| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8728| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8729| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8730| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8731| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8732| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8733| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8734| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8735| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8736| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8737| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8738| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8739| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8740| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8741| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8742| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8743| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8744| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8745| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8746| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8747| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8748| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8749| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8750| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8751| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8752| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8753| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8754| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8755| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8756| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8757| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8758| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8759| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8760| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8761| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8762| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8763| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8764| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8765| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8766| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8767| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8768| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8769| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8770| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8771| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8772| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8773| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8774| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8775| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8776| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8777| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8778| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8779| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8780| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8781| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8782| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8783| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8784| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8785| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8786| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8787| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8788| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8789| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8790| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8791| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8792| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8793| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8794| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8795| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8796| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8797| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8798| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8799| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8800| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8801| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8802| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8803| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8804| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8805| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8806| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8807| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8808| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8809| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8810| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8811| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8812| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8813| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8814| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8815| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8816| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8817| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8818| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8819| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8820| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8821| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8822| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8823| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8824| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8825| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8826| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8827| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8828| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8829| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8830| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8831| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8832| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8833| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8834| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8835| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8836| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8837| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8838| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8839| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8840| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8841| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8842| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8843| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8844| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8845| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8846| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8847| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8848| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8849| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8850| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8851| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8852| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8853| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8854| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8855| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8856| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8857| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8858| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8859| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8860| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8861| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8862| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8863| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8864| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8865| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8866| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8867| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8868| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8869| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8870| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8871| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8872| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8873| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8874| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8875| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8876| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
8877| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
8878| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8879| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
8880| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
8881| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
8882| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
8883| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
8884| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
8885| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
8886| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
8887| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8888| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
8889| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
8890| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
8891| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
8892| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
8893| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
8894| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
8895| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
8896| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
8897| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
8898| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
8899| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
8900| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
8901| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
8902| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
8903| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
8904| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
8905| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
8906| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
8907| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
8908| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
8909| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8910| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
8911| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
8912| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
8913| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
8914| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
8915| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
8916| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
8917| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
8918| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
8919| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
8920| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
8921| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
8922| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
8923| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
8924| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
8925| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
8926| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
8927| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
8928| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
8929| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
8930| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
8931| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
8932| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
8933| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
8934| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8935| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
8936| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
8937| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
8938| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
8939| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
8940| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
8941| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
8942| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
8943| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
8944| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
8945| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
8946| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
8947| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
8948| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
8949| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
8950| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
8951| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
8952| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8953| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
8954| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
8955| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
8956| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
8957| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
8958| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8959| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
8960| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
8961| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
8962| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
8963| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
8964| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
8965| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
8966| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
8967| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
8968| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
8969| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
8970| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
8971| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
8972| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
8973| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
8974| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
8975| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
8976| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
8977| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
8978| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
8979| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8980| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
8981| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
8982| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
8983| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
8984| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
8985| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
8986| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
8987| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
8988| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
8989| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
8990| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
8991| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
8992| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
8993| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
8994| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
8995| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
8996| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
8997| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
8998| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
8999| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9000| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9001| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9002| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9003| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9004| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9005| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9006| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9007| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9008| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9009| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9010| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9011| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9012| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9013| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9014| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9015| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9016| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9017| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9018| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9019| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9020| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9021| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9022| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9023| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9024| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9025| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9026| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9027| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9028| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9029| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9030| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9031| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9032| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9033| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9034| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9035| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9036| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9037| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9038| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9039| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9040| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9041| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9042| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9043| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9044| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9045| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9046| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9047| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9048| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9049| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9050| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9051| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9052| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9053| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9054| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9055| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9056| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9057| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9058| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9059| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9060| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9061| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9062| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9063| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9064| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9065| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9066| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9067| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9068| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9069| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9070| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9071| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9072| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9073| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9074| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9075| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9076| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9077| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9078| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9079| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9080| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9081| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9082| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9083| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9084| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9085| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9086| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9087| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9088| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9089| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9090| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9091| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9092| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9093| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9094| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9095| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9096| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9097| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9098| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9099| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9100| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9101|
9102| SecurityFocus - https://www.securityfocus.com/bid/:
9103| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9104| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9105| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9106| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9107| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9108| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9109| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9110| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9111| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9112| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9113| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9114| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9115| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9116| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9117| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9118| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9119| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9120| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9121| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9122| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9123| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9124| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9125| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9126| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9127| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9128| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9129| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9130| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9131| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9132| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9133| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9134| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9135| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9136| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9137| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9138| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9139| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9140| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9141| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9142| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9143| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9144| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9145| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9146| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9147| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9148| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9149| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9150| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9151| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9152| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9153| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9154| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9155| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9156| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9157| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9158| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9159| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9160| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9161| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9162| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9163| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9164| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9165| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9166| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9167| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9168| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9169| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9170| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9171| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9172| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9173| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9174| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9175| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9176| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9177| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9178| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9179| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9180| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9181| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9182| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9183| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9184| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9185| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9186| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9187| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9188| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9189| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9190| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9191| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9192| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9193| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9194| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9195| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9196| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9197| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9198| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9199| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9200| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9201| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9202| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9203| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9204| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9205| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9206| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9207| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9208| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9209| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9210| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9211| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9212| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9213| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9214| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9215| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9216| [100447] Apache2Triad Multiple Security Vulnerabilities
9217| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9218| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9219| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9220| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9221| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9222| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9223| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9224| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9225| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9226| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9227| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9228| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9229| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9230| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9231| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9232| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9233| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9234| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9235| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9236| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9237| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9238| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9239| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9240| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9241| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9242| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9243| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9244| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9245| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9246| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9247| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9248| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9249| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9250| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9251| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9252| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9253| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9254| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9255| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9256| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9257| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9258| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9259| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9260| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9261| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9262| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9263| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9264| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9265| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9266| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9267| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9268| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9269| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9270| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9271| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9272| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9273| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9274| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9275| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9276| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9277| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9278| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9279| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9280| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9281| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9282| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9283| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9284| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9285| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9286| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9287| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9288| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9289| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9290| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9291| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9292| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9293| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9294| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9295| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9296| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9297| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9298| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9299| [95675] Apache Struts Remote Code Execution Vulnerability
9300| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9301| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9302| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9303| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9304| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9305| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9306| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9307| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9308| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9309| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9310| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9311| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9312| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9313| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9314| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9315| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9316| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9317| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9318| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9319| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9320| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9321| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9322| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9323| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9324| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9325| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9326| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9327| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9328| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9329| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9330| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9331| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9332| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9333| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9334| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9335| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9336| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9337| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9338| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9339| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9340| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9341| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9342| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9343| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9344| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9345| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9346| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9347| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9348| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9349| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9350| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9351| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9352| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9353| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9354| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9355| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9356| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9357| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9358| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9359| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9360| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9361| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9362| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9363| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9364| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9365| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9366| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9367| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9368| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9369| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9370| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9371| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9372| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9373| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9374| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9375| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9376| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9377| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9378| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9379| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9380| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9381| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9382| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9383| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9384| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9385| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9386| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9387| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9388| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9389| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9390| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9391| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9392| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9393| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9394| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9395| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9396| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9397| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9398| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9399| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9400| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9401| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9402| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9403| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9404| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9405| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9406| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9407| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9408| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9409| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9410| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9411| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9412| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9413| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9414| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9415| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9416| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9417| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9418| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9419| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9420| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9421| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9422| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9423| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9424| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9425| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9426| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9427| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9428| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9429| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9430| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9431| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9432| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9433| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9434| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9435| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9436| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9437| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9438| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9439| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9440| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9441| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9442| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9443| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9444| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9445| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9446| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9447| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9448| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9449| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9450| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9451| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9452| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9453| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9454| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9455| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9456| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9457| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9458| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9459| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9460| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9461| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9462| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9463| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9464| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9465| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9466| [76933] Apache James Server Unspecified Command Execution Vulnerability
9467| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9468| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9469| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9470| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9471| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9472| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9473| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9474| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9475| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9476| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9477| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9478| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9479| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9480| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9481| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9482| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9483| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9484| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9485| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9486| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9487| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9488| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9489| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9490| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9491| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9492| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9493| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9494| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9495| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9496| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9497| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9498| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9499| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9500| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9501| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9502| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9503| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9504| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9505| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9506| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9507| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9508| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9509| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9510| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9511| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9512| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9513| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9514| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9515| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9516| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9517| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9518| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9519| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9520| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9521| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9522| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9523| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9524| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9525| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9526| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9527| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9528| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9529| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9530| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9531| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9532| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9533| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9534| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9535| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9536| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9537| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9538| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9539| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9540| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9541| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9542| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9543| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9544| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9545| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9546| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9547| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9548| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9549| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9550| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9551| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9552| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9553| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9554| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9555| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9556| [68229] Apache Harmony PRNG Entropy Weakness
9557| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9558| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9559| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9560| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9561| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9562| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9563| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9564| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9565| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9566| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9567| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9568| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9569| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9570| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9571| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9572| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9573| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9574| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9575| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9576| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9577| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9578| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9579| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9580| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9581| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9582| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9583| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9584| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9585| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9586| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9587| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9588| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9589| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9590| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9591| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9592| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9593| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9594| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9595| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9596| [64780] Apache CloudStack Unauthorized Access Vulnerability
9597| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9598| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9599| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9600| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9601| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9602| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9603| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9604| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9605| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9606| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9607| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9608| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9609| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9610| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9611| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9612| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9613| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9614| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9615| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9616| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9617| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9618| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9619| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9620| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9621| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9622| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9623| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9624| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9625| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9626| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9627| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9628| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9629| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9630| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9631| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9632| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9633| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9634| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9635| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9636| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9637| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9638| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9639| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9640| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9641| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9642| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9643| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9644| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9645| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9646| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9647| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9648| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9649| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9650| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9651| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9652| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9653| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9654| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9655| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9656| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9657| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9658| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9659| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9660| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9661| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9662| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9663| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9664| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9665| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9666| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9667| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9668| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9669| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9670| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9671| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9672| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9673| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9674| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9675| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9676| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9677| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9678| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9679| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9680| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9681| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9682| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9683| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9684| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9685| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9686| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9687| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9688| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9689| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9690| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9691| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9692| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9693| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9694| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9695| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9696| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9697| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9698| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9699| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9700| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9701| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9702| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9703| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9704| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9705| [54798] Apache Libcloud Man In The Middle Vulnerability
9706| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9707| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9708| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9709| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9710| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9711| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9712| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9713| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9714| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9715| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9716| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9717| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9718| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9719| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9720| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9721| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9722| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9723| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9724| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9725| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9726| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9727| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9728| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9729| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9730| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9731| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9732| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9733| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9734| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9735| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9736| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9737| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9738| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9739| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9740| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9741| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9742| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9743| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9744| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9745| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9746| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9747| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9748| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9749| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9750| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9751| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9752| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9753| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9754| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9755| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9756| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9757| [49290] Apache Wicket Cross Site Scripting Vulnerability
9758| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9759| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9760| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9761| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9762| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9763| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9764| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9765| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9766| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9767| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9768| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9769| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9770| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9771| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9772| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9773| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9774| [46953] Apache MPM-ITK Module Security Weakness
9775| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9776| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9777| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9778| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9779| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9780| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9781| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9782| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9783| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9784| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9785| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9786| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9787| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9788| [44616] Apache Shiro Directory Traversal Vulnerability
9789| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9790| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9791| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9792| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9793| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9794| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9795| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9796| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9797| [42492] Apache CXF XML DTD Processing Security Vulnerability
9798| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9799| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9800| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9801| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9802| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9803| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9804| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9805| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9806| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9807| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9808| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9809| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9810| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9811| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9812| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9813| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9814| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9815| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9816| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9817| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9818| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9819| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9820| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9821| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9822| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9823| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9824| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9825| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9826| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9827| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9828| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9829| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9830| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9831| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9832| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9833| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9834| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9835| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9836| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9837| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9838| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9839| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9840| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9841| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9842| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9843| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9844| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9845| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9846| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9847| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9848| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9849| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9850| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9851| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9852| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9853| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9854| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9855| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9856| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9857| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9858| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9859| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9860| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9861| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9862| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9863| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9864| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9865| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9866| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9867| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9868| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9869| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9870| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9871| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9872| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9873| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9874| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9875| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9876| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
9877| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
9878| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
9879| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
9880| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
9881| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
9882| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
9883| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
9884| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
9885| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
9886| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
9887| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
9888| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
9889| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
9890| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
9891| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
9892| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
9893| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
9894| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
9895| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
9896| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
9897| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
9898| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
9899| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
9900| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
9901| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
9902| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
9903| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
9904| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
9905| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
9906| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
9907| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
9908| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
9909| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
9910| [20527] Apache Mod_TCL Remote Format String Vulnerability
9911| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
9912| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
9913| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
9914| [19106] Apache Tomcat Information Disclosure Vulnerability
9915| [18138] Apache James SMTP Denial Of Service Vulnerability
9916| [17342] Apache Struts Multiple Remote Vulnerabilities
9917| [17095] Apache Log4Net Denial Of Service Vulnerability
9918| [16916] Apache mod_python FileSession Code Execution Vulnerability
9919| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
9920| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
9921| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
9922| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
9923| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
9924| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
9925| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
9926| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
9927| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
9928| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
9929| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
9930| [15177] PHP Apache 2 Local Denial of Service Vulnerability
9931| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
9932| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
9933| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
9934| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
9935| [14106] Apache HTTP Request Smuggling Vulnerability
9936| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
9937| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
9938| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
9939| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
9940| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
9941| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
9942| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
9943| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
9944| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
9945| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
9946| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
9947| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
9948| [11471] Apache mod_include Local Buffer Overflow Vulnerability
9949| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
9950| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
9951| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
9952| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
9953| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
9954| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
9955| [11094] Apache mod_ssl Denial Of Service Vulnerability
9956| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
9957| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
9958| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
9959| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
9960| [10478] ClueCentral Apache Suexec Patch Security Weakness
9961| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
9962| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
9963| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
9964| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
9965| [9921] Apache Connection Blocking Denial Of Service Vulnerability
9966| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
9967| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
9968| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
9969| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
9970| [9733] Apache Cygwin Directory Traversal Vulnerability
9971| [9599] Apache mod_php Global Variables Information Disclosure Weakness
9972| [9590] Apache-SSL Client Certificate Forging Vulnerability
9973| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
9974| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
9975| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
9976| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
9977| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
9978| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
9979| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
9980| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
9981| [8898] Red Hat Apache Directory Index Default Configuration Error
9982| [8883] Apache Cocoon Directory Traversal Vulnerability
9983| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
9984| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
9985| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
9986| [8707] Apache htpasswd Password Entropy Weakness
9987| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
9988| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
9989| [8226] Apache HTTP Server Multiple Vulnerabilities
9990| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
9991| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
9992| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
9993| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
9994| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
9995| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
9996| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
9997| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
9998| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
9999| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10000| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10001| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10002| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10003| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10004| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10005| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10006| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10007| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10008| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10009| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10010| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10011| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10012| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10013| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10014| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10015| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10016| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10017| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10018| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10019| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10020| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10021| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10022| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10023| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10024| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10025| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10026| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10027| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10028| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10029| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10030| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10031| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10032| [5485] Apache 2.0 Path Disclosure Vulnerability
10033| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10034| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10035| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10036| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10037| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10038| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10039| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10040| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10041| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10042| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10043| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10044| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10045| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10046| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10047| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10048| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10049| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10050| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10051| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10052| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10053| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10054| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10055| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10056| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10057| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10058| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10059| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10060| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10061| [3596] Apache Split-Logfile File Append Vulnerability
10062| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10063| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10064| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10065| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10066| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10067| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10068| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10069| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10070| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10071| [3169] Apache Server Address Disclosure Vulnerability
10072| [3009] Apache Possible Directory Index Disclosure Vulnerability
10073| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10074| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10075| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10076| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10077| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10078| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10079| [2216] Apache Web Server DoS Vulnerability
10080| [2182] Apache /tmp File Race Vulnerability
10081| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10082| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10083| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10084| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10085| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10086| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10087| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10088| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10089| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10090| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10091| [1457] Apache::ASP source.asp Example Script Vulnerability
10092| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10093| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10094|
10095| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10096| [86258] Apache CloudStack text fields cross-site scripting
10097| [85983] Apache Subversion mod_dav_svn module denial of service
10098| [85875] Apache OFBiz UEL code execution
10099| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10100| [85871] Apache HTTP Server mod_session_dbd unspecified
10101| [85756] Apache Struts OGNL expression command execution
10102| [85755] Apache Struts DefaultActionMapper class open redirect
10103| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10104| [85574] Apache HTTP Server mod_dav denial of service
10105| [85573] Apache Struts Showcase App OGNL code execution
10106| [85496] Apache CXF denial of service
10107| [85423] Apache Geronimo RMI classloader code execution
10108| [85326] Apache Santuario XML Security for C++ buffer overflow
10109| [85323] Apache Santuario XML Security for Java spoofing
10110| [85319] Apache Qpid Python client SSL spoofing
10111| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10112| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10113| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10114| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10115| [84952] Apache Tomcat CVE-2012-3544 denial of service
10116| [84763] Apache Struts CVE-2013-2135 security bypass
10117| [84762] Apache Struts CVE-2013-2134 security bypass
10118| [84719] Apache Subversion CVE-2013-2088 command execution
10119| [84718] Apache Subversion CVE-2013-2112 denial of service
10120| [84717] Apache Subversion CVE-2013-1968 denial of service
10121| [84577] Apache Tomcat security bypass
10122| [84576] Apache Tomcat symlink
10123| [84543] Apache Struts CVE-2013-2115 security bypass
10124| [84542] Apache Struts CVE-2013-1966 security bypass
10125| [84154] Apache Tomcat session hijacking
10126| [84144] Apache Tomcat denial of service
10127| [84143] Apache Tomcat information disclosure
10128| [84111] Apache HTTP Server command execution
10129| [84043] Apache Virtual Computing Lab cross-site scripting
10130| [84042] Apache Virtual Computing Lab cross-site scripting
10131| [83782] Apache CloudStack information disclosure
10132| [83781] Apache CloudStack security bypass
10133| [83720] Apache ActiveMQ cross-site scripting
10134| [83719] Apache ActiveMQ denial of service
10135| [83718] Apache ActiveMQ denial of service
10136| [83263] Apache Subversion denial of service
10137| [83262] Apache Subversion denial of service
10138| [83261] Apache Subversion denial of service
10139| [83259] Apache Subversion denial of service
10140| [83035] Apache mod_ruid2 security bypass
10141| [82852] Apache Qpid federation_tag security bypass
10142| [82851] Apache Qpid qpid::framing::Buffer denial of service
10143| [82758] Apache Rave User RPC API information disclosure
10144| [82663] Apache Subversion svn_fs_file_length() denial of service
10145| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10146| [82641] Apache Qpid AMQP denial of service
10147| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10148| [82618] Apache Commons FileUpload symlink
10149| [82360] Apache HTTP Server manager interface cross-site scripting
10150| [82359] Apache HTTP Server hostnames cross-site scripting
10151| [82338] Apache Tomcat log/logdir information disclosure
10152| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10153| [82268] Apache OpenJPA deserialization command execution
10154| [81981] Apache CXF UsernameTokens security bypass
10155| [81980] Apache CXF WS-Security security bypass
10156| [81398] Apache OFBiz cross-site scripting
10157| [81240] Apache CouchDB directory traversal
10158| [81226] Apache CouchDB JSONP code execution
10159| [81225] Apache CouchDB Futon user interface cross-site scripting
10160| [81211] Apache Axis2/C SSL spoofing
10161| [81167] Apache CloudStack DeployVM information disclosure
10162| [81166] Apache CloudStack AddHost API information disclosure
10163| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10164| [80518] Apache Tomcat cross-site request forgery security bypass
10165| [80517] Apache Tomcat FormAuthenticator security bypass
10166| [80516] Apache Tomcat NIO denial of service
10167| [80408] Apache Tomcat replay-countermeasure security bypass
10168| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10169| [80317] Apache Tomcat slowloris denial of service
10170| [79984] Apache Commons HttpClient SSL spoofing
10171| [79983] Apache CXF SSL spoofing
10172| [79830] Apache Axis2/Java SSL spoofing
10173| [79829] Apache Axis SSL spoofing
10174| [79809] Apache Tomcat DIGEST security bypass
10175| [79806] Apache Tomcat parseHeaders() denial of service
10176| [79540] Apache OFBiz unspecified
10177| [79487] Apache Axis2 SAML security bypass
10178| [79212] Apache Cloudstack code execution
10179| [78734] Apache CXF SOAP Action security bypass
10180| [78730] Apache Qpid broker denial of service
10181| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10182| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10183| [78562] Apache mod_pagespeed module security bypass
10184| [78454] Apache Axis2 security bypass
10185| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10186| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10187| [78321] Apache Wicket unspecified cross-site scripting
10188| [78183] Apache Struts parameters denial of service
10189| [78182] Apache Struts cross-site request forgery
10190| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10191| [77987] mod_rpaf module for Apache denial of service
10192| [77958] Apache Struts skill name code execution
10193| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10194| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10195| [77568] Apache Qpid broker security bypass
10196| [77421] Apache Libcloud spoofing
10197| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10198| [77046] Oracle Solaris Apache HTTP Server information disclosure
10199| [76837] Apache Hadoop information disclosure
10200| [76802] Apache Sling CopyFrom denial of service
10201| [76692] Apache Hadoop symlink
10202| [76535] Apache Roller console cross-site request forgery
10203| [76534] Apache Roller weblog cross-site scripting
10204| [76152] Apache CXF elements security bypass
10205| [76151] Apache CXF child policies security bypass
10206| [75983] MapServer for Windows Apache file include
10207| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10208| [75558] Apache POI denial of service
10209| [75545] PHP apache_request_headers() buffer overflow
10210| [75302] Apache Qpid SASL security bypass
10211| [75211] Debian GNU/Linux apache 2 cross-site scripting
10212| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10213| [74871] Apache OFBiz FlexibleStringExpander code execution
10214| [74870] Apache OFBiz multiple cross-site scripting
10215| [74750] Apache Hadoop unspecified spoofing
10216| [74319] Apache Struts XSLTResult.java file upload
10217| [74313] Apache Traffic Server header buffer overflow
10218| [74276] Apache Wicket directory traversal
10219| [74273] Apache Wicket unspecified cross-site scripting
10220| [74181] Apache HTTP Server mod_fcgid module denial of service
10221| [73690] Apache Struts OGNL code execution
10222| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10223| [73100] Apache MyFaces in directory traversal
10224| [73096] Apache APR hash denial of service
10225| [73052] Apache Struts name cross-site scripting
10226| [73030] Apache CXF UsernameToken security bypass
10227| [72888] Apache Struts lastName cross-site scripting
10228| [72758] Apache HTTP Server httpOnly information disclosure
10229| [72757] Apache HTTP Server MPM denial of service
10230| [72585] Apache Struts ParameterInterceptor security bypass
10231| [72438] Apache Tomcat Digest security bypass
10232| [72437] Apache Tomcat Digest security bypass
10233| [72436] Apache Tomcat DIGEST security bypass
10234| [72425] Apache Tomcat parameter denial of service
10235| [72422] Apache Tomcat request object information disclosure
10236| [72377] Apache HTTP Server scoreboard security bypass
10237| [72345] Apache HTTP Server HTTP request denial of service
10238| [72229] Apache Struts ExceptionDelegator command execution
10239| [72089] Apache Struts ParameterInterceptor directory traversal
10240| [72088] Apache Struts CookieInterceptor command execution
10241| [72047] Apache Geronimo hash denial of service
10242| [72016] Apache Tomcat hash denial of service
10243| [71711] Apache Struts OGNL expression code execution
10244| [71654] Apache Struts interfaces security bypass
10245| [71620] Apache ActiveMQ failover denial of service
10246| [71617] Apache HTTP Server mod_proxy module information disclosure
10247| [71508] Apache MyFaces EL security bypass
10248| [71445] Apache HTTP Server mod_proxy security bypass
10249| [71203] Apache Tomcat servlets privilege escalation
10250| [71181] Apache HTTP Server ap_pregsub() denial of service
10251| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10252| [70336] Apache HTTP Server mod_proxy information disclosure
10253| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10254| [69472] Apache Tomcat AJP security bypass
10255| [69396] Apache HTTP Server ByteRange filter denial of service
10256| [69394] Apache Wicket multi window support cross-site scripting
10257| [69176] Apache Tomcat XML information disclosure
10258| [69161] Apache Tomcat jsvc information disclosure
10259| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10260| [68541] Apache Tomcat sendfile information disclosure
10261| [68420] Apache XML Security denial of service
10262| [68238] Apache Tomcat JMX information disclosure
10263| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10264| [67804] Apache Subversion control rules information disclosure
10265| [67803] Apache Subversion control rules denial of service
10266| [67802] Apache Subversion baselined denial of service
10267| [67672] Apache Archiva multiple cross-site scripting
10268| [67671] Apache Archiva multiple cross-site request forgery
10269| [67564] Apache APR apr_fnmatch() denial of service
10270| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10271| [67515] Apache Tomcat annotations security bypass
10272| [67480] Apache Struts s:submit information disclosure
10273| [67414] Apache APR apr_fnmatch() denial of service
10274| [67356] Apache Struts javatemplates cross-site scripting
10275| [67354] Apache Struts Xwork cross-site scripting
10276| [66676] Apache Tomcat HTTP BIO information disclosure
10277| [66675] Apache Tomcat web.xml security bypass
10278| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10279| [66241] Apache HttpComponents information disclosure
10280| [66154] Apache Tomcat ServletSecurity security bypass
10281| [65971] Apache Tomcat ServletSecurity security bypass
10282| [65876] Apache Subversion mod_dav_svn denial of service
10283| [65343] Apache Continuum unspecified cross-site scripting
10284| [65162] Apache Tomcat NIO connector denial of service
10285| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10286| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10287| [65159] Apache Tomcat ServletContect security bypass
10288| [65050] Apache CouchDB web-based administration UI cross-site scripting
10289| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10290| [64473] Apache Subversion blame -g denial of service
10291| [64472] Apache Subversion walk() denial of service
10292| [64407] Apache Axis2 CVE-2010-0219 code execution
10293| [63926] Apache Archiva password privilege escalation
10294| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10295| [63493] Apache Archiva credentials cross-site request forgery
10296| [63477] Apache Tomcat HttpOnly session hijacking
10297| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10298| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10299| [62959] Apache Shiro filters security bypass
10300| [62790] Apache Perl cgi module denial of service
10301| [62576] Apache Qpid exchange denial of service
10302| [62575] Apache Qpid AMQP denial of service
10303| [62354] Apache Qpid SSL denial of service
10304| [62235] Apache APR-util apr_brigade_split_line() denial of service
10305| [62181] Apache XML-RPC SAX Parser information disclosure
10306| [61721] Apache Traffic Server cache poisoning
10307| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10308| [61186] Apache CouchDB Futon cross-site request forgery
10309| [61169] Apache CXF DTD denial of service
10310| [61070] Apache Jackrabbit search.jsp SQL injection
10311| [61006] Apache SLMS Quoting cross-site request forgery
10312| [60962] Apache Tomcat time cross-site scripting
10313| [60883] Apache mod_proxy_http information disclosure
10314| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10315| [60264] Apache Tomcat Transfer-Encoding denial of service
10316| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10317| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10318| [59413] Apache mod_proxy_http timeout information disclosure
10319| [59058] Apache MyFaces unencrypted view state cross-site scripting
10320| [58827] Apache Axis2 xsd file include
10321| [58790] Apache Axis2 modules cross-site scripting
10322| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10323| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10324| [58056] Apache ActiveMQ .jsp source code disclosure
10325| [58055] Apache Tomcat realm name information disclosure
10326| [58046] Apache HTTP Server mod_auth_shadow security bypass
10327| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10328| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10329| [57429] Apache CouchDB algorithms information disclosure
10330| [57398] Apache ActiveMQ Web console cross-site request forgery
10331| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10332| [56653] Apache HTTP Server DNS spoofing
10333| [56652] Apache HTTP Server DNS cross-site scripting
10334| [56625] Apache HTTP Server request header information disclosure
10335| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10336| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10337| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10338| [55857] Apache Tomcat WAR files directory traversal
10339| [55856] Apache Tomcat autoDeploy attribute security bypass
10340| [55855] Apache Tomcat WAR directory traversal
10341| [55210] Intuit component for Joomla! Apache information disclosure
10342| [54533] Apache Tomcat 404 error page cross-site scripting
10343| [54182] Apache Tomcat admin default password
10344| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10345| [53666] Apache HTTP Server Solaris pollset support denial of service
10346| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10347| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10348| [53041] mod_proxy_ftp module for Apache denial of service
10349| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10350| [51953] Apache Tomcat Path Disclosure
10351| [51952] Apache Tomcat Path Traversal
10352| [51951] Apache stronghold-status Information Disclosure
10353| [51950] Apache stronghold-info Information Disclosure
10354| [51949] Apache PHP Source Code Disclosure
10355| [51948] Apache Multiviews Attack
10356| [51946] Apache JServ Environment Status Information Disclosure
10357| [51945] Apache error_log Information Disclosure
10358| [51944] Apache Default Installation Page Pattern Found
10359| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10360| [51942] Apache AXIS XML External Entity File Retrieval
10361| [51941] Apache AXIS Sample Servlet Information Leak
10362| [51940] Apache access_log Information Disclosure
10363| [51626] Apache mod_deflate denial of service
10364| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10365| [51365] Apache Tomcat RequestDispatcher security bypass
10366| [51273] Apache HTTP Server Incomplete Request denial of service
10367| [51195] Apache Tomcat XML information disclosure
10368| [50994] Apache APR-util xml/apr_xml.c denial of service
10369| [50993] Apache APR-util apr_brigade_vprintf denial of service
10370| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10371| [50930] Apache Tomcat j_security_check information disclosure
10372| [50928] Apache Tomcat AJP denial of service
10373| [50884] Apache HTTP Server XML ENTITY denial of service
10374| [50808] Apache HTTP Server AllowOverride privilege escalation
10375| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10376| [50059] Apache mod_proxy_ajp information disclosure
10377| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10378| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10379| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10380| [49921] Apache ActiveMQ Web interface cross-site scripting
10381| [49898] Apache Geronimo Services/Repository directory traversal
10382| [49725] Apache Tomcat mod_jk module information disclosure
10383| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10384| [49712] Apache Struts unspecified cross-site scripting
10385| [49213] Apache Tomcat cal2.jsp cross-site scripting
10386| [48934] Apache Tomcat POST doRead method information disclosure
10387| [48211] Apache Tomcat header HTTP request smuggling
10388| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10389| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10390| [47709] Apache Roller "
10391| [47104] Novell Netware ApacheAdmin console security bypass
10392| [47086] Apache HTTP Server OS fingerprinting unspecified
10393| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10394| [45791] Apache Tomcat RemoteFilterValve security bypass
10395| [44435] Oracle WebLogic Apache Connector buffer overflow
10396| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10397| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10398| [44156] Apache Tomcat RequestDispatcher directory traversal
10399| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10400| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10401| [42987] Apache HTTP Server mod_proxy module denial of service
10402| [42915] Apache Tomcat JSP files path disclosure
10403| [42914] Apache Tomcat MS-DOS path disclosure
10404| [42892] Apache Tomcat unspecified unauthorized access
10405| [42816] Apache Tomcat Host Manager cross-site scripting
10406| [42303] Apache 403 error cross-site scripting
10407| [41618] Apache-SSL ExpandCert() authentication bypass
10408| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10409| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10410| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10411| [40562] Apache Geronimo init information disclosure
10412| [40478] Novell Web Manager webadmin-apache.conf security bypass
10413| [40411] Apache Tomcat exception handling information disclosure
10414| [40409] Apache Tomcat native (APR based) connector weak security
10415| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10416| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10417| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10418| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10419| [39804] Apache Tomcat SingleSignOn information disclosure
10420| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10421| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10422| [39608] Apache HTTP Server balancer manager cross-site request forgery
10423| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10424| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10425| [39472] Apache HTTP Server mod_status cross-site scripting
10426| [39201] Apache Tomcat JULI logging weak security
10427| [39158] Apache HTTP Server Windows SMB shares information disclosure
10428| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10429| [38951] Apache::AuthCAS Perl module cookie SQL injection
10430| [38800] Apache HTTP Server 413 error page cross-site scripting
10431| [38211] Apache Geronimo SQLLoginModule authentication bypass
10432| [37243] Apache Tomcat WebDAV directory traversal
10433| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10434| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10435| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10436| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10437| [36782] Apache Geronimo MEJB unauthorized access
10438| [36586] Apache HTTP Server UTF-7 cross-site scripting
10439| [36468] Apache Geronimo LoginModule security bypass
10440| [36467] Apache Tomcat functions.jsp cross-site scripting
10441| [36402] Apache Tomcat calendar cross-site request forgery
10442| [36354] Apache HTTP Server mod_proxy module denial of service
10443| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10444| [36336] Apache Derby lock table privilege escalation
10445| [36335] Apache Derby schema privilege escalation
10446| [36006] Apache Tomcat "
10447| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10448| [35999] Apache Tomcat \"
10449| [35795] Apache Tomcat CookieExample cross-site scripting
10450| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10451| [35384] Apache HTTP Server mod_cache module denial of service
10452| [35097] Apache HTTP Server mod_status module cross-site scripting
10453| [35095] Apache HTTP Server Prefork MPM module denial of service
10454| [34984] Apache HTTP Server recall_headers information disclosure
10455| [34966] Apache HTTP Server MPM content spoofing
10456| [34965] Apache HTTP Server MPM information disclosure
10457| [34963] Apache HTTP Server MPM multiple denial of service
10458| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10459| [34869] Apache Tomcat JSP example Web application cross-site scripting
10460| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10461| [34496] Apache Tomcat JK Connector security bypass
10462| [34377] Apache Tomcat hello.jsp cross-site scripting
10463| [34212] Apache Tomcat SSL configuration security bypass
10464| [34210] Apache Tomcat Accept-Language cross-site scripting
10465| [34209] Apache Tomcat calendar application cross-site scripting
10466| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10467| [34167] Apache Axis WSDL file path disclosure
10468| [34068] Apache Tomcat AJP connector information disclosure
10469| [33584] Apache HTTP Server suEXEC privilege escalation
10470| [32988] Apache Tomcat proxy module directory traversal
10471| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10472| [32708] Debian Apache tty privilege escalation
10473| [32441] ApacheStats extract() PHP call unspecified
10474| [32128] Apache Tomcat default account
10475| [31680] Apache Tomcat RequestParamExample cross-site scripting
10476| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10477| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10478| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10479| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10480| [29550] Apache mod_tcl set_var() format string
10481| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10482| [28357] Apache HTTP Server mod_alias script source information disclosure
10483| [28063] Apache mod_rewrite off-by-one buffer overflow
10484| [27902] Apache Tomcat URL information disclosure
10485| [26786] Apache James SMTP server denial of service
10486| [25680] libapache2 /tmp/svn file upload
10487| [25614] Apache Struts lookupMap cross-site scripting
10488| [25613] Apache Struts ActionForm denial of service
10489| [25612] Apache Struts isCancelled() security bypass
10490| [24965] Apache mod_python FileSession command execution
10491| [24716] Apache James spooler memory leak denial of service
10492| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10493| [24158] Apache Geronimo jsp-examples cross-site scripting
10494| [24030] Apache auth_ldap module multiple format strings
10495| [24008] Apache mod_ssl custom error message denial of service
10496| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10497| [23612] Apache mod_imap referer field cross-site scripting
10498| [23173] Apache Struts error message cross-site scripting
10499| [22942] Apache Tomcat directory listing denial of service
10500| [22858] Apache Multi-Processing Module code allows denial of service
10501| [22602] RHSA-2005:582 updates for Apache httpd not installed
10502| [22520] Apache mod-auth-shadow "
10503| [22466] ApacheTop symlink
10504| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10505| [22006] Apache HTTP Server byte-range filter denial of service
10506| [21567] Apache mod_ssl off-by-one buffer overflow
10507| [21195] Apache HTTP Server header HTTP request smuggling
10508| [20383] Apache HTTP Server htdigest buffer overflow
10509| [19681] Apache Tomcat AJP12 request denial of service
10510| [18993] Apache HTTP server check_forensic symlink attack
10511| [18790] Apache Tomcat Manager cross-site scripting
10512| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10513| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10514| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10515| [17961] Apache Web server ServerTokens has not been set
10516| [17930] Apache HTTP Server HTTP GET request denial of service
10517| [17785] Apache mod_include module buffer overflow
10518| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10519| [17473] Apache HTTP Server Satisfy directive allows access to resources
10520| [17413] Apache htpasswd buffer overflow
10521| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10522| [17382] Apache HTTP Server IPv6 apr_util denial of service
10523| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10524| [17273] Apache HTTP Server speculative mode denial of service
10525| [17200] Apache HTTP Server mod_ssl denial of service
10526| [16890] Apache HTTP Server server-info request has been detected
10527| [16889] Apache HTTP Server server-status request has been detected
10528| [16705] Apache mod_ssl format string attack
10529| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10530| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10531| [16230] Apache HTTP Server PHP denial of service
10532| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10533| [15958] Apache HTTP Server authentication modules memory corruption
10534| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10535| [15540] Apache HTTP Server socket starvation denial of service
10536| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10537| [15422] Apache HTTP Server mod_access information disclosure
10538| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10539| [15293] Apache for Cygwin "
10540| [15065] Apache-SSL has a default password
10541| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10542| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10543| [14751] Apache Mod_python output filter information disclosure
10544| [14125] Apache HTTP Server mod_userdir module information disclosure
10545| [14075] Apache HTTP Server mod_php file descriptor leak
10546| [13703] Apache HTTP Server account
10547| [13689] Apache HTTP Server configuration allows symlinks
10548| [13688] Apache HTTP Server configuration allows SSI
10549| [13687] Apache HTTP Server Server: header value
10550| [13685] Apache HTTP Server ServerTokens value
10551| [13684] Apache HTTP Server ServerSignature value
10552| [13672] Apache HTTP Server config allows directory autoindexing
10553| [13671] Apache HTTP Server default content
10554| [13670] Apache HTTP Server config file directive references outside content root
10555| [13668] Apache HTTP Server httpd not running in chroot environment
10556| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10557| [13664] Apache HTTP Server config file contains ScriptAlias entry
10558| [13663] Apache HTTP Server CGI support modules loaded
10559| [13661] Apache HTTP Server config file contains AddHandler entry
10560| [13660] Apache HTTP Server 500 error page not CGI script
10561| [13659] Apache HTTP Server 413 error page not CGI script
10562| [13658] Apache HTTP Server 403 error page not CGI script
10563| [13657] Apache HTTP Server 401 error page not CGI script
10564| [13552] Apache HTTP Server mod_cgid module information disclosure
10565| [13550] Apache GET request directory traversal
10566| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10567| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10568| [13429] Apache Tomcat non-HTTP request denial of service
10569| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10570| [13295] Apache weak password encryption
10571| [13254] Apache Tomcat .jsp cross-site scripting
10572| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10573| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10574| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10575| [12662] Apache HTTP Server rotatelogs denial of service
10576| [12554] Apache Tomcat stores password in plain text
10577| [12553] Apache HTTP Server redirects and subrequests denial of service
10578| [12552] Apache HTTP Server FTP proxy server denial of service
10579| [12551] Apache HTTP Server prefork MPM denial of service
10580| [12550] Apache HTTP Server weaker than expected encryption
10581| [12549] Apache HTTP Server type-map file denial of service
10582| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10583| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10584| [12091] Apache HTTP Server apr_password_validate denial of service
10585| [12090] Apache HTTP Server apr_psprintf code execution
10586| [11804] Apache HTTP Server mod_access_referer denial of service
10587| [11750] Apache HTTP Server could leak sensitive file descriptors
10588| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10589| [11703] Apache long slash path allows directory listing
10590| [11695] Apache HTTP Server LF (Line Feed) denial of service
10591| [11694] Apache HTTP Server filestat.c denial of service
10592| [11438] Apache HTTP Server MIME message boundaries information disclosure
10593| [11412] Apache HTTP Server error log terminal escape sequence injection
10594| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10595| [11195] Apache Tomcat web.xml could be used to read files
10596| [11194] Apache Tomcat URL appended with a null character could list directories
10597| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10598| [11126] Apache HTTP Server illegal character file disclosure
10599| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10600| [11124] Apache HTTP Server DOS device name denial of service
10601| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10602| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10603| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10604| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10605| [10499] Apache HTTP Server WebDAV HTTP POST view source
10606| [10457] Apache HTTP Server mod_ssl "
10607| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10608| [10414] Apache HTTP Server htdigest multiple buffer overflows
10609| [10413] Apache HTTP Server htdigest temporary file race condition
10610| [10412] Apache HTTP Server htpasswd temporary file race condition
10611| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10612| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10613| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10614| [10280] Apache HTTP Server shared memory scorecard overwrite
10615| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10616| [10241] Apache HTTP Server Host: header cross-site scripting
10617| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10618| [10208] Apache HTTP Server mod_dav denial of service
10619| [10206] HP VVOS Apache mod_ssl denial of service
10620| [10200] Apache HTTP Server stderr denial of service
10621| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10622| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10623| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10624| [10098] Slapper worm targets OpenSSL/Apache systems
10625| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10626| [9875] Apache HTTP Server .var file request could disclose installation path
10627| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10628| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10629| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10630| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10631| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10632| [9396] Apache Tomcat null character to threads denial of service
10633| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10634| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10635| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10636| [8932] Apache Tomcat example class information disclosure
10637| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10638| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10639| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10640| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10641| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10642| [8400] Apache HTTP Server mod_frontpage buffer overflows
10643| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10644| [8308] Apache "
10645| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10646| [8119] Apache and PHP OPTIONS request reveals "
10647| [8054] Apache is running on the system
10648| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10649| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10650| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10651| [7836] Apache HTTP Server log directory denial of service
10652| [7815] Apache for Windows "
10653| [7810] Apache HTTP request could result in unexpected behavior
10654| [7599] Apache Tomcat reveals installation path
10655| [7494] Apache "
10656| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10657| [7363] Apache Web Server hidden HTTP requests
10658| [7249] Apache mod_proxy denial of service
10659| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10660| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10661| [7059] Apache "
10662| [7057] Apache "
10663| [7056] Apache "
10664| [7055] Apache "
10665| [7054] Apache "
10666| [6997] Apache Jakarta Tomcat error message may reveal information
10667| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10668| [6970] Apache crafted HTTP request could reveal the internal IP address
10669| [6921] Apache long slash path allows directory listing
10670| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10671| [6527] Apache Web Server for Windows and OS2 denial of service
10672| [6316] Apache Jakarta Tomcat may reveal JSP source code
10673| [6305] Apache Jakarta Tomcat directory traversal
10674| [5926] Linux Apache symbolic link
10675| [5659] Apache Web server discloses files when used with php script
10676| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10677| [5204] Apache WebDAV directory listings
10678| [5197] Apache Web server reveals CGI script source code
10679| [5160] Apache Jakarta Tomcat default installation
10680| [5099] Trustix Secure Linux installs Apache with world writable access
10681| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10682| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10683| [4931] Apache source.asp example file allows users to write to files
10684| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10685| [4205] Apache Jakarta Tomcat delivers file contents
10686| [2084] Apache on Debian by default serves the /usr/doc directory
10687| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10688| [697] Apache HTTP server beck exploit
10689| [331] Apache cookies buffer overflow
10690|
10691| Exploit-DB - https://www.exploit-db.com:
10692| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10693| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10694| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10695| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10696| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10697| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10698| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10699| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10700| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10701| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10702| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10703| [29859] Apache Roller OGNL Injection
10704| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10705| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10706| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10707| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10708| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10709| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10710| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10711| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10712| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10713| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10714| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10715| [27096] Apache Geronimo 1.0 Error Page XSS
10716| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10717| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10718| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10719| [25986] Plesk Apache Zeroday Remote Exploit
10720| [25980] Apache Struts includeParams Remote Code Execution
10721| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10722| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10723| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10724| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10725| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10726| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10727| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10728| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10729| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10730| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10731| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10732| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10733| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10734| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10735| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10736| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10737| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10738| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10739| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10740| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10741| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10742| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10743| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10744| [21719] Apache 2.0 Path Disclosure Vulnerability
10745| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10746| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10747| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10748| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10749| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10750| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10751| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10752| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10753| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10754| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10755| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10756| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10757| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10758| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10759| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10760| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10761| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10762| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10763| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10764| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10765| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10766| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10767| [20558] Apache 1.2 Web Server DoS Vulnerability
10768| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10769| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10770| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10771| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10772| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10773| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10774| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10775| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10776| [19231] PHP apache_request_headers Function Buffer Overflow
10777| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10778| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10779| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10780| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10781| [18442] Apache httpOnly Cookie Disclosure
10782| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10783| [18221] Apache HTTP Server Denial of Service
10784| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10785| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10786| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10787| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10788| [16782] Apache Win32 Chunked Encoding
10789| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10790| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10791| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10792| [15319] Apache 2.2 (Windows) Local Denial of Service
10793| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10794| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10795| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10796| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10797| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10798| [12330] Apache OFBiz - Multiple XSS
10799| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10800| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10801| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10802| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10803| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10804| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10805| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10806| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10807| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10808| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10809| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10810| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10811| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10812| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10813| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10814| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10815| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10816| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10817| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10818| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10819| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10820| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10821| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10822| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10823| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10824| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10825| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10826| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10827| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10828| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10829| [466] htpasswd Apache 1.3.31 - Local Exploit
10830| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10831| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10832| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10833| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10834| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10835| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10836| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10837| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10838| [9] Apache HTTP Server 2.x Memory Leak Exploit
10839|
10840| OpenVAS (Nessus) - http://www.openvas.org:
10841| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10842| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10843| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10844| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10845| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10846| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10847| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10848| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10849| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10850| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10851| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10852| [900571] Apache APR-Utils Version Detection
10853| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10854| [900496] Apache Tiles Multiple XSS Vulnerability
10855| [900493] Apache Tiles Version Detection
10856| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10857| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10858| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10859| [870175] RedHat Update for apache RHSA-2008:0004-01
10860| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10861| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10862| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10863| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10864| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10865| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10866| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10867| [855821] Solaris Update for Apache 1.3 122912-19
10868| [855812] Solaris Update for Apache 1.3 122911-19
10869| [855737] Solaris Update for Apache 1.3 122911-17
10870| [855731] Solaris Update for Apache 1.3 122912-17
10871| [855695] Solaris Update for Apache 1.3 122911-16
10872| [855645] Solaris Update for Apache 1.3 122912-16
10873| [855587] Solaris Update for kernel update and Apache 108529-29
10874| [855566] Solaris Update for Apache 116973-07
10875| [855531] Solaris Update for Apache 116974-07
10876| [855524] Solaris Update for Apache 2 120544-14
10877| [855494] Solaris Update for Apache 1.3 122911-15
10878| [855478] Solaris Update for Apache Security 114145-11
10879| [855472] Solaris Update for Apache Security 113146-12
10880| [855179] Solaris Update for Apache 1.3 122912-15
10881| [855147] Solaris Update for kernel update and Apache 108528-29
10882| [855077] Solaris Update for Apache 2 120543-14
10883| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
10884| [850088] SuSE Update for apache2 SUSE-SA:2007:061
10885| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
10886| [841209] Ubuntu Update for apache2 USN-1627-1
10887| [840900] Ubuntu Update for apache2 USN-1368-1
10888| [840798] Ubuntu Update for apache2 USN-1259-1
10889| [840734] Ubuntu Update for apache2 USN-1199-1
10890| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
10891| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
10892| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
10893| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
10894| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
10895| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
10896| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
10897| [835253] HP-UX Update for Apache Web Server HPSBUX02645
10898| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
10899| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
10900| [835236] HP-UX Update for Apache with PHP HPSBUX02543
10901| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
10902| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
10903| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
10904| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
10905| [835188] HP-UX Update for Apache HPSBUX02308
10906| [835181] HP-UX Update for Apache With PHP HPSBUX02332
10907| [835180] HP-UX Update for Apache with PHP HPSBUX02342
10908| [835172] HP-UX Update for Apache HPSBUX02365
10909| [835168] HP-UX Update for Apache HPSBUX02313
10910| [835148] HP-UX Update for Apache HPSBUX01064
10911| [835139] HP-UX Update for Apache with PHP HPSBUX01090
10912| [835131] HP-UX Update for Apache HPSBUX00256
10913| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
10914| [835104] HP-UX Update for Apache HPSBUX00224
10915| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
10916| [835101] HP-UX Update for Apache HPSBUX01232
10917| [835080] HP-UX Update for Apache HPSBUX02273
10918| [835078] HP-UX Update for ApacheStrong HPSBUX00255
10919| [835044] HP-UX Update for Apache HPSBUX01019
10920| [835040] HP-UX Update for Apache PHP HPSBUX00207
10921| [835025] HP-UX Update for Apache HPSBUX00197
10922| [835023] HP-UX Update for Apache HPSBUX01022
10923| [835022] HP-UX Update for Apache HPSBUX02292
10924| [835005] HP-UX Update for Apache HPSBUX02262
10925| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
10926| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
10927| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
10928| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
10929| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
10930| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
10931| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
10932| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
10933| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
10934| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
10935| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
10936| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
10937| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
10938| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
10939| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
10940| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
10941| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
10942| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
10943| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
10944| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
10945| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
10946| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
10947| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
10948| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
10949| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
10950| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
10951| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
10952| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
10953| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
10954| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
10955| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
10956| [801942] Apache Archiva Multiple Vulnerabilities
10957| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
10958| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
10959| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
10960| [801284] Apache Derby Information Disclosure Vulnerability
10961| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
10962| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
10963| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
10964| [800680] Apache APR Version Detection
10965| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
10966| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
10967| [800677] Apache Roller Version Detection
10968| [800279] Apache mod_jk Module Version Detection
10969| [800278] Apache Struts Cross Site Scripting Vulnerability
10970| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
10971| [800276] Apache Struts Version Detection
10972| [800271] Apache Struts Directory Traversal Vulnerability
10973| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
10974| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
10975| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
10976| [103122] Apache Web Server ETag Header Information Disclosure Weakness
10977| [103074] Apache Continuum Cross Site Scripting Vulnerability
10978| [103073] Apache Continuum Detection
10979| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
10980| [101023] Apache Open For Business Weak Password security check
10981| [101020] Apache Open For Business HTML injection vulnerability
10982| [101019] Apache Open For Business service detection
10983| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
10984| [100923] Apache Archiva Detection
10985| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
10986| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
10987| [100813] Apache Axis2 Detection
10988| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
10989| [100795] Apache Derby Detection
10990| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
10991| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
10992| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
10993| [100514] Apache Multiple Security Vulnerabilities
10994| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
10995| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10996| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10997| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10998| [72626] Debian Security Advisory DSA 2579-1 (apache2)
10999| [72612] FreeBSD Ports: apache22
11000| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11001| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11002| [71512] FreeBSD Ports: apache
11003| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11004| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11005| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11006| [70737] FreeBSD Ports: apache
11007| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11008| [70600] FreeBSD Ports: apache
11009| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11010| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11011| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11012| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11013| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11014| [67868] FreeBSD Ports: apache
11015| [66816] FreeBSD Ports: apache
11016| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11017| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11018| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11019| [66081] SLES11: Security update for Apache 2
11020| [66074] SLES10: Security update for Apache 2
11021| [66070] SLES9: Security update for Apache 2
11022| [65998] SLES10: Security update for apache2-mod_python
11023| [65893] SLES10: Security update for Apache 2
11024| [65888] SLES10: Security update for Apache 2
11025| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11026| [65510] SLES9: Security update for Apache 2
11027| [65472] SLES9: Security update for Apache
11028| [65467] SLES9: Security update for Apache
11029| [65450] SLES9: Security update for apache2
11030| [65390] SLES9: Security update for Apache2
11031| [65363] SLES9: Security update for Apache2
11032| [65309] SLES9: Security update for Apache and mod_ssl
11033| [65296] SLES9: Security update for webdav apache module
11034| [65283] SLES9: Security update for Apache2
11035| [65249] SLES9: Security update for Apache 2
11036| [65230] SLES9: Security update for Apache 2
11037| [65228] SLES9: Security update for Apache 2
11038| [65212] SLES9: Security update for apache2-mod_python
11039| [65209] SLES9: Security update for apache2-worker
11040| [65207] SLES9: Security update for Apache 2
11041| [65168] SLES9: Security update for apache2-mod_python
11042| [65142] SLES9: Security update for Apache2
11043| [65136] SLES9: Security update for Apache 2
11044| [65132] SLES9: Security update for apache
11045| [65131] SLES9: Security update for Apache 2 oes/CORE
11046| [65113] SLES9: Security update for apache2
11047| [65072] SLES9: Security update for apache and mod_ssl
11048| [65017] SLES9: Security update for Apache 2
11049| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11050| [64783] FreeBSD Ports: apache
11051| [64774] Ubuntu USN-802-2 (apache2)
11052| [64653] Ubuntu USN-813-2 (apache2)
11053| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11054| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11055| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11056| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11057| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11058| [64443] Ubuntu USN-802-1 (apache2)
11059| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11060| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11061| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11062| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11063| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11064| [64201] Ubuntu USN-787-1 (apache2)
11065| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11066| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11067| [63565] FreeBSD Ports: apache
11068| [63562] Ubuntu USN-731-1 (apache2)
11069| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11070| [61185] FreeBSD Ports: apache
11071| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11072| [60387] Slackware Advisory SSA:2008-045-02 apache
11073| [58826] FreeBSD Ports: apache-tomcat
11074| [58825] FreeBSD Ports: apache-tomcat
11075| [58804] FreeBSD Ports: apache
11076| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11077| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11078| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11079| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11080| [57335] Debian Security Advisory DSA 1167-1 (apache)
11081| [57201] Debian Security Advisory DSA 1131-1 (apache)
11082| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11083| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11084| [57145] FreeBSD Ports: apache
11085| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11086| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11087| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11088| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11089| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11090| [56067] FreeBSD Ports: apache
11091| [55803] Slackware Advisory SSA:2005-310-04 apache
11092| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11093| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11094| [55355] FreeBSD Ports: apache
11095| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11096| [55261] Debian Security Advisory DSA 805-1 (apache2)
11097| [55259] Debian Security Advisory DSA 803-1 (apache)
11098| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11099| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11100| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11101| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11102| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11103| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11104| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11105| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11106| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11107| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11108| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11109| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11110| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11111| [54439] FreeBSD Ports: apache
11112| [53931] Slackware Advisory SSA:2004-133-01 apache
11113| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11114| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11115| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11116| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11117| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11118| [53848] Debian Security Advisory DSA 131-1 (apache)
11119| [53784] Debian Security Advisory DSA 021-1 (apache)
11120| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11121| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11122| [53735] Debian Security Advisory DSA 187-1 (apache)
11123| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11124| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11125| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11126| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11127| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11128| [53282] Debian Security Advisory DSA 594-1 (apache)
11129| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11130| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11131| [53215] Debian Security Advisory DSA 525-1 (apache)
11132| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11133| [52529] FreeBSD Ports: apache+ssl
11134| [52501] FreeBSD Ports: apache
11135| [52461] FreeBSD Ports: apache
11136| [52390] FreeBSD Ports: apache
11137| [52389] FreeBSD Ports: apache
11138| [52388] FreeBSD Ports: apache
11139| [52383] FreeBSD Ports: apache
11140| [52339] FreeBSD Ports: apache+mod_ssl
11141| [52331] FreeBSD Ports: apache
11142| [52329] FreeBSD Ports: ru-apache+mod_ssl
11143| [52314] FreeBSD Ports: apache
11144| [52310] FreeBSD Ports: apache
11145| [15588] Detect Apache HTTPS
11146| [15555] Apache mod_proxy content-length buffer overflow
11147| [15554] Apache mod_include priviledge escalation
11148| [14771] Apache <= 1.3.33 htpasswd local overflow
11149| [14177] Apache mod_access rule bypass
11150| [13644] Apache mod_rootme Backdoor
11151| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11152| [12280] Apache Connection Blocking Denial of Service
11153| [12239] Apache Error Log Escape Sequence Injection
11154| [12123] Apache Tomcat source.jsp malformed request information disclosure
11155| [12085] Apache Tomcat servlet/JSP container default files
11156| [11438] Apache Tomcat Directory Listing and File disclosure
11157| [11204] Apache Tomcat Default Accounts
11158| [11092] Apache 2.0.39 Win32 directory traversal
11159| [11046] Apache Tomcat TroubleShooter Servlet Installed
11160| [11042] Apache Tomcat DOS Device Name XSS
11161| [11041] Apache Tomcat /servlet Cross Site Scripting
11162| [10938] Apache Remote Command Execution via .bat files
11163| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11164| [10773] MacOS X Finder reveals contents of Apache Web files
11165| [10766] Apache UserDir Sensitive Information Disclosure
11166| [10756] MacOS X Finder reveals contents of Apache Web directories
11167| [10752] Apache Auth Module SQL Insertion Attack
11168| [10704] Apache Directory Listing
11169| [10678] Apache /server-info accessible
11170| [10677] Apache /server-status accessible
11171| [10440] Check for Apache Multiple / vulnerability
11172|
11173| SecurityTracker - https://www.securitytracker.com:
11174| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11175| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11176| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11177| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11178| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11179| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11180| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11181| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11182| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11183| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11184| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11185| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11186| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11187| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11188| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11189| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11190| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11191| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11192| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11193| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11194| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11195| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11196| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11197| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11198| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11199| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11200| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11201| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11202| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11203| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11204| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11205| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11206| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11207| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11208| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11209| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11210| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11211| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11212| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11213| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11214| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11215| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11216| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11217| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11218| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11219| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11220| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11221| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11222| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11223| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11224| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11225| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11226| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11227| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11228| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11229| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11230| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11231| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11232| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11233| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11234| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11235| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11236| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11237| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11238| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11239| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11240| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11241| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11242| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11243| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11244| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11245| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11246| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11247| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11248| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11249| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11250| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11251| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11252| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11253| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11254| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11255| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11256| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11257| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11258| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11259| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11260| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11261| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11262| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11263| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11264| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11265| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11266| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11267| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11268| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11269| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11270| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11271| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11272| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11273| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11274| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11275| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11276| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11277| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11278| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11279| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11280| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11281| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11282| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11283| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11284| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11285| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11286| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11287| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11288| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11289| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11290| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11291| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11292| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11293| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11294| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11295| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11296| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11297| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11298| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11299| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11300| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11301| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11302| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11303| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11304| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11305| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11306| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11307| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11308| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11309| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11310| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11311| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11312| [1008920] Apache mod_digest May Validate Replayed Client Responses
11313| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11314| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11315| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11316| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11317| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11318| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11319| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11320| [1008029] Apache mod_alias Contains a Buffer Overflow
11321| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11322| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11323| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11324| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11325| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11326| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11327| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11328| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11329| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11330| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11331| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11332| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11333| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11334| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11335| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11336| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11337| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11338| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11339| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11340| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11341| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11342| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11343| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11344| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11345| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11346| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11347| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11348| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11349| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11350| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11351| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11352| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11353| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11354| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11355| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11356| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11357| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11358| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11359| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11360| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11361| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11362| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11363| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11364| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11365| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11366| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11367| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11368| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11369| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11370| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11371| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11372| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11373| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11374| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11375| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11376| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11377|
11378| OSVDB - http://www.osvdb.org:
11379| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11380| [96077] Apache CloudStack Global Settings Multiple Field XSS
11381| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11382| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11383| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11384| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11385| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11386| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11387| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11388| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11389| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11390| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11391| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11392| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11393| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11394| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11395| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11396| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11397| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11398| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11399| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11400| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11401| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11402| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11403| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11404| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11405| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11406| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11407| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11408| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11409| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11410| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11411| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11412| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11413| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11414| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11415| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11416| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11417| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11418| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11419| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11420| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11421| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11422| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11423| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11424| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11425| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11426| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11427| [94279] Apache Qpid CA Certificate Validation Bypass
11428| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11429| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11430| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11431| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11432| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11433| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11434| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11435| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11436| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11437| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11438| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11439| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11440| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11441| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11442| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11443| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11444| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11445| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11446| [93541] Apache Solr json.wrf Callback XSS
11447| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11448| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11449| [93520] Apache CloudStack Default SSL Key Weakness
11450| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11451| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11452| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11453| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11454| [93515] Apache HBase table.jsp name Parameter XSS
11455| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11456| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11457| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11458| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11459| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11460| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11461| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11462| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11463| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11464| [93252] Apache Tomcat FORM Authenticator Session Fixation
11465| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11466| [93171] Apache Sling HtmlResponse Error Message XSS
11467| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11468| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11469| [93168] Apache Click ErrorReport.java id Parameter XSS
11470| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11471| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11472| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11473| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11474| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11475| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11476| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11477| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11478| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11479| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11480| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11481| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11482| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11483| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11484| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11485| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11486| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11487| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11488| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11489| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11490| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11491| [93144] Apache Solr Admin Command Execution CSRF
11492| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11493| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11494| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11495| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11496| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11497| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11498| [92748] Apache CloudStack VM Console Access Restriction Bypass
11499| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11500| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11501| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11502| [92706] Apache ActiveMQ Debug Log Rendering XSS
11503| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11504| [92270] Apache Tomcat Unspecified CSRF
11505| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11506| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11507| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11508| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11509| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11510| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11511| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11512| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11513| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11514| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11515| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11516| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11517| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11518| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11519| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11520| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11521| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11522| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11523| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11524| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11525| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11526| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11527| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11528| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11529| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11530| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11531| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11532| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11533| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11534| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11535| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11536| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11537| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11538| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11539| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11540| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11541| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11542| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11543| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11544| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11545| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11546| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11547| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11548| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11549| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11550| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11551| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11552| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11553| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11554| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11555| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11556| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11557| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11558| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11559| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11560| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11561| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11562| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11563| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11564| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11565| [86901] Apache Tomcat Error Message Path Disclosure
11566| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11567| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11568| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11569| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11570| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11571| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11572| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11573| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11574| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11575| [85430] Apache mod_pagespeed Module Unspecified XSS
11576| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11577| [85249] Apache Wicket Unspecified XSS
11578| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11579| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11580| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11581| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11582| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11583| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11584| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11585| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11586| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11587| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11588| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11589| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11590| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11591| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11592| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11593| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11594| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11595| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11596| [83339] Apache Roller Blogger Roll Unspecified XSS
11597| [83270] Apache Roller Unspecified Admin Action CSRF
11598| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11599| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11600| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11601| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11602| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11603| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11604| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11605| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11606| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11607| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11608| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11609| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11610| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11611| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11612| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11613| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11614| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11615| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11616| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11617| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11618| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11619| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11620| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11621| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11622| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11623| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11624| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11625| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11626| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11627| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11628| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11629| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11630| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11631| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11632| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11633| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11634| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11635| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11636| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11637| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11638| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11639| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11640| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11641| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11642| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11643| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11644| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11645| [77593] Apache Struts Conversion Error OGNL Expression Injection
11646| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11647| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11648| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11649| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11650| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11651| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11652| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11653| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11654| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11655| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11656| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11657| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11658| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11659| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11660| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11661| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11662| [74725] Apache Wicket Multi Window Support Unspecified XSS
11663| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11664| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11665| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11666| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11667| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11668| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11669| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11670| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11671| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11672| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11673| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11674| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11675| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11676| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11677| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11678| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11679| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11680| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11681| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11682| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11683| [73154] Apache Archiva Multiple Unspecified CSRF
11684| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11685| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11686| [72238] Apache Struts Action / Method Names <
11687| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11688| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11689| [71557] Apache Tomcat HTML Manager Multiple XSS
11690| [71075] Apache Archiva User Management Page XSS
11691| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11692| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11693| [70924] Apache Continuum Multiple Admin Function CSRF
11694| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11695| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11696| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11697| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11698| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11699| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11700| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11701| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11702| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11703| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11704| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11705| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11706| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11707| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11708| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11709| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11710| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11711| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11712| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11713| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11714| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11715| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11716| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11717| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11718| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11719| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11720| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11721| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11722| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11723| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11724| [65054] Apache ActiveMQ Jetty Error Handler XSS
11725| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11726| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11727| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11728| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11729| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11730| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11731| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11732| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11733| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11734| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11735| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11736| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11737| [63895] Apache HTTP Server mod_headers Unspecified Issue
11738| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11739| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11740| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11741| [63140] Apache Thrift Service Malformed Data Remote DoS
11742| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11743| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11744| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11745| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11746| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11747| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11748| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11749| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11750| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11751| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11752| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11753| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11754| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11755| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11756| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11757| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11758| [60678] Apache Roller Comment Email Notification Manipulation DoS
11759| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11760| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11761| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11762| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11763| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11764| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11765| [60232] PHP on Apache php.exe Direct Request Remote DoS
11766| [60176] Apache Tomcat Windows Installer Admin Default Password
11767| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11768| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11769| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11770| [59944] Apache Hadoop jobhistory.jsp XSS
11771| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11772| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11773| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11774| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11775| [59019] Apache mod_python Cookie Salting Weakness
11776| [59018] Apache Harmony Error Message Handling Overflow
11777| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11778| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11779| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11780| [59010] Apache Solr get-file.jsp XSS
11781| [59009] Apache Solr action.jsp XSS
11782| [59008] Apache Solr analysis.jsp XSS
11783| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11784| [59006] Apache Beehive select / checkbox Tag XSS
11785| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11786| [59004] Apache Beehive Error Message XSS
11787| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11788| [59002] Apache Jetspeed default-page.psml URI XSS
11789| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11790| [59000] Apache CXF Unsigned Message Policy Bypass
11791| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11792| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11793| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11794| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11795| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11796| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11797| [58993] Apache Hadoop browseBlock.jsp XSS
11798| [58991] Apache Hadoop browseDirectory.jsp XSS
11799| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11800| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11801| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11802| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11803| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11804| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11805| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11806| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11807| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11808| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11809| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11810| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11811| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11812| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11813| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11814| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11815| [58974] Apache Sling /apps Script User Session Management Access Weakness
11816| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11817| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11818| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11819| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11820| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11821| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11822| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11823| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11824| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11825| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11826| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11827| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11828| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11829| [58805] Apache Derby Unauthenticated Database / Admin Access
11830| [58804] Apache Wicket Header Contribution Unspecified Issue
11831| [58803] Apache Wicket Session Fixation
11832| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11833| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11834| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11835| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11836| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11837| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11838| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11839| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11840| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11841| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11842| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11843| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11844| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11845| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11846| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11847| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11848| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11849| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11850| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11851| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11852| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11853| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11854| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11855| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11856| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11857| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11858| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11859| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11860| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11861| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11862| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11863| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11864| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11865| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11866| [58755] Apache Harmony DRLVM Non-public Class Member Access
11867| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11868| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11869| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11870| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11871| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11872| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11873| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11874| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11875| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11876| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
11877| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
11878| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
11879| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
11880| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
11881| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
11882| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
11883| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
11884| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
11885| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
11886| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
11887| [58725] Apache Tapestry Basic String ACL Bypass Weakness
11888| [58724] Apache Roller Logout Functionality Failure Session Persistence
11889| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
11890| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
11891| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
11892| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
11893| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
11894| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
11895| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
11896| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
11897| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
11898| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
11899| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
11900| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
11901| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
11902| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
11903| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
11904| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
11905| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
11906| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
11907| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
11908| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
11909| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
11910| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
11911| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
11912| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
11913| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
11914| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
11915| [58687] Apache Axis Invalid wsdl Request XSS
11916| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
11917| [58685] Apache Velocity Template Designer Privileged Code Execution
11918| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
11919| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
11920| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
11921| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
11922| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
11923| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
11924| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
11925| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
11926| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
11927| [58667] Apache Roller Database Cleartext Passwords Disclosure
11928| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
11929| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
11930| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
11931| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
11932| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
11933| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
11934| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
11935| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
11936| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
11937| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
11938| [56984] Apache Xerces2 Java Malformed XML Input DoS
11939| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
11940| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
11941| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
11942| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
11943| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
11944| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
11945| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
11946| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
11947| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
11948| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
11949| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
11950| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
11951| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
11952| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
11953| [55056] Apache Tomcat Cross-application TLD File Manipulation
11954| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
11955| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
11956| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
11957| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
11958| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
11959| [54589] Apache Jserv Nonexistent JSP Request XSS
11960| [54122] Apache Struts s:a / s:url Tag href Element XSS
11961| [54093] Apache ActiveMQ Web Console JMS Message XSS
11962| [53932] Apache Geronimo Multiple Admin Function CSRF
11963| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
11964| [53930] Apache Geronimo /console/portal/ URI XSS
11965| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
11966| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
11967| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
11968| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
11969| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
11970| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
11971| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
11972| [53380] Apache Struts Unspecified XSS
11973| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
11974| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
11975| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
11976| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
11977| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
11978| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
11979| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
11980| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
11981| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
11982| [51151] Apache Roller Search Function q Parameter XSS
11983| [50482] PHP with Apache php_value Order Unspecified Issue
11984| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
11985| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
11986| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
11987| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
11988| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
11989| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
11990| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
11991| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
11992| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
11993| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
11994| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
11995| [47096] Oracle Weblogic Apache Connector POST Request Overflow
11996| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
11997| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
11998| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
11999| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12000| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12001| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12002| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12003| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12004| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12005| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12006| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12007| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12008| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12009| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12010| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12011| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12012| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12013| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12014| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12015| [43452] Apache Tomcat HTTP Request Smuggling
12016| [43309] Apache Geronimo LoginModule Login Method Bypass
12017| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12018| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12019| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12020| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12021| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12022| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12023| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12024| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12025| [42091] Apache Maven Site Plugin Installation Permission Weakness
12026| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12027| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12028| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12029| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12030| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12031| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12032| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12033| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12034| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12035| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12036| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12037| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12038| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12039| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12040| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12041| [40262] Apache HTTP Server mod_status refresh XSS
12042| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12043| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12044| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12045| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12046| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12047| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12048| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12049| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12050| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12051| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12052| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12053| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12054| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12055| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12056| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12057| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12058| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12059| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12060| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12061| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12062| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12063| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12064| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12065| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12066| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12067| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12068| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12069| [36079] Apache Tomcat Manager Uploaded Filename XSS
12070| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12071| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12072| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12073| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12074| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12075| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12076| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12077| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12078| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12079| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12080| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12081| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12082| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12083| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12084| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12085| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12086| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12087| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12088| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12089| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12090| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12091| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12092| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12093| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12094| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12095| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12096| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12097| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12098| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12099| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12100| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12101| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12102| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12103| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12104| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12105| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12106| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12107| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12108| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12109| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12110| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12111| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12112| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12113| [24365] Apache Struts Multiple Function Error Message XSS
12114| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12115| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12116| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12117| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12118| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12119| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12120| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12121| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12122| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12123| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12124| [22459] Apache Geronimo Error Page XSS
12125| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12126| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12127| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12128| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12129| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12130| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12131| [21021] Apache Struts Error Message XSS
12132| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12133| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12134| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12135| [20439] Apache Tomcat Directory Listing Saturation DoS
12136| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12137| [20285] Apache HTTP Server Log File Control Character Injection
12138| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12139| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12140| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12141| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12142| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12143| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12144| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12145| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12146| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12147| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12148| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12149| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12150| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12151| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12152| [18233] Apache HTTP Server htdigest user Variable Overfow
12153| [17738] Apache HTTP Server HTTP Request Smuggling
12154| [16586] Apache HTTP Server Win32 GET Overflow DoS
12155| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12156| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12157| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12158| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12159| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12160| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12161| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12162| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12163| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12164| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12165| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12166| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12167| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12168| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12169| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12170| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12171| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12172| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12173| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12174| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12175| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12176| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12177| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12178| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12179| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12180| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12181| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12182| [13304] Apache Tomcat realPath.jsp Path Disclosure
12183| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12184| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12185| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12186| [12848] Apache HTTP Server htdigest realm Variable Overflow
12187| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12188| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12189| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12190| [12557] Apache HTTP Server prefork MPM accept Error DoS
12191| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12192| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12193| [12231] Apache Tomcat web.xml Arbitrary File Access
12194| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12195| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12196| [12178] Apache Jakarta Lucene results.jsp XSS
12197| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12198| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12199| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12200| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12201| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12202| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12203| [10471] Apache Xerces-C++ XML Parser DoS
12204| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12205| [10068] Apache HTTP Server htpasswd Local Overflow
12206| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12207| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12208| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12209| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12210| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12211| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12212| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12213| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12214| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12215| [9714] Apache Authentication Module Threaded MPM DoS
12216| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12217| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12218| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12219| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12220| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12221| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12222| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12223| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12224| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12225| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12226| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12227| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12228| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12229| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12230| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12231| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12232| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12233| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12234| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12235| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12236| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12237| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12238| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12239| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12240| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12241| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12242| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12243| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12244| [9208] Apache Tomcat .jsp Encoded Newline XSS
12245| [9204] Apache Tomcat ROOT Application XSS
12246| [9203] Apache Tomcat examples Application XSS
12247| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12248| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12249| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12250| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12251| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12252| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12253| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12254| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12255| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12256| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12257| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12258| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12259| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12260| [7611] Apache HTTP Server mod_alias Local Overflow
12261| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12262| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12263| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12264| [6882] Apache mod_python Malformed Query String Variant DoS
12265| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12266| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12267| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12268| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12269| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12270| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12271| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12272| [5278] Apache Tomcat web.xml Restriction Bypass
12273| [5051] Apache Tomcat Null Character DoS
12274| [4973] Apache Tomcat servlet Mapping XSS
12275| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12276| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12277| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12278| [4568] mod_survey For Apache ENV Tags SQL Injection
12279| [4553] Apache HTTP Server ApacheBench Overflow DoS
12280| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12281| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12282| [4383] Apache HTTP Server Socket Race Condition DoS
12283| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12284| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12285| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12286| [4231] Apache Cocoon Error Page Server Path Disclosure
12287| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12288| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12289| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12290| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12291| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12292| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12293| [3322] mod_php for Apache HTTP Server Process Hijack
12294| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12295| [2885] Apache mod_python Malformed Query String DoS
12296| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12297| [2733] Apache HTTP Server mod_rewrite Local Overflow
12298| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12299| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12300| [2149] Apache::Gallery Privilege Escalation
12301| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12302| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12303| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12304| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12305| [872] Apache Tomcat Multiple Default Accounts
12306| [862] Apache HTTP Server SSI Error Page XSS
12307| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12308| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12309| [845] Apache Tomcat MSDOS Device XSS
12310| [844] Apache Tomcat Java Servlet Error Page XSS
12311| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12312| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12313| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12314| [775] Apache mod_python Module Importing Privilege Function Execution
12315| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12316| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12317| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12318| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12319| [637] Apache HTTP Server UserDir Directive Username Enumeration
12320| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12321| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12322| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12323| [561] Apache Web Servers mod_status /server-status Information Disclosure
12324| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12325| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12326| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12327| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12328| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12329| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12330| [376] Apache Tomcat contextAdmin Arbitrary File Access
12331| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12332| [222] Apache HTTP Server test-cgi Arbitrary File Access
12333| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12334| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12335|_
12336445/tcp closed microsoft-ds
12337465/tcp open ssl/smtp Exim smtpd 4.92
12338| vulscan: VulDB - https://vuldb.com:
12339| [141327] Exim up to 4.92.1 Backslash privilege escalation
12340| [138827] Exim up to 4.92 Expansion Code Execution
12341| [135932] Exim up to 4.92 privilege escalation
12342| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
12343|
12344| MITRE CVE - https://cve.mitre.org:
12345| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
12346| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
12347| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
12348| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
12349| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
12350| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
12351| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
12352| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
12353| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
12354| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
12355| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
12356| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
12357| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
12358| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
12359| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
12360| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
12361|
12362| SecurityFocus - https://www.securityfocus.com/bid/:
12363| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
12364| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
12365| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
12366| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
12367| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
12368| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
12369| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
12370| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
12371| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
12372| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
12373| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
12374| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
12375| [45308] Exim Crafted Header Remote Code Execution Vulnerability
12376| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
12377| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
12378| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
12379| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
12380| [17110] sa-exim Unauthorized File Access Vulnerability
12381| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
12382| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
12383| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
12384| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
12385| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
12386| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
12387| [6314] Exim Internet Mailer Format String Vulnerability
12388| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
12389| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
12390| [2828] Exim Format String Vulnerability
12391| [1859] Exim Buffer Overflow Vulnerability
12392|
12393| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12394| [84758] Exim sender_address parameter command execution
12395| [84015] Exim command execution
12396| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
12397| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
12398| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
12399| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
12400| [67455] Exim DKIM processing code execution
12401| [67299] Exim dkim_exim_verify_finish() format string
12402| [65028] Exim open_log privilege escalation
12403| [63967] Exim config file privilege escalation
12404| [63960] Exim header buffer overflow
12405| [59043] Exim mail directory privilege escalation
12406| [59042] Exim MBX symlink
12407| [52922] ikiwiki teximg plugin information disclosure
12408| [34265] Exim spamd buffer overflow
12409| [25286] Sa-exim greylistclean.cron file deletion
12410| [22687] RHSA-2005:025 updates for exim not installed
12411| [18901] Exim dns_build_reverse buffer overflow
12412| [18764] Exim spa_base64_to_bits function buffer overflow
12413| [18763] Exim host_aton buffer overflow
12414| [16079] Exim require_verify buffer overflow
12415| [16077] Exim header_check_syntax buffer overflow
12416| [16075] Exim sender_verify buffer overflow
12417| [13067] Exim HELO or EHLO command heap overflow
12418| [10761] Exim daemon.c format string
12419| [8194] Exim configuration file -c command-line argument buffer overflow
12420| [7738] Exim allows attacker to hide commands in localhost names using pipes
12421| [6671] Exim "
12422| [1893] Exim MTA allows local users to gain root privileges
12423|
12424| Exploit-DB - https://www.exploit-db.com:
12425| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
12426| [15725] Exim 4.63 Remote Root Exploit
12427| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
12428| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
12429| [796] Exim <= 4.42 Local Root Exploit
12430| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
12431|
12432| OpenVAS (Nessus) - http://www.openvas.org:
12433| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
12434|
12435| SecurityTracker - https://www.securitytracker.com:
12436| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
12437| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
12438| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
12439| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
12440| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
12441| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
12442| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
12443| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
12444| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
12445| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
12446| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
12447| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
12448|
12449| OSVDB - http://www.osvdb.org:
12450| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
12451| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
12452| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
12453| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
12454| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
12455| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
12456| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
12457| [70696] Exim log.c open_log() Function Local Privilege Escalation
12458| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
12459| [69685] Exim string_format Function Remote Overflow
12460| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
12461| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
12462| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
12463| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
12464| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
12465| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
12466| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
12467| [12726] Exim -be Command Line Option host_aton Function Local Overflow
12468| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
12469| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
12470| [10032] libXpm CreateXImage Function Integer Overflow
12471| [7160] Exim .forward :include: Option Privilege Escalation
12472| [6479] Vexim COOKIE Authentication Credential Disclosure
12473| [6478] Vexim Multiple Parameter SQL Injection
12474| [5930] Exim Parenthesis File Name Filter Bypass
12475| [5897] Exim header_syntax Function Remote Overflow
12476| [5896] Exim sender_verify Function Remote Overflow
12477| [5530] Exim Localhost Name Arbitrary Command Execution
12478| [5330] Exim Configuration File Variable Overflow
12479| [1855] Exim Batched SMTP Mail Header Format String
12480|_
12481587/tcp open smtp Exim smtpd 4.92
12482| vulscan: VulDB - https://vuldb.com:
12483| [141327] Exim up to 4.92.1 Backslash privilege escalation
12484| [138827] Exim up to 4.92 Expansion Code Execution
12485| [135932] Exim up to 4.92 privilege escalation
12486| [113048] Exim up to 4.90 SMTP Listener Message memory corruption
12487|
12488| MITRE CVE - https://cve.mitre.org:
12489| [CVE-2012-5671] Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.
12490| [CVE-2012-0478] The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page.
12491| [CVE-2011-1764] Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.
12492| [CVE-2011-1407] The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.
12493| [CVE-2011-0017] The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.
12494| [CVE-2010-4345] Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
12495| [CVE-2010-4344] Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
12496| [CVE-2010-2024] transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
12497| [CVE-2010-2023] transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
12498| [CVE-2006-1251] Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.
12499| [CVE-2005-0022] Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.
12500| [CVE-2005-0021] Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
12501| [CVE-2004-0400] Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
12502| [CVE-2004-0399] Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
12503| [CVE-2003-0743] Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.
12504| [CVE-2002-1381] Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
12505|
12506| SecurityFocus - https://www.securityfocus.com/bid/:
12507| [103049] Exim 'base64d()' Function Buffer Overflow Vulnerability
12508| [99252] Exim CVE-2017-1000369 Local Privilege Escalation Vulnerability
12509| [94947] Exim CVE-2016-9963 Unspecified Information Disclosure Vulnerability
12510| [84132] Exim CVE-2016-1531 Local Privilege Escalation Vulnerability
12511| [68857] Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
12512| [67695] Exim 'dmarc.c' Remote Code Execution Vulnerability
12513| [60465] Exim for Dovecot 'use_shell' Remote Command Execution Vulnerability
12514| [56285] Exim DKIM DNS Decoding CVE-2012-5671 Remote Buffer Overflow Vulnerability
12515| [47836] Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
12516| [47736] Exim 'dkim_exim_verify_finish()' Remote Format String Vulnerability
12517| [46065] Exim 'log.c' Local Privilege Escalation Vulnerability
12518| [45341] Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
12519| [45308] Exim Crafted Header Remote Code Execution Vulnerability
12520| [40454] Exim MBX Locking Insecure Temporary File Creation Vulnerability
12521| [40451] Exim Sticky Mail Directory Local Privilege Escalation Vulnerability
12522| [36181] ikiwiki 'teximg' Plugin Insecure TeX Commands Information Disclosure Vulnerability
12523| [23977] Exim SpamAssassin Reply Remote Buffer Overflow Vulnerability
12524| [17110] sa-exim Unauthorized File Access Vulnerability
12525| [12268] Exim IP Address Command Line Argument Local Buffer Overflow Vulnerability
12526| [12188] Exim SPA Authentication Remote Buffer Overflow Vulnerability
12527| [12185] Exim Illegal IPv6 Address Buffer Overflow Vulnerability
12528| [10291] Exim Header Syntax Checking Remote Stack Buffer Overrun Vulnerability
12529| [10290] Exim Sender Verification Remote Stack Buffer Overrun Vulnerability
12530| [8518] Exim EHLO/HELO Remote Heap Corruption Vulnerability
12531| [6314] Exim Internet Mailer Format String Vulnerability
12532| [4096] Exim Configuration File Argument Command Line Buffer Overflow Vulnerability
12533| [3728] Exim Pipe Hostname Arbitrary Command Execution Vulnerability
12534| [2828] Exim Format String Vulnerability
12535| [1859] Exim Buffer Overflow Vulnerability
12536|
12537| IBM X-Force - https://exchange.xforce.ibmcloud.com:
12538| [84758] Exim sender_address parameter command execution
12539| [84015] Exim command execution
12540| [80186] Mozilla Firefox, Thunderbird, and SeaMonkey copyTexImage2D code execution
12541| [80184] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D calls code execution
12542| [79615] Exim dkim_exim_query_dns_txt() buffer overflow
12543| [75155] Mozilla Firefox, Thunderbird, and SeaMonkey texImage2D denial of service
12544| [67455] Exim DKIM processing code execution
12545| [67299] Exim dkim_exim_verify_finish() format string
12546| [65028] Exim open_log privilege escalation
12547| [63967] Exim config file privilege escalation
12548| [63960] Exim header buffer overflow
12549| [59043] Exim mail directory privilege escalation
12550| [59042] Exim MBX symlink
12551| [52922] ikiwiki teximg plugin information disclosure
12552| [34265] Exim spamd buffer overflow
12553| [25286] Sa-exim greylistclean.cron file deletion
12554| [22687] RHSA-2005:025 updates for exim not installed
12555| [18901] Exim dns_build_reverse buffer overflow
12556| [18764] Exim spa_base64_to_bits function buffer overflow
12557| [18763] Exim host_aton buffer overflow
12558| [16079] Exim require_verify buffer overflow
12559| [16077] Exim header_check_syntax buffer overflow
12560| [16075] Exim sender_verify buffer overflow
12561| [13067] Exim HELO or EHLO command heap overflow
12562| [10761] Exim daemon.c format string
12563| [8194] Exim configuration file -c command-line argument buffer overflow
12564| [7738] Exim allows attacker to hide commands in localhost names using pipes
12565| [6671] Exim "
12566| [1893] Exim MTA allows local users to gain root privileges
12567|
12568| Exploit-DB - https://www.exploit-db.com:
12569| [16925] Exim4 <= 4.69 - string_format Function Heap Buffer Overflow
12570| [15725] Exim 4.63 Remote Root Exploit
12571| [1009] Exim <= 4.41 dns_build_reverse Local Exploit
12572| [812] Exim <= 4.43 auth_spa_server() Remote PoC Exploit
12573| [796] Exim <= 4.42 Local Root Exploit
12574| [756] Exim <= 4.41 dns_build_reverse Local Exploit PoC
12575|
12576| OpenVAS (Nessus) - http://www.openvas.org:
12577| [100663] Exim < 4.72 RC2 Multiple Vulnerabilities
12578|
12579| SecurityTracker - https://www.securitytracker.com:
12580| [1025539] Exim DKIM Processing Flaw Lets Remote Users Execute Arbitrary Code
12581| [1025504] Exim DKIM Signature Format String Flaw Lets Remote Users Execute Arbitrary Code
12582| [1024859] Exim Configuration File Capability Lets Local Users Gain Elevated Privileges
12583| [1024858] Exim Buffer Overfow in string_format() Lets Remote Users Execute Arbitrary Code
12584| [1012904] Exim Buffer Overflow in dns_build_reverse() Lets Local Users Obtain Elevated Privileges
12585| [1012771] Exim Buffer Overflows in host_aton() and spa_base64_to_bits() May Let Local Users Gain Elevated Privileges
12586| [1010081] Exim Buffer Overflows in 'accept.c' and 'verify.c' Let Remote Users Execute Arbitrary Code
12587| [1007609] Exim Heap Overflow in 'smtp_in.c' May Allow Remote Arbitrary Code Execution
12588| [1005756] Exim Mail Server Format String Bug Lets Local Exim Administrators Execute Arbitrary Code With Root Privileges
12589| [1003547] Potential Bug in Exim Mail Server May Let Local Users Execute Code With Root Privileges
12590| [1003014] Exim Mail Server Pipe Address Validation Error May Let Remote Users Execute Arbitrary Code With Root Privileges in a Certain Configuration
12591| [1001694] Exim Mail Server May Allow Remote Users to Execute Arbitrary Code with Root-Level Privileges on the Server
12592|
12593| OSVDB - http://www.osvdb.org:
12594| [93004] Dovecot with Exim sender_address Parameter Remote Command Execution
12595| [87599] Mozilla Multiple Product copyTexImage2D Call Image Dimension Handling Memory Corruption
12596| [87581] Mozilla Multiple Product texImage2D Call Handling Memory Corruption
12597| [86616] Exim src/dkim.c dkim_exim_query_dns_txt() Function DNS Record Parsing Remote Overflow
12598| [81523] Mozilla Multiple Product WebGL texImage2D() Function JSVAL_TO_OBJECT Remote Code Execution
12599| [72642] Exim DKIM Identity Lookup Item Remote Code Execution
12600| [72156] Exim src/dkim.c dkim_exim_verify_finish() Function DKIM-Signature Header Format String
12601| [70696] Exim log.c open_log() Function Local Privilege Escalation
12602| [69860] Exim exim User Account Configuration File Directive Local Privilege Escalation
12603| [69685] Exim string_format Function Remote Overflow
12604| [65159] Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
12605| [65158] Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
12606| [57575] teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
12607| [23849] sa-exim greylistclean.cron Arbitrary File Deletion
12608| [13073] Oracle Database Server Advanced Queuing Component dbms_transform_eximp Unspecified Security Issue
12609| [12946] Exim -bh Command Line Option dns_build_reverse Function Local Overflow
12610| [12727] Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
12611| [12726] Exim -be Command Line Option host_aton Function Local Overflow
12612| [10877] Exim smtp_in.c HELO/EHLO Remote Overflow
12613| [10360] Exim daemon.c pid_file_path Variable Manipulation Arbitrary Command Execution
12614| [10032] libXpm CreateXImage Function Integer Overflow
12615| [7160] Exim .forward :include: Option Privilege Escalation
12616| [6479] Vexim COOKIE Authentication Credential Disclosure
12617| [6478] Vexim Multiple Parameter SQL Injection
12618| [5930] Exim Parenthesis File Name Filter Bypass
12619| [5897] Exim header_syntax Function Remote Overflow
12620| [5896] Exim sender_verify Function Remote Overflow
12621| [5530] Exim Localhost Name Arbitrary Command Execution
12622| [5330] Exim Configuration File Variable Overflow
12623| [1855] Exim Batched SMTP Mail Header Format String
12624|_
12625993/tcp open imaps?
12626995/tcp open pop3s?
12627#################################################################################################
12628[INFO] ------TARGET info------
12629[*] TARGET: http://www.municipalidaddeantofagasta.cl/
12630[*] TARGET IP: 190.113.1.104
12631[INFO] NO load balancer detected for www.municipalidaddeantofagasta.cl...
12632[*] DNS servers: municipalidaddeantofagasta.cl.
12633[*] TARGET server: Apache
12634[*] CC: CL
12635[*] Country: Chile
12636[*] RegionCode: VS
12637[*] RegionName: Region de Valparaiso
12638[*] City: Viña del Mar
12639[*] ASN: AS22860
12640[*] BGP_PREFIX: 190.113.0.0/19
12641[*] ISP: SERVICIOS INTERNET LTDA, CL
12642[INFO] DNS enumeration:
12643[*] ftp.municipalidaddeantofagasta.cl municipalidaddeantofagasta.cl. 190.113.1.104
12644[*] mail.municipalidaddeantofagasta.cl municipalidaddeantofagasta.cl. 190.113.1.104
12645[*] webmail.municipalidaddeantofagasta.cl 190.113.1.104
12646[*] www2.municipalidaddeantofagasta.cl 190.113.1.104
12647[INFO] Possible abuse mails are:
12648[*] abuse@municipalidaddeantofagasta.cl
12649[*] abuse@www.municipalidaddeantofagasta.cl
12650[*] lacnic@tecnoera.com
12651[INFO] NO PAC (Proxy Auto Configuration) file FOUND
12652[ALERT] robots.txt file FOUND in http://www.municipalidaddeantofagasta.cl/robots.txt
12653[INFO] Checking for HTTP status codes recursively from http://www.municipalidaddeantofagasta.cl/robots.txt
12654[INFO] Status code Folders
12655[INFO] Starting FUZZing in http://www.municipalidaddeantofagasta.cl/FUzZzZzZzZz...
12656[INFO] Status code Folders
12657[*] 200 http://www.municipalidaddeantofagasta.cl/images
12658[ALERT] Look in the source code. It may contain passwords
12659[INFO] Links found from http://www.municipalidaddeantofagasta.cl/ http://190.113.1.104/:
12660[*] http://190.113.1.104/cgi-sys/defaultwebpage.cgi
12661cut: intervalle de champ incorrecte
12662Saisissez « cut --help » pour plus d'informations.
12663[INFO] Shodan detected the following opened ports on 190.113.1.104:
12664[*] 1
12665[*] 110
12666[*] 2082
12667[*] 2083
12668[*] 2086
12669[*] 2087
12670[*] 2095
12671[*] 2096
12672[*] 21
12673[*] 26
12674[*] 4
12675[*] 443
12676[*] 465
12677[*] 53
12678[*] 587
12679[*] 80
12680[*] 993
12681[INFO] ------VirusTotal SECTION------
12682[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
12683[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
12684[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
12685[INFO] ------Alexa Rank SECTION------
12686[INFO] Percent of Visitors Rank in Country:
12687[INFO] Percent of Search Traffic:
12688[INFO] Percent of Unique Visits:
12689[INFO] Total Sites Linking In:
12690[*] Total Sites
12691[INFO] Useful links related to www.municipalidaddeantofagasta.cl - 190.113.1.104:
12692[*] https://www.virustotal.com/pt/ip-address/190.113.1.104/information/
12693[*] https://www.hybrid-analysis.com/search?host=190.113.1.104
12694[*] https://www.shodan.io/host/190.113.1.104
12695[*] https://www.senderbase.org/lookup/?search_string=190.113.1.104
12696[*] https://www.alienvault.com/open-threat-exchange/ip/190.113.1.104
12697[*] http://pastebin.com/search?q=190.113.1.104
12698[*] http://urlquery.net/search.php?q=190.113.1.104
12699[*] http://www.alexa.com/siteinfo/www.municipalidaddeantofagasta.cl
12700[*] http://www.google.com/safebrowsing/diagnostic?site=www.municipalidaddeantofagasta.cl
12701[*] https://censys.io/ipv4/190.113.1.104
12702[*] https://www.abuseipdb.com/check/190.113.1.104
12703[*] https://urlscan.io/search/#190.113.1.104
12704[*] https://github.com/search?q=190.113.1.104&type=Code
12705[INFO] Useful links related to AS22860 - 190.113.0.0/19:
12706[*] http://www.google.com/safebrowsing/diagnostic?site=AS:22860
12707[*] https://www.senderbase.org/lookup/?search_string=190.113.0.0/19
12708[*] http://bgp.he.net/AS22860
12709[*] https://stat.ripe.net/AS22860
12710[INFO] Date: 14/12/19 | Time: 14:37:46
12711[INFO] Total time: 1 minute(s) and 45 second(s)
12712#################################################################################################
12713[+] FireWall Detector
12714[++] Firewall not detected
12715
12716[+] Detecting Joomla Version
12717[++] Joomla 3.8.8
12718
12719[+] Core Joomla Vulnerability
12720[++] Target Joomla core is not vulnerable
12721
12722[+] Checking apache info/status files
12723[++] Readable info/status files are not found
12724
12725[+] admin finder
12726[++] Admin page : http://www.municipalidaddeantofagasta.cl/administrator/
12727
12728[+] Checking robots.txt existing
12729[++] robots.txt is found
12730path : http://www.municipalidaddeantofagasta.cl/robots.txt
12731
12732Interesting path found from robots.txt
12733http://www.municipalidaddeantofagasta.cl/
12734http://www.municipalidaddeantofagasta.cl/
12735http://www.municipalidaddeantofagasta.cl/
12736http://www.municipalidaddeantofagasta.cl/
12737http://www.municipalidaddeantofagasta.cl/
12738http://www.municipalidaddeantofagasta.cl/
12739
12740
12741[+] Finding common backup files name
12742[++] Backup files are not found
12743
12744[+] Finding common log files name
12745[++] error log is not found
12746
12747[+] Checking sensitive config.php.x file
12748[++] Readable config files are not found
12749##################################################################################################
12750[-] Target: http://www.municipalidaddeantofagasta.cl (190.113.1.104)
12751[M] Website Not in HTTPS: http://www.municipalidaddeantofagasta.cl
12752[I] Server: Apache
12753[I] X-Powered-By: PHP/5.6.40
12754[L] X-Frame-Options: Not Enforced
12755[I] Strict-Transport-Security: Not Enforced
12756[I] X-Content-Security-Policy: Not Enforced
12757[I] X-Content-Type-Options: Not Enforced
12758[L] Robots.txt Found: http://www.municipalidaddeantofagasta.cl/robots.txt
12759[I] CMS Detection: Joomla
12760[I] Joomla Version: 3.8.8
12761[M] EDB-ID: 46710 "Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion"
12762[M] EDB-ID: 46200 "Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings"
12763[M] EDB-ID: 47632 "Joomla 3.9.13 - 'Host' Header Injection"
12764[I] Joomla Website Template: home-muni_antofagasta
12765[I] Joomla Website Template: system
12766[I] Autocomplete Off Not Found: http://www.municipalidaddeantofagasta.cl/administrator/index.php
12767[-] Joomla Default Files:
12768[-] Joomla is likely to have a large number of default files
12769[-] Would you like to list them all?
12770[y/N]: y
12771[I] http://www.municipalidaddeantofagasta.cl/LICENSE.txt
12772[I] http://www.municipalidaddeantofagasta.cl/README.txt
12773[I] http://www.municipalidaddeantofagasta.cl/administrator/cache/index.html
12774[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-01.sql
12775[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/others/mysql/utf8mb4-conversion-02.sql
12776[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-06.sql
12777[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-16.sql
12778[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-19.sql
12779[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-20.sql
12780[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-1.sql
12781[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-21-2.sql
12782[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-22.sql
12783[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-23.sql
12784[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2011-12-24.sql
12785[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-10.sql
12786[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.0-2012-01-14.sql
12787[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.1-2012-01-26.sql
12788[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.2-2012-03-05.sql
12789[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.3-2012-03-13.sql
12790[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-18.sql
12791[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.4-2012-03-19.sql
12792[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.5.sql
12793[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.6.sql
12794[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/2.5.7.sql
12795[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.0.0.sql
12796[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.0.1.sql
12797[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.0.2.sql
12798[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.0.3.sql
12799[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.0.sql
12800[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.1.sql
12801[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.2.sql
12802[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.3.sql
12803[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.4.sql
12804[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.1.5.sql
12805[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.0.sql
12806[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.1.sql
12807[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2013-12-22.sql
12808[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2013-12-28.sql
12809[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2014-01-08.sql
12810[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2014-01-15.sql
12811[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2014-01-18.sql
12812[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.2-2014-01-23.sql
12813[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.2.3-2014-02-20.sql
12814[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.3.0-2014-02-16.sql
12815[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.3.0-2014-04-02.sql
12816[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.3.4-2014-08-03.sql
12817[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.3.6-2014-09-30.sql
12818[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-08-24.sql
12819[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-09-01.sql
12820[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-09-16.sql
12821[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-10-20.sql
12822[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2014-12-03.sql
12823[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2015-01-21.sql
12824[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.4.0-2015-02-26.sql
12825[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-07-01.sql
12826[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-10-13.sql
12827[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-10-26.sql
12828[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-10-30.sql
12829[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-11-04.sql
12830[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2015-11-05.sql
12831[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2016-02-26.sql
12832[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.0-2016-03-01.sql
12833[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.1-2016-03-25.sql
12834[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.5.1-2016-03-29.sql
12835[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-04-01.sql
12836[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-04-06.sql
12837[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-04-08.sql
12838[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-04-09.sql
12839[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-05-06.sql
12840[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-06-01.sql
12841[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.0-2016-06-05.sql
12842[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.3-2016-08-15.sql
12843[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.6.3-2016-08-16.sql
12844[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-08-06.sql
12845[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-08-22.sql
12846[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-08-29.sql
12847[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-09-29.sql
12848[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-10-01.sql
12849[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-10-02.sql
12850[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-11-04.sql
12851[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-11-19.sql
12852[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-11-21.sql
12853[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-11-24.sql
12854[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2016-11-27.sql
12855[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-01-08.sql
12856[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-01-09.sql
12857[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-01-15.sql
12858[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-01-17.sql
12859[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-01-31.sql
12860[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-02-02.sql
12861[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-02-15.sql
12862[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-02-17.sql
12863[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-03-03.sql
12864[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-03-09.sql
12865[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-03-19.sql
12866[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-04-10.sql
12867[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.0-2017-04-19.sql
12868[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.3-2017-06-03.sql
12869[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.7.4-2017-07-05.sql
12870[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.0-2017-07-28.sql
12871[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.0-2017-07-31.sql
12872[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.2-2017-10-14.sql
12873[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.4-2018-01-16.sql
12874[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.6-2018-02-14.sql
12875[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.8-2018-05-18.sql
12876[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.8.9-2018-06-19.sql
12877[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-02.sql
12878[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-03.sql
12879[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-05.sql
12880[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-19.sql
12881[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-20.sql
12882[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-24.sql
12883[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-05-27.sql
12884[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-06-02.sql
12885[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-06-12.sql
12886[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-06-13.sql
12887[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-06-14.sql
12888[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-06-17.sql
12889[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-07-09.sql
12890[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-07-10.sql
12891[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-07-11.sql
12892[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-08-12.sql
12893[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-08-28.sql
12894[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-08-29.sql
12895[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-09-04.sql
12896[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-10-15.sql
12897[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-10-20.sql
12898[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.0-2018-10-21.sql
12899[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.10-2019-07-09.sql
12900[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.3-2019-01-12.sql
12901[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.3-2019-02-07.sql
12902[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.7-2019-04-23.sql
12903[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.7-2019-04-26.sql
12904[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.7-2019-05-16.sql
12905[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.8-2019-06-11.sql
12906[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/mysql/3.9.8-2019-06-15.sql
12907[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.0.0.sql
12908[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.0.1.sql
12909[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.0.2.sql
12910[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.0.3.sql
12911[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.0.sql
12912[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.1.sql
12913[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.2.sql
12914[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.3.sql
12915[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.4.sql
12916[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.1.5.sql
12917[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.0.sql
12918[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.1.sql
12919[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2013-12-22.sql
12920[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2013-12-28.sql
12921[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2014-01-08.sql
12922[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2014-01-15.sql
12923[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2014-01-18.sql
12924[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.2-2014-01-23.sql
12925[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.2.3-2014-02-20.sql
12926[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.3.0-2013-12-21.sql
12927[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.3.0-2014-02-16.sql
12928[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.3.0-2014-04-02.sql
12929[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.3.4-2014-08-03.sql
12930[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.3.6-2014-09-30.sql
12931[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2014-08-24.sql
12932[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2014-09-01.sql
12933[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2014-09-16.sql
12934[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2014-10-20.sql
12935[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2014-12-03.sql
12936[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2015-01-21.sql
12937[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.0-2015-02-26.sql
12938[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.4.4-2015-07-11.sql
12939[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2015-10-13.sql
12940[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2015-10-26.sql
12941[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2015-10-30.sql
12942[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2015-11-04.sql
12943[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2015-11-05.sql
12944[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.5.0-2016-03-01.sql
12945[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-04-01.sql
12946[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-04-08.sql
12947[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-04-09.sql
12948[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-05-06.sql
12949[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-06-01.sql
12950[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.0-2016-06-05.sql
12951[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.3-2016-08-15.sql
12952[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.3-2016-08-16.sql
12953[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.6.3-2016-10-04.sql
12954[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-08-06.sql
12955[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-08-22.sql
12956[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-08-29.sql
12957[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-09-29.sql
12958[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-10-01.sql
12959[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-10-02.sql
12960[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-11-04.sql
12961[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-11-19.sql
12962[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-11-21.sql
12963[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2016-11-24.sql
12964[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-01-08.sql
12965[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-01-09.sql
12966[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-01-15.sql
12967[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-01-17.sql
12968[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-01-31.sql
12969[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-02-02.sql
12970[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-02-15.sql
12971[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-02-17.sql
12972[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-03-03.sql
12973[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-03-09.sql
12974[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-04-10.sql
12975[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.0-2017-04-19.sql
12976[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.7.4-2017-07-05.sql
12977[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.0-2017-07-28.sql
12978[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.0-2017-07-31.sql
12979[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.2-2017-10-14.sql
12980[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.4-2018-01-16.sql
12981[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.6-2018-02-14.sql
12982[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.8-2018-05-18.sql
12983[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.8.9-2018-06-19.sql
12984[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-02.sql
12985[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-03.sql
12986[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-05.sql
12987[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-19.sql
12988[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-20.sql
12989[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-24.sql
12990[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-05-27.sql
12991[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-02.sql
12992[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-12.sql
12993[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-13.sql
12994[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-14.sql
12995[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-06-17.sql
12996[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-07-09.sql
12997[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-07-10.sql
12998[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-07-11.sql
12999[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-08-12.sql
13000[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-08-28.sql
13001[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-08-29.sql
13002[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-09-04.sql
13003[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-10-15.sql
13004[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-10-20.sql
13005[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.0-2018-10-21.sql
13006[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.10-2019-07-09.sql
13007[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.3-2019-01-12.sql
13008[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.3-2019-02-07.sql
13009[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.7-2019-04-23.sql
13010[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.7-2019-04-26.sql
13011[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.7-2019-05-16.sql
13012[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.8-2019-06-11.sql
13013[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/postgresql/3.9.8-2019-06-15.sql
13014[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.2-2012-03-05.sql
13015[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.3-2012-03-13.sql
13016[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-18.sql
13017[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.4-2012-03-19.sql
13018[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.5.sql
13019[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.6.sql
13020[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/2.5.7.sql
13021[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.0.0.sql
13022[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.0.1.sql
13023[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.0.2.sql
13024[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.0.3.sql
13025[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.0.sql
13026[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.1.sql
13027[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.2.sql
13028[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.3.sql
13029[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.4.sql
13030[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.1.5.sql
13031[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.0.sql
13032[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.1.sql
13033[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2013-12-22.sql
13034[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2013-12-28.sql
13035[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2014-01-08.sql
13036[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2014-01-15.sql
13037[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2014-01-18.sql
13038[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.2-2014-01-23.sql
13039[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.2.3-2014-02-20.sql
13040[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.3.0-2014-02-16.sql
13041[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.3.0-2014-04-02.sql
13042[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.3.4-2014-08-03.sql
13043[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.3.6-2014-09-30.sql
13044[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2014-08-24.sql
13045[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2014-09-01.sql
13046[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2014-09-16.sql
13047[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2014-10-20.sql
13048[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2014-12-03.sql
13049[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2015-01-21.sql
13050[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.0-2015-02-26.sql
13051[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.4.4-2015-07-11.sql
13052[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2015-10-13.sql
13053[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2015-10-26.sql
13054[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2015-10-30.sql
13055[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2015-11-04.sql
13056[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2015-11-05.sql
13057[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.5.0-2016-03-01.sql
13058[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-04-01.sql
13059[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-04-06.sql
13060[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-04-08.sql
13061[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-04-09.sql
13062[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-05-06.sql
13063[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-06-01.sql
13064[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.0-2016-06-05.sql
13065[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.3-2016-08-15.sql
13066[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.6.3-2016-08-16.sql
13067[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-08-06.sql
13068[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-08-22.sql
13069[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-08-29.sql
13070[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-09-29.sql
13071[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-10-01.sql
13072[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-10-02.sql
13073[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-11-04.sql
13074[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-11-19.sql
13075[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2016-11-24.sql
13076[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-01-08.sql
13077[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-01-09.sql
13078[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-01-15.sql
13079[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-01-17.sql
13080[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-01-31.sql
13081[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-02-02.sql
13082[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-02-15.sql
13083[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-02-16.sql
13084[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-02-17.sql
13085[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-03-03.sql
13086[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-03-09.sql
13087[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-04-10.sql
13088[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.0-2017-04-19.sql
13089[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.7.4-2017-07-05.sql
13090[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.0-2017-07-28.sql
13091[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.0-2017-07-31.sql
13092[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.2-2017-10-14.sql
13093[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.4-2018-01-16.sql
13094[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.6-2018-02-14.sql
13095[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.8-2018-05-18.sql
13096[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.8.9-2018-06-19.sql
13097[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-02.sql
13098[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-03.sql
13099[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-05.sql
13100[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-19.sql
13101[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-20.sql
13102[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-24.sql
13103[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-05-27.sql
13104[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-06-02.sql
13105[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-06-12.sql
13106[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-06-13.sql
13107[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-06-14.sql
13108[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-06-17.sql
13109[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-07-09.sql
13110[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-07-10.sql
13111[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-07-11.sql
13112[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-08-12.sql
13113[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-08-28.sql
13114[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-08-29.sql
13115[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-09-04.sql
13116[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-10-15.sql
13117[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-10-20.sql
13118[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.0-2018-10-21.sql
13119[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.10-2019-07-09.sql
13120[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.3-2019-01-12.sql
13121[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.3-2019-02-07.sql
13122[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.4-2019-03-06.sql
13123[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.7-2019-04-23.sql
13124[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.7-2019-04-26.sql
13125[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.7-2019-05-16.sql
13126[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.8-2019-06-11.sql
13127[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_admin/sql/updates/sqlazure/3.9.8-2019-06-15.sql
13128[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_banners/sql/install.mysql.utf8.sql
13129[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_banners/sql/uninstall.mysql.utf8.sql
13130[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_contact/sql/install.mysql.utf8.sql
13131[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_contact/sql/uninstall.mysql.utf8.sql
13132[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_finder/sql/install.mysql.sql
13133[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_finder/sql/install.postgresql.sql
13134[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_finder/sql/uninstall.mysql.sql
13135[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_finder/sql/uninstall.postgresql.sql
13136[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_newsfeeds/sql/install.mysql.utf8.sql
13137[I] http://www.municipalidaddeantofagasta.cl/administrator/components/com_newsfeeds/sql/uninstall.mysql.utf8.sql
13138[I] http://www.municipalidaddeantofagasta.cl/administrator/language/overrides/index.html
13139[I] http://www.municipalidaddeantofagasta.cl/administrator/logs/index.html
13140[I] http://www.municipalidaddeantofagasta.cl/administrator/manifests/packages/index.html
13141[I] http://www.municipalidaddeantofagasta.cl/administrator/templates/hathor/LICENSE.txt
13142[I] http://www.municipalidaddeantofagasta.cl/bin/index.html
13143[I] http://www.municipalidaddeantofagasta.cl/cache/index.html
13144[I] http://www.municipalidaddeantofagasta.cl/cli/index.html
13145[I] http://www.municipalidaddeantofagasta.cl/components/index.html
13146[I] http://www.municipalidaddeantofagasta.cl/images/index.html
13147[I] http://www.municipalidaddeantofagasta.cl/includes/index.html
13148[I] http://www.municipalidaddeantofagasta.cl/language/index.html
13149[I] http://www.municipalidaddeantofagasta.cl/language/overrides/index.html
13150[I] http://www.municipalidaddeantofagasta.cl/layouts/index.html
13151[I] http://www.municipalidaddeantofagasta.cl/layouts/joomla/error/index.html
13152[I] http://www.municipalidaddeantofagasta.cl/libraries/fof/LICENSE.txt
13153[I] http://www.municipalidaddeantofagasta.cl/libraries/fof/version.txt
13154[I] http://www.municipalidaddeantofagasta.cl/libraries/idna_convert/ReadMe.txt
13155[I] http://www.municipalidaddeantofagasta.cl/libraries/index.html
13156[I] http://www.municipalidaddeantofagasta.cl/media/editors/codemirror/mode/rpm/changes/index.html
13157[I] http://www.municipalidaddeantofagasta.cl/media/editors/tinymce/changelog.txt
13158[I] http://www.municipalidaddeantofagasta.cl/media/editors/tinymce/license.txt
13159[I] http://www.municipalidaddeantofagasta.cl/media/editors/tinymce/plugins/example/dialog.html
13160[I] http://www.municipalidaddeantofagasta.cl/media/editors/tinymce/templates/layout1.html
13161[I] http://www.municipalidaddeantofagasta.cl/media/editors/tinymce/templates/snippet1.html
13162[I] http://www.municipalidaddeantofagasta.cl/media/index.html
13163[I] http://www.municipalidaddeantofagasta.cl/media/jui/fonts/icomoon-license.txt
13164[I] http://www.municipalidaddeantofagasta.cl/modules/index.html
13165[I] http://www.municipalidaddeantofagasta.cl/plugins/index.html
13166[I] http://www.municipalidaddeantofagasta.cl/templates/index.html
13167[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/mysql/3.0.0.sql
13168[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/mysql/3.2.0.sql
13169[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/mysql/3.5.0-2016-03-01.sql
13170[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/postgresql/3.0.0.sql
13171[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/postgresql/3.2.0.sql
13172[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/postgresql/3.5.0-2016-03-01.sql
13173[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/sqlazure/3.0.0.sql
13174[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/sqlazure/3.2.0.sql
13175[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/cms/schema/stubs/sqlazure/3.5.0-2016-03-01.sql
13176[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/3des/1.txt
13177[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/3des/2.txt
13178[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/3des/3.txt
13179[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/3des/4.txt
13180[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/3des/5.txt
13181[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/blowfish/1.txt
13182[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/blowfish/2.txt
13183[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/blowfish/3.txt
13184[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/blowfish/4.txt
13185[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/blowfish/5.txt
13186[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/rijndael256/1.txt
13187[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/rijndael256/2.txt
13188[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/rijndael256/3.txt
13189[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/rijndael256/4.txt
13190[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/rijndael256/5.txt
13191[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/simple/1.txt
13192[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/simple/2.txt
13193[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/simple/3.txt
13194[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/simple/4.txt
13195[I] http://www.municipalidaddeantofagasta.cl/tests/unit/suites/libraries/joomla/crypt/cipher/stubs/encrypted/simple/5.txt
13196[I] http://www.municipalidaddeantofagasta.cl/tmp/index.html
13197[I] http://www.municipalidaddeantofagasta.cl/web.config.txt
13198[-] Searching Joomla Components ...
13199[I] mod_djimageslider
13200[I] mod_image_show_gk4
13201[I] mod_jem_teaser
13202[I] mod_news_pro_gk5
13203[I] Checking for Directory Listing Enabled ...
13204[-] Date & Time: 14/12/2019 15:54:07
13205[-] Completed in: 0:35:15
13206######################################################################################################################################
13207 Anonymous JTSEC #OpChili Full Recon #14